CISSP-Security and Risk Management-Domain 1 Flashcards
What does SPOF stand for?
Single Point Of Failure
What does the acronym SOX stand for?
Sarbanes-Oxley Act of 2002
What is Due Care?
Due Care is the care a reasonable person would exercise under given circumstances.
What is CSMA/CA
Carrier Sense Multiple Access with Collision Avoidance
Uses acknowledgements, if no acknowledgement, sends information again.
Definition of Security Analyst
Works at the high level of security, helping develop policies and standards.
Definition of Data Owner
Usually a member of management who is ultimately responsible for the protection and use of a specific subset of information.
ISO/IEC 27799 is for?
Health Informatics - Information Security Management in Health
ISO/IEC 27004 is for?
Guideline for information security management measurement and metrics framework
What Protocol uses Port 80?
HTTP
Describe ISO 31000 - Risk Management
ISO 31000 is a family of standards relating to risk management codified by the International Organization for Ssandardization.
What does MTD stand for?
Maximum Tolerable Downtime
What are the 8 CISSP domains?
Security and Risk Management Asset Security Security Engineering Communications and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security
What are the OSI layers?
Physical Data Network Transport Session Presentation Application
LANs, WANs, MANs, GANs, PANs
Local Area Network Wide Area Network Metropolitan Area Network Global Area Network Personal Area Network
What Protocol uses Port 110?
POPv3
Definition of Data Custodian
Responsible for maintaining and protecting the data.
What is COBIT?
Set of control objectives for IT management.
Control OBectives for Information and related Technology
What does the acronym ISMS stand for?
Information Security Management System
What is Due Dilligence?
Due Diligence is a preemptive measure made to avoid harm to other persons or their property.
What layer is IP on?
Layer 3
What Protocol uses Port 53?
DNS UDP and TCP
What does BIA stand for?
Business Impact Analysis
Definition of a Control
A Safeguard that is put in place to reduce a risk, also called a countermeasure.
What does the acronym FMEA stand for?
Failure Mode and Effect Analysis
What Protocol uses Port 443?
HTTPS
What Protocol uses Port 143?
IMAP
ISO/IEC 27002 is for?
Code of practice for information security management
What is Fullduplex
Sends and receives communications simultaneously
What is ARP
Address Resolution Protocol
Used to translate layer 2 MAC addresses to layer 3 IP Addresses. Used to find the the MAC address
Analog vs Digital definition
Analog communications are a continuous wave of information. Digital communications are on and off (true and fale, 1’s and 0’s)
What is the Delphi Technique
A group decision method used to ensure that each member gives an honest opinion of what he or she thinks the result of a particular threat will be.
What does the acronym MODAF stand for?
British Ministry Of Defense Architecture Framework
For door security, fail-secure defaults to?
Unlocked or Locked
Locked
What is SOMAP?
SOMAP is a Swiss nonprofit organization whose goal is to run an open information security management project and maintain free and open tools and document under the GNU license
What layer is TCP and UDP on?
Layer 4
What is RARP
Reverse Address Resolution Protocol
Used to translate layer 3 IP addresses to layer 2 MAC addresses. Used to find the IP Address
What is the difference between tangible and intangible assets?
Tangible assets have a physical presence.
Intangible assets do not have a physical presence.
What is CSMA/CD
Carrier Sense Multiple Access with Collision Detection
Waits until the network is idle before transmitting
Definition of Vulnerability
A lack of a countermeasure or weakness in a countermeasure that is in place.
What is the definition of Half-duplex
Sends and receives communication, one way at a time (not simultaneously)
Circuit Switch Network vs Packet Switch Network
Circuit Switch Networks holds the dedicated circuit up until the communication is over. Packet switch networks break communications down on packets, and send over many circuits.
What equation do you use to get Single Loss Exposure?
Asset Value x Exposure Factor (EF)
What are the three types of Network Address Translation
Static NAT: one to one
Pool NAT: Reserved and assigned as needed.
Port Address Translation: one to many private IP Addresses, uses port numbers
Single Loss Exposure (SLE) x Annualized Rate of Occurrence = ?
Annual Loss Expectancy?