CISSP ch 2

Question 1

IAM

Answer 1

identity and access management

Provision the account and assign necessary privileges and access

Question 2

AUP

Answer 2

acceptable use policy

Question 3

UBA

Answer 3

User behavior analytics

Question 4

UEBA

Answer 4

User and entity behavior analytics

Question 5

VMS

Answer 5

Vendor management system

Software that assists with the management and procurement of staffing services, hardware, software, and other needed products and services

Question 6

PCI DSS

Answer 6

Payment card industry data security standard

Question 7

FERPA

Answer 7

Family educational rights and privacy act

Question 8

AV

Answer 8

Asset value

Question 9

EF

Answer 9

exposure factor

Question 10

Risk

Answer 10

Possibility that a threat will exploit a vulnerability to cause harm to an asset and the severity of damage that could result

Threat x vulnerability

Probability of harm x severity of harm

Question 11

Attack

Answer 11

Intentional attempt to exploit a vulnerability to cause damage, loss or disclosure of assets

Question 12

Breach

Answer 12

Successful attack

Intrusion, penetration

Question 13

ACS

Answer 13

Annual cost of safeguard

Question 14

SCA

Answer 14

security control assessment

Formal evaluation of a security infrastructure’s individual mechanisms against a baseline or reliability expectation

Question 15

ERM

Answer 15

enterprise risk management

Question 16

RMM

Answer 16

risk maturity model, 5 levels
Ad hoc, preliminary, defined, integrated, optimized

Question 17

RMM lv 1

Answer 17

Ad hoc

Chaotic starting point

Question 18

RMM lv 2

Answer 18

Preliminary

Loose attempts to follow risk management processes, each department may perform risk assessment uniquely

Question 19

RMM lv 3

Answer 19

Defined

A common or standardized risk framework is adopted org wide

Question 20

RMM lv 4

Answer 20

Integrated

Risk management operations are integrated into business processes

Metrics are used to gather effectiveness data

Risk is considered an element in business strategy

Question 21

RMM lv 5

Answer 21

Optimized

Focus on achieving objectives rather than just reacting to external threats

Increased strategic planning

Lessons learned are reintegrated into risk management process

Question 22

EOL

Answer 22

End of life

Question 23

EOS / EOSL

Answer 23

End of support / end of service life

Question 24

RMF

Answer 24

NIST risk management framework, 6 cyclical phases

Prepare
Categorize (systems)
Select (controls)
Implement (controls)
Assess (controls)
Authorize (system)
Monitor (system and controls)

Question 25

CSF

Answer 25

NIST cyber security framework

Question 26

ISO/IEC 31000

Answer 26

Risk management - guidelines

Question 27

OCTAVE

Answer 27

Another risk management framework

Question 28

FAIR

Answer 28

Another risk management framework

Question 29

TARA

Answer 29

Another risk management framework

Question 30

Smishing

Answer 30

SMS phishing

Question 31

SPIM

Answer 31

Spam over instant messaging

Question 32

Piggybacking

Answer 32

Unauthorized entity gains access to a facility by tricking worker into providing consent

Question 33

Typo squatting

Answer 33

Capture and redirect traffic when a user mistypes the domain name or IP address of an intended resource

Question 34

BEC

Answer 34

Business email compromise

Question 35

SPF

Answer 35

Sender policy framework

Anti spam tool

identify the mail servers that are allowed to send email for a given domain

Question 36

DKIM

Answer 36

Domain keys identified mail

Anti spam tool

email authentication method that uses a digital signature to let the receiver of an email know that the message was sent and authorized by the owner of a domain.

Question 37

DMARC

Answer 37

Domain message authentication reporting and conformance

Anti spam tool

give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing.