Module 1 - 02-1

Question 1

Define Security posture

Answer 1

An organization’s ability to manage its defense of critical assets and data and react to change

Question 2

What does CISSP stand for?

Answer 2

Certified Information Systems Security Professional (CISSP)

Question 3

What are the eight CISSP Security Domains (8)?

Answer 3

1. Security and Risk Management
2. Asset Security
3. Security Architecture and Engineering
4. Communication and Network Security
5. Identity and Access Management (IAM)
6. Security Assessment and Testing
7. Security Operations
8. Software Development Security

Question 4

What is the first (1st) CISSP Security Domain?

Answer 4

1. Security and Risk Management

Question 5

What is the second (2nd) CISSP Security Domain?

Answer 5

2. Asset Security

Question 6

What is the third (3rd) CISSP Security Domain?

Answer 6

3. Security Architecture and Engineering

Question 7

What is the fourth (4th) CISSP Security Domain?

Answer 7

4. Communication and Network Security

Question 8

What is the fifth (5th) CISSP Security Domain?

Answer 8

5. Identity and Access Management (IAM)

Question 9

What is the sixth (6th) CISSP Security Domain?

Answer 9

6. Security Assessment and Testing

Question 10

What is the seventh (7th) CISSP Security Domain?

Answer 10

7. Security Operations

Question 11

What is the eight (8th) CISSP Security Domain?

Answer 11

8. Software Development Security

Question 12

What areas does the first (1st) Security Domain, Security and Risk Management, focus on (6)?

Answer 12

Defining Security Goals and Objectives,
Risk Mitigation,
Compliance,
Business Continuity,
Legal Regulations,
Professional and Organizational Ethics

Question 13

Define how Security Goals and Objectives pertains to the Security and Risk Management Domain

Answer 13

Organizations can reduce risks to critical assets and data like PII, or personally identifiable information

Question 14

Define how Risk Mitigation pertains to the Security and Risk Management Domain

Answer 14

Having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

Question 15

Define how Compliance pertains to the Security and Risk Management Domain

Answer 15

The primary method used to develop an organization’s internal security policies, regulatory requirements, and independent standards

Question 16

Define how Business Continuity pertains to the Security and Risk Management Domain

Answer 16

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

Question 17

Define how Legal Regulations pertains to the Security and Risk Management Domain

Answer 17

Following rules and expectations for ethical behavior to minimize negligence, abuse, or fraud

Question 18

Define Risk Mitigation

Answer 18

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

Question 19

Define Business Continuity

Answer 19

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

Question 20

What does InfoSec stand for?

Answer 20

Information Security

Question 21

Which CISSP Security Domain does InfoSec relate to?

Answer 21

CISSP Security and Risk Management Security Domain

Question 22

What does InfoSec refer to?

Answer 22

A set of processes established to secure information

Question 23

What are some InfoSec design processes (5)?

Answer 23

• Incident response
• Vulnerability management
• Application security
• Cloud security
• Infrastructure security

Question 24

What area does the second (2nd) Security Domain, Asset Security, focus on?

Answer 24

Securing Digital and Physical Assets.
It involves managing the cybersecurity processes of organizational assets, including the storage, maintenance, retention, and destruction of physical and virtual data

Question 25

What area does the third (3rd) Security Domain, Security Architecture and Engineering, focus on?

Answer 25

Optimizing data security by ensuring effective tools, systems, and processes are in place to protect an organization’s assets and data

Question 26

What is one of the core concepts of Secure Design Architecture?

Answer 26

Shared Responsibility

Question 27

Define Shared Responsibility

Answer 27

All individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security

Question 28

What additional design principles that relate to the Security Architecture and Engineering Security Domain (8)?

Answer 28

• Threat modeling
• Least privilege
• Defense in depth
• Fail securely
• Separation of duties
• Keep it simple
• Zero trust
• Trust but verify

Question 29

What area does the fourth (4th) Security Domain, Communication and Setwork Security, focus on?

Answer 29

Managing and securing physical networks and wireless communications

Question 30

What area does the fifth (5th) Security Domain, Identity and Access Management (IAM), focus on?

Answer 30

Access and authorization to keep data secure by making sure users follow established policies to control and manage assets.
Basically, the goal of IAM is to reduce the overall risk to systems and data.

Question 31

What does IAM stand for?

Answer 31

Identity and Access Management (IAM)

Question 32

What are the four main components to Identity and Access Management (IAM)?

