Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Course 002 - Play It Safe: Manage Security Risks > Module 1 - 02-1 > Flashcards

Module 1 - 02-1 Flashcards

More about the CISSP security domains

1
Q

Define Security posture

A

An organization’s ability to manage its defense of critical assets and data and react to change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does CISSP stand for?

A

Certified Information Systems Security Professional (CISSP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the eight CISSP Security Domains (8)?

A
  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communication and Network Security
  5. Identity and Access Management (IAM)
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the first (1st) CISSP Security Domain?

A
  1. Security and Risk Management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the second (2nd) CISSP Security Domain?

A
  1. Asset Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the third (3rd) CISSP Security Domain?

A
  1. Security Architecture and Engineering
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the fourth (4th) CISSP Security Domain?

A
  1. Communication and Network Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the fifth (5th) CISSP Security Domain?

A
  1. Identity and Access Management (IAM)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the sixth (6th) CISSP Security Domain?

A
  1. Security Assessment and Testing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the seventh (7th) CISSP Security Domain?

A
  1. Security Operations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the eight (8th) CISSP Security Domain?

A
  1. Software Development Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What areas does the first (1st) Security Domain, Security and Risk Management, focus on (5)?

A
  • Defining Security Goals and Objectives,
  • Risk Mitigation,
  • Compliance,
  • Business Continuity,
  • Legal Regulations
    (Professional and Organizational Ethics)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define how Security Goals and Objectives pertains to the Security and Risk Management Domain

A

Organizations can reduce risks to critical assets and data like PII, or personally identifiable information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define how Risk Mitigation pertains to the Security and Risk Management Domain

A

Having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define how Compliance pertains to the Security and Risk Management Domain

A

The primary method used to develop an organization’s internal security policies, regulatory requirements, and independent standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define how Business Continuity pertains to the Security and Risk Management Domain

A

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Define how Legal Regulations pertains to the Security and Risk Management Domain

A

Following rules and expectations for ethical behavior to minimize negligence, abuse, or fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Define Risk Mitigation

A

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Define Business Continuity

A

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What does InfoSec stand for?

A

Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which CISSP Security Domain does InfoSec relate to?

A

CISSP Security and Risk Management Security Domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What does InfoSec refer to?

A

A set of processes established to secure information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are some InfoSec design processes (5)?

A
  • Incident response
  • Vulnerability management
  • Application security
  • Cloud security
  • Infrastructure security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What area does the second (2nd) Security Domain, Asset Security, focus on?

A

Securing Digital and Physical Assets.
It involves managing the cybersecurity processes of organizational assets, including the storage, maintenance, retention, and destruction of physical and virtual data

25
Q

What can an organization do to determine the level of risk associated with an asset (3)?

A
  • Conducting a security impact analysis
  • Establishing a recovery plan
  • Managing data exposure
26
Q

What area does the third (3rd) Security Domain, Security Architecture and Engineering, focus on?

A

Optimizing data security by ensuring effective tools, systems, and processes are in place to protect an organization’s assets and data

27
Q

What is one of the core concepts of Secure Design Architecture?

A

Shared Responsibility

28
Q

Define Shared Responsibility

A

All individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security

29
Q

What additional design principles that relate to the Security Architecture and Engineering Security Domain (8)?

A
  • Threat modeling
  • Least privilege
  • Defense in depth
  • Fail securely
  • Separation of duties
  • Keep it simple
  • Zero trust
  • Trust but verify
30
Q

What area does the fourth (4th) Security Domain, Communication and Setwork Security, focus on?

A

Managing and securing physical networks and wireless communications

31
Q

What area does the fifth (5th) Security Domain, Identity and Access Management (IAM), focus on?

A

Access and authorization to keep data secure by making sure users follow established policies to control and manage assets.

Basically, the goal of IAM is to reduce the overall risk to systems and data.

32
Q

What does IAM stand for?

A

Identity and Access Management (IAM)

33
Q

What are the four main components to Identity and Access Management (IAM)?

A

i. Identification
ii. Authentication
iii. Authorization
iv. Accountability

34
Q

Define how Identification pertains to the Identity and Access Management (IAM) Domain

A

A user verifies who they are by providing a user name, an access card, or biometric data such as a fingerprint

35
Q

Define how Authentication pertains to the Identity and Access Management (IAM) Domain

A

The verification process to prove a person’s identity, such as entering a password or PIN

36
Q

Define how Authorization pertains to the Identity and Access Management (IAM) Domain

A

Takes place after a user’s identity has been confirmed and relates to their level of access, which depends on the role in the organization

37
Q

Define how Accountability pertains to the Identity and Access Management (IAM) Domain

A

Monitoring and recording user actions, like login attempts, to prove systems and data are used properly

38
Q

What principle does the Identity and Access Management (IAM) Domain use?

