CISSP Security Domains

Question 1

Security and Risk Management

Answer 1

Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law

Question 2

Asset Security

Answer 2

securing digital and physical assets. It’s also related to the storage, maintenance, retention, and destruction of data.

Question 3

Security Architecture and Engineering

Answer 3

This domain focuses on optimizing data security by ensuring effective tools, systems, and processes are in place.

Question 4

Communication and Network Security

Answer 4

Manage and secure physical networks and wireless communication.

Question 5

Identity and Access Management

Answer 5

keeps data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications.

Question 6

Security Assessment and Testing

Answer 6

Conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities.

Question 7

Security Operations

Answer 7

conducting investigations and implementing preventative measures.

Question 8

Software Development Security

Answer 8

Uses secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services.