Question set 1

Question 1

1. What is the CISSP Triad?

Answer 1

-CIA = 1. Confidentiality 2. Integrity 3. Availability

Question 2

2. Definition of Confidentiality

Answer 2

Ensures that information is not compromised or shared amongst unauthorized participants

Question 3

3. Definition of Integrity

Answer 3

Ensures that data is not damaged or modified while either in transit or storage

Question 4

4. Definition of Availability

Answer 4

Ensures that information is always available at the time authorized users need it

Question 5

5. What are the 3 times data is secured?

Answer 5

1. In storage 2. In process 3. In transit

Question 6

6. General categories of controls

Answer 6

Administrative, technical, and physical

Question 7

7. Types of controls

Answer 7

Preventative, Deterrent, Corrective, Recovery, Detective, Directive, Compensation

Question 8

8. Preventative control

Answer 8

stop attack before beginning. Ex: firewalls, fence

Question 9

9. Deterrent control

Answer 9

discourage someone from trying. Ex: warning sign

Question 10

10. Corrective control

Answer 10

attack begins, but stops before damage occurs

Question 11

11. Recovery control

Answer 11

attack happens and causes damage, but control reverses damage

Question 12

12. Detective control

Answer 12

-detects attack but doesn’t do anything about attack

Question 13

13. Directive control

Answer 13

procedures to follow. Normally an administrative control

Question 14

14. Compensation control

Answer 14

No real control, but reaction after attack happens. Ex: insurance, lawyers

Question 15

15. What are some good operation security practices?

Answer 15

-separation of duties, job rotation, need to know, least privilege, personnel security, mandatory vacations, job action warnings or termination

Question 16

16. Separation of Duties

Answer 16

• Application of the principle of least privilege on administrative accounts
• Ensures one person cannot compromise an organization’s security

Question 17

17. Job rotation

Answer 17

• more than one person fulfills task or position

- small group of cross-trained employees who switch jobs and access settings every 3 to 6 months

Question 18

18. Need to know

Answer 18

• Individuals should only have access to information they need to know in order to do their job
• tied to least privilege

Question 19

19. Principle of least privilege

Answer 19

-individuals should have just enough access to do the task at hand and nothing more

Question 20

20. Due Diligence and Due Care

Answer 20

• Due Diligence=Do Detect

- Due Care=Do Correct

Question 21

21. Accountability

Answer 21

• Link processes/users to certain actions

- prohibit shared accounts

Question 22

22. Functions of change management

Answer 22

• Ensure change is implemented in orderly manner
• Analyze effect of the change
• Reduce negative impact

Question 23

23. Clipping Levels

Answer 23

• number of permitted failures before locking out

- errors below clipping level are ignored or considered par for the course or normal

Question 24

24. Data remanence

Answer 24

• data left on media after the media has been erased or cleaned

Question 25

25. Trusted recovery

Answer 25

• occurs when the system detects an unsafe, unstable, or insecure state
• blue screen is a good example