A

Least Privilege

39
Q

What is the concept of Least Privilege?

A

The concept of granting only the minimal access and authorization required to complete a task

40
Q

What area does the sixth (6th) Security Domain, Security Assessment and Testing, focus on?

A

Conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities

41
Q

What is another name for Penetration Testers?

A

Pen Testers

42
Q

What is the primary action of Pen Testers?

A

To find vulnerabilities that could be exploited by a threat actor

43
Q

What area does the seventh (7th) Security Domain, Security Operations, focus on?

A

Conducting investigations and implementing preventative measures

44
Q

What strategies, processes, and tools can be used to implement preventative measures for the Security Operations Domain (9)?

A
  • Training and awareness
  • Reporting and documentation
  • Intrusion detection and prevention
  • SIEM tools
  • Log management
  • Incident management
  • Playbooks
  • Post-breach forensics
  • Reflecting on lessons learned
45
Q

What area does the eight (8th) Security Domain, Software Development Security, focus on?

A

Using secure coding practices
(programming practices and guidelines to create secure applications and services)

46
Q

Match each CISSP security domain to its area of focus:
Optimizing data security by using effective tools, systems, and processes

CISSP security domain:

  • Security and risk management
  • Asset security
  • Security architecture and engineering
  • Communication and network security
A

Security architecture and engineering

47
Q

Match each CISSP security domain to its area of focus:
Security goals and objectives, risk mitigation, compliance, business continuity, and the law

CISSP security domain:

  • Security and risk management
  • Asset security
  • Security architecture and engineering
  • Communication and network security
A

Security and risk management

48
Q

Match each CISSP security domain to its area of focus:
Managing and securing physical networks and wireless communications

CISSP security domain:

  • Security and risk management
  • Asset security
  • Security architecture and engineering
  • Communication and network security
A

Communication and network security

49
Q

Match each CISSP security domain to its area of focus:
Securing assets; storage, maintenance, retention, and destruction of data

CISSP security domain:

  • Security and risk management
  • Asset security
  • Security architecture and engineering
  • Communication and network security
A

Asset security

50
Q

Match each CISSP security domain to its area of focus:
Using secure coding practices to create secure applications and services

CISSP security domain:

  • Identity and access management
  • Security assessment and testing
  • Security operations
  • Software development security
A

Software development security

51
Q

Match each CISSP security domain to its area of focus:
Conducting investigations and implementing preventative measures

CISSP security domain:

  • Identity and access management
  • Security assessment and testing
  • Security operations
  • Software development security
A

Security operations

52
Q

Match each CISSP security domain to its area of focus:
Using access, authorization, and established policies to secure data and manage assets

CISSP security domain:

  • Identity and access management
  • Security assessment and testing
  • Security operations
  • Software development security
A

Identity and access management

53
Q

Match each CISSP security domain to its area of focus:
Conducting security control testing and audits, collecting and analyzing data

CISSP security domain:

  • Identity and access management
  • Security assessment and testing
  • Security operations
  • Software development security
A

Security assessment and testing

54
Q

The _____ domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets.

  • communication and network security
  • identity and access management
  • security operations
  • asset security
A

identity and access management

55
Q

What is the focus of the security and risk management domain?

  • Optimize data security by ensuring effective processes are in place
  • Manage and secure wireless communications
  • Secure physical networks and wireless communications
  • Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations
A

Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations

56
Q

In which domain would a security professional conduct security control testing; collect and analyze data; and perform security audits to monitor for risks, threats, and vulnerabilities?

  • Communication and network engineering
  • Security architecture and engineering
  • Security assessment and testing
  • Identity and access management
A

Security assessment and testing

57
Q

The _____ domain concerns conducting investigations and implementing preventive measures.

  • asset security
  • software development security
  • security operations
  • communications and networking engineering
A

security operations

58
Q

Define Asset Security

A

Focused on securing digital and physical assets. It’s also related to the storage, maintenance, retention, and destruction of data.

Course 002 - Play It Safe: Manage Security Risks (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions