Module 2 - 01-2

Question 1

What does CISSP stand for?

Answer 1

Certified Information Systems Security Professional (CISSP)

Question 2

What are Core Security Concepts called?

Answer 2

Security Domains

Question 3

As of 2022, how many Security Domains has the CISSP defined?

Answer 3

Eight (8)

Question 4

What are the Eight CISSP Security Domains?

Answer 4

1) Security and Risk Management
2) Asset Security
3) Security Architecture and Engineering
4) Communication and Network Security
5) Identity and Access Management
6) Security Assessment and Testing
7) Security Operations
8) Software Development Security

Question 5

What is the First (1st) CISSP Security Domain?

Answer 5

1) Security and Risk Management

Question 6

Define (1) Security and Risk Management

Answer 6

Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law

Question 7

What is the Second (2nd) CISSP Security Domain?

Answer 7

2) Asset Security

Question 8

Define (2) Asset Security

Answer 8

Secures digital and physical assets.
It’s also related to the storage, maintenance, retention, and destruction of data.

Question 9

What is the Third (3rd) CISSP Security Domain?

Answer 9

3) Security Architecture and Engineering

Question 10

Define (3) Security Architecture and Engineering

Answer 10

Optimizes data security by ensuring effective tools, systems, and processes are in place

Question 11

What is the Fourth (4th) CISSP Security Domain?

Answer 11

4) Communication and Network Security

Question 12

Define (4) Communication and Network Security

Answer 12

Manage and secure physical networks and wireless communications

Question 13

What is the Fifth (5th) CISSP Security Domain?

Answer 13

5) Identity and Access Management

Question 14

Define (5) Identity and Access Management

Answer 14

Keeps data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications

Question 15

What is the Sixth (6th) CISSP Security Domain?

Answer 15

6) Security Assessment and Testing

Question 16

Define (6) Security Assessment and Testing

Answer 16

Conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities

Question 17

What is the Seventh (7th) CISSP Security Domain?

Answer 17

7) Security Operations

Question 18

Define (7) Security Operations

Answer 18

Conducting investigations and implementing preventative measures

Question 19

What is the Eighth (8th) CISSP Security Domain?

Answer 19

8) Software Development Security

Question 20

Define (8) Software Development Security

Answer 20

Uses secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services

Question 21

Define Firewall

Answer 21

A device used to monitor and filter incoming and outgoing computer network traffic

Question 22

What are some additional methods of attacks (6)?

Answer 22

Password Attack
Social Engineering Attack
Physical Attack
Adversarial Artificial Intelligence
Supply-Chain Attack
Cryptographic Attack

Question 23

Define Password Attack

Answer 23

An attempt to access password-secured devices, systems, networks, or data

Question 24

What are some forms of Password Attacks (2)?

Answer 24

• Brute Force
• Rainbow Table

Question 25

What CISSP Security Domain does Password Attacks fall under?

Answer 25

Communication and Network Security Domain

Question 26

Define Social Engineering Attack

Answer 26

A manipulation technique that exploits human error to gain private information, access, or valuables

Question 27

What are some forms of Social Engineering Attack (10)?

Answer 27

• Phishing
• Smishing
• Vishing
• Spear Phishing
• Whaling
• Social Media Phishing
• Business Email Compromise (BEC)
• Watering Hole Attack
• USB (Universal Serial Bus) Baiting
• Physical Social Engineering

Question 28

What CISSP Security Domain does Social Engineering Attacks fall under?

Answer 28

Security and Risk Management Domain

Question 29

Define Physical Attack

Answer 29

A security incident that affects not only digital but also physical environments where the incident is deployed

Question 30

What are some forms of Physical Attack (3)?

Answer 30

• Malicious USB Cable
• Malicious Flash Drive
• Card Cloning and Skimming

Question 31

What CISSP Security Domain does Physical Attack fall under?