Answer 32

i. Identification
ii. Authentication
iii. Authorization
iv. Accountability

Question 33

Define how Identification pertains to the Identity and Access Management (IAM) Domain

Answer 33

A user verifies who they are by providing a user name, an access card, or biometric data such as a fingerprint

Question 34

Define how Authentication pertains to the Identity and Access Management (IAM) Domain

Answer 34

The verification process to prove a person’s identity, such as entering a password or PIN

Question 35

Define how Authorization pertains to the Identity and Access Management (IAM) Domain

Answer 35

Takes place after a user’s identity has been confirmed and relates to their level of access, which depends on the role in the organization

Question 36

Define how Accountability pertains to the Identity and Access Management (IAM) Domain

Answer 36

Monitoring and recording user actions, like login attempts, to prove systems and data are used properly

Question 37

What principle does the Identity and Access Management (IAM) Domain use?

Answer 37

Least Privilege

Question 38

What is the concept of Least Privilege?

Answer 38

The concept of granting only the minimal access and authorization required to complete a task

Question 39

What area does the sixth (6th) Security Domain, Security Assessment and Testing, focus on?

Answer 39

Conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities

Question 40

What is another name for Penetration Testers?

Answer 40

Pen Testers

Question 41

What is the primary action of Pen Testers?

Answer 41

To find vulnerabilities that could be exploited by a threat actor

Question 42

What area does the seventh (7th) Security Domain, Security Operations, focus on?

Answer 42

Conducting investigations and implementing preventative measures

Question 43

What strategies, processes, and tools can be used to implement preventative measures for the Security Operations Domain (9)?

Answer 43

• Training and awareness
• Reporting and documentation
• Intrusion detection and prevention
• SIEM tools
• Log management
• Incident management
• Playbooks
• Post-breach forensics
• Reflecting on lessons learned

Question 44

What area does the eight (8th) Security Domain, Software Development Security, focus on?

Answer 44

Using secure coding practices
(programming practices and guidelines to create secure applications)

Question 45

Match each CISSP security domain to its area of focus:
Optimizing data security by using effective tools, systems, and processes

CISSP security domain:

Security and risk management
Asset security
Security architecture and engineering
Communication and network security

Answer 45

Security architecture and engineering

Question 46

Match each CISSP security domain to its area of focus:
Security goals and objectives, risk mitigation, compliance, business continuity, and the law

CISSP security domain:

Security and risk management
Asset security
Security architecture and engineering
Communication and network security

Answer 46

Security and risk management

Question 47

Match each CISSP security domain to its area of focus:
Managing and securing physical networks and wireless communications

CISSP security domain:

Security and risk management
Asset security
Security architecture and engineering
Communication and network security

Answer 47

Communication and network security

Question 48

Match each CISSP security domain to its area of focus:
Securing assets; storage, maintenance, retention, and destruction of data

CISSP security domain:

Security and risk management
Asset security
Security architecture and engineering
Communication and network security

Answer 48

Asset security

Question 49

Match each CISSP security domain to its area of focus:
Using secure coding practices to create secure applications and services

CISSP security domain:

Identity and access management
Security assessment and testing
Security operations
Software development security

Answer 49

Software development security

Question 50

Match each CISSP security domain to its area of focus:
Conducting investigations and implementing preventative measures

CISSP security domain:

Identity and access management
Security assessment and testing
Security operations
Software development security

Answer 50

Security operations

Question 51

Match each CISSP security domain to its area of focus:
Using access, authorization, and established policies to secure data and manage assets

CISSP security domain:

Identity and access management
Security assessment and testing
Security operations
Software development security

Answer 51

Identity and access management

Question 52

Match each CISSP security domain to its area of focus:
Conducting security control testing and audits, collecting and analyzing data

CISSP security domain:

Identity and access management
Security assessment and testing
Security operations
Software development security

Answer 52

Security assessment and testing

Question 53

The _____ domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets.

communication and network security
identity and access management
security operations
asset security

Answer 53

identity and access management

Question 54

What is the focus of the security and risk management domain?

Optimize data security by ensuring effective processes are in place
Manage and secure wireless communications
Secure physical networks and wireless communications
Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations

Answer 54

Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations

Question 55

In which domain would a security professional conduct security control testing; collect and analyze data; and perform security audits to monitor for risks, threats, and vulnerabilities?

Communication and network engineering
Security architecture and engineering
Security assessment and testing
Identity and access management

Answer 55

Security assessment and testing

Question 56

The _____ domain concerns conducting investigations and implementing preventive measures.

asset security
software development security
security operations
communications and networking engineering

Answer 56

security operations