Exam (elaborations)
CISSP EXAM QUESTIONS AND ANSWERS WITH SOLUTIONS 2024
- Course
- Institution
CISSP EXAM QUESTIONS AND ANSWERS WITH SOLUTIONS 2024
[Show more]
Content preview
CISSP EXAM QUESTIONS ANDANSWERS WITH SOLUTIONS 2024
CIA Triangle - ANSWER Cornerstone of infosec. Confidentiality, Integrity, Availability
Confidentiality (CIA Triangle) - ANSWER prevention of unauthorized disclosure of information; prevention
of unauthorized read access to data
Integrity (CIA Triangle) - ANSWER prevention of unauthorized modification of data; prevention of
unauthorized write access to data
Availability (CIA Triangle) - ANSWER ensures data is available when needed to authorized users
Opposing forces to CIA - ANSWER DAD: disclosure, alteration, destruction
identification - ANSWER the process by which a subject professes an identity and accountability is initiated;
ex: typing a username, swiping a smart card, waving a proximity device (badging in), speaking a phrase,
etc - always a two step process with authenticating
authentication - ANSWER verification that a person is who they say they are; ex: entering a password or
PIN, biometrics, etc - always a two step process with identifying
authorization - ANSWER verification of a person's access or privileges to applicable data
auditing (monitoring) - ANSWER recording a log of the events and activities related to the system and
subjects
accounting (accountability) - ANSWER reviewing log files to check for compliance and violations in order
to hold subjects accountable for their actions
non-repudiation - ANSWER a user cannot deny having performed a specific action
,subject - ANSWER an entity that performs active functions to a system; usually a person, but can also be
script or program designed to perform actions on data
object - ANSWER any passive data within the system
ISC2 Code of Ethics Canons (4) - ANSWER 1. protect society, commonwealth, infrastructure
2. act honorably, justly, responsibly, legally
3. provide diligent and competent service
4. advance and protect the profession
strictly applied in order; exam questions in which multiple canons could be the answer, choose the highest
priority per this order
policy - ANSWER mandatory high level management directives; components of policy
1. purpose: describes the need for policy
2. scope: what systems, people, facilities, organizations are covered
3. responsibilities: specific duties of involved parties
4. compliance: effectiveness of policy, violations of policy
procedure - ANSWER low level step by step guide for accomplishing a task
standard - ANSWER describes the specific use of technology applied to hardware or software; mandatory
guideline - ANSWER discretionary recommendations (e.g. not mandatory)
baseline - ANSWER a uniform way of implementing a standard
3 access/security control categories - ANSWER 1. administrative: implemented by creating org policy,
procedure, regulation. user awareness/training also fall here
, 2. technical: implemented using hardware, software, firmware that restricts logical access to a system
3. physical: locks, fences, walls, etc
preventive access control
(can be administrative, technical, physical) - ANSWER prevents actions from occurring by applying
restrictions on what a user can do. example: privilege level
detective access control
(can be administrative, technical, physical) - ANSWER controls that alert during or after a successful attack;
alarm systems, or closed circuit tv
corrective access control
(can be administrative, technical, physical) - ANSWER repairing a damaged system; often works hand in
hand with detective controls (e.g. antivirus software)
recovery access control
(can be administrative, technical, physical) - ANSWER controls to restore a system after an incident has
occurred;
deterrent access control
(can be administrative, technical, physical) - ANSWER deters users from performing actions on a system
compensating access control
(can be administrative, technical, physical) - ANSWER additional control used to compensate for
weaknesses in other controls as needed
risk formula - ANSWER risk = threat x vulnerability x impact
market approach (for calculating intangible assets) - ANSWER assumes the fair value of an asset reflects
the price which comparable assets have been purchased in transactions under similar circumstances
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Performance. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
83100 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now