CISSP General

Question 1

Change Management Process

Answer 1

1. Request the Change
2. Review the change
3. approve or reject
4. test the change
5. schedule and implement
6. document the change

Question 2

Info lifecycle

Answer 2

1. Creation
2. classification
3. Storage
4. usage (data in transit/use)
5. archive
6. destruction

Question 3

SCAP

Answer 3

Security Content Automation Protocol

framework for discussing and facilitate automation of process between applications

Question 4

CVE

Answer 4

Common Vulnerability and Assessment

• naming system to describe security vulnerabilities
• Part of SCAP

Question 5

CVSS

Answer 5

Common Vulnerability Scoring System

• standardized scoring system to describe severity of vulnerabilities
• Part of SCAP

Question 6

CCE

Answer 6

Common Configuration Enumeration

• naming system for system configuration issues
• Part of SCAP

Question 7

XCCDF

Answer 7

Extensible Configuration Checklist Description Format

• language for specifying computer checklists
• Part of SCAP

Question 8

OVAL

Answer 8

Open Vulnerability Assessment Language

• language for describing security testing procedures
• Part of SCAP

Question 9

Change Management Process

Answer 9

1. Request the change
2. Review the change
3. Approve/reject
4. test
5. schedule and implement
6. document