Answer 31

Asset Security Domain

Question 32

Define Adversarial Artificial Intelligence

Answer 32

A technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently

Question 33

What CISSP Security Domain does Adversarial Artificial Intelligence fall under (2)?

Answer 33

• Communication and Network Security Domain
• Identity and Access Management Domain

Question 34

Define Supply-Chain Attack

Answer 34

Targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Question 35

What CISSP Security Domain does Supply-chain attack fall under (3)?

Answer 35

Supply-chain attacks can fall under several domains, including but not limited to the:

• Security and Risk Management,
• Security Architecture and Engineering, and
• Security Operations Domains.

Question 36

Define Cryptographic Attack

Answer 36

Affects secure forms of communication between a sender and intended recipient

Question 37

What are some forms of Cryptographic Attack (3)?

Answer 37

• Birthday
• Collision
• Downgrade

Question 38

What CISSP Security Domain does Cryptographic Attack fall under?

Answer 38

Communication and Network Security Domain

Question 39

Define Threat Actor

Answer 39

Any person or group who presents a security risk

Question 40

What are some Threat Actor types (3)?

Answer 40

• Advanced Persistent Threats
• Insider Threats
• Hacktivists

Question 41

What does APTs stand for?

Answer 41

Advanced Persistent Threats (APTs)

Question 42

Define APTs

Answer 42

Advanced Persistent Threats (APTs) have significant expertise accessing an organization’s network without authorization.
APTs tend to research their targets in advance and can remain undetected for an extended period of time.
Their intentions and motivations can include:
* Damaging critical infrastructure, such as the power grid and natural resources
* Gaining access to intellectual property, such as trade secrets or patents

Question 43

Define Insider Threats

Answer 43

Abuse their authorized access to obtain data that may harm an organization.
Their intentions and motivations can include:
* Sabotage
* Corruption
* Espionage
* Unauthorized data access or leaks

Question 44

Define Hacktivists

Answer 44

Threat actors that are driven by a political agenda.
They abuse digital technology to accomplish their goals, which may include:
* Demonstrations
* Propaganda
* Social change campaigns
* Fame

Question 45

Define Hacker

Answer 45

Any person who uses computers to gain access to computer systems, networks, or data

Question 46

What are some Hacker types (3)?

Answer 46

• Authorized Hackers are also called Ethical Hackers
• Semi-Authorized Hackers are considered Researchers
• Unauthorized Hackers are also called Unethical Hackers

Question 47

Define Authorized Hackers
(Ethical Hackers)

Answer 47

They follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.

Question 48

Define Semi-Authorized Hackers
(Researchers)

Answer 48

They search for vulnerabilities but don’t take advantage of the vulnerabilities they find.

Question 49

Define Unauthorized Hackers
(Unethical Hackers)

Answer 49

They are malicious threat actors who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain.

Question 50

Examples of security _____ include security and risk management and security architecture and engineering.

Answer 50

domains

Examples of security domains include security and risk management and security architecture and engineering.

Question 51

A security professional is asked to destroy and dispose of old hard drives that include confidential customer information. Which security domain is this task related to?

Answer 51

Asset security

This task is related to the asset security domain. This domain focuses on managing and securing digital and physical assets, as well as the storage, maintenance, retention, and destruction of data.

Question 52

Your supervisor asks you to audit user permissions for payroll data to ensure no unauthorized employees have access to it. Which security domain is this audit related to?

Answer 52

Security assessment and testing

This is related to security assessment and testing, which often involves regular audits of user permissions to make sure employees and teams have the correct level of access.

Question 53

You are asked to investigate an alert related to an unknown device that is connected to the company’s internal network. After you complete your investigation, you follow company policies and procedures to implement preventative measures that will stop the potential threat posed by the device. Which security domain is this scenario related to?

Answer 53

Security operations

This is related to the security operations domain, which is focused on conducting investigations and implementing preventative measures. In this scenario, following company policies and procedures to stop the potential threat is an example of taking preventative measures.