Exam (elaborations)
CISSP OSG QUESTIONS AND ANSWERS WITH SOLUTIONS 2024
- Course
- Institution
CISSP OSG QUESTIONS AND ANSWERS WITH SOLUTIONS 2024
[Show more]
Content preview
CISSP OSG QUESTIONS AND ANSWERSWITH SOLUTIONS 2024
What are the three common types of security evaluation? - ANSWER Risk Assessment, Vulnerability
Assessment and Penetration testing
What is a risk assessment? - ANSWER Risk assessment is the process of identifying assets , threats, and
vulnerabilities, and then using that information to calculate risk
What is a vulnerability assessment? - ANSWER A vulnerability assessment uses automated tools to locate
known security weaknesses, which can be addressed by adding in more defences or adjusting existing
protections
What is penetration testing? - ANSWER Penetration testing uses trusted individuals to stress-test the
security infrastructure to find issues that may not be discovered by other means.
What is confidentiality? - ANSWER Confidentiality is the concept of the measures used to ensure the
protection of the secrecy of data, objects, or resources
What is the goal of confidentiality? - ANSWER Prevent or minimize unauthorized access to data.
Encryption, network traffic padding, strict access control, rigorous authentication procedures data
classification help support what? - ANSWER Confidentiality
What is sensitivity? - ANSWER Sensitivity refers to the quality of information, which could harm or
damage if disclosed
What is discretion? - ANSWER Discretion is an act of decision where an operator can influence or control
disclosure in order to minimise harm or damage
What is criticality? - ANSWER The level to which information is mission critical is its measure of criticality,
the more likely the need to maintain the confidentiality of the information
,What is concealment? - ANSWER Concealment is the act of hiding or preventing disclosure.
What is secrecy? - ANSWER Secrecy is the act of keeping something a secret or preventing the disclosure
of information
What is privacy? - ANSWER Privacy refers to keeping information confidential that is personally
identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed
What is seclusion? - ANSWER Seclusion involves storing something in an out-of-the-way location, likely
with strict access controls
What is isolation? - ANSWER Isolation is the act of keeping something separated from others
What is integrity? - ANSWER Integrity is the concept of protecting the reliability and correctness of data.
What does integrity protection prevent? - ANSWER Integrity protection prevents unauthorised
alterations of data
What are 5 countermeasures to ensure integrity against possible threats? - ANSWER Strict access
controls, rigorous authentication procedures, intrusion detection systems, object/data encryption and
hash verifications
What are the seven aspects of integrity? - ANSWER Accuracy, truthfulness, validity, accountability,
responsibility, completeness and comprehensiveness
What is availability? - ANSWER Availability means authorised subjects are granted timely and
uninterrupted access to objects.
What are 6 threats to availability? - ANSWER Device failure, software errors, environmental issues, DOS
attacks, object destruction and communication interruptions
,What are 6 countermeasures that can ensure availability against possible threats? - ANSWER
Intermediary delivery systems, effective access controls, performance monitoring, firewalls/routers,
redundancy for critical systems and lastly, backups systems.
What are the three aspects of availability? - ANSWER Usability, Accessibility and Timeliness
What is the opposite of the CIA triad? - ANSWER The DAD Triad, Disclosure, Alteration and Destruction
When does disclosure occur? - ANSWER Disclosure occurs when sensitive or confidential material is
accessed by unauthorised entities
When does alteration occur? - ANSWER Alteration occurs when data is either maliciously or accidentally
changed.
When does destruction occur? - ANSWER Destruction occurs when a resource is damaged or made
inaccessible to authorised users.
Overprotecting confidentiality can result in a restriction of _______________ - ANSWER Availability
Overprotecting integrity can result in a restriction of __________ - ANSWER Availability
Over-providing availability can result in a loss of ___________ and ____________ - ANSWER
Confidentiality and Integrity
What is authenticity? - ANSWER Authenticity is the security concept that data is authentic or genuine
and originates from its alleged source.
What does non-repudiation ensure? - ANSWER Non-repudiation ensures that the subject of an activity
or who caused an event cannot deny that the event occurred.
What 5 concepts make non-repudiation possible? - ANSWER Identification, Authentication,
Authorisation, Accountability, and Auditing
, Non-repudiation is an essential part of ____________ - ANSWER Accountability
What does the 3 A's in AAA services mean - ANSWER Authentication, Authorisation and Accounting (or
Auditing)
What are the 5 elements of AAA services? - ANSWER Identification, Authentication, Authorisation,
auditing and accounting.
What is identification? - ANSWER Identification is claiming to be an identity when attempting to access a
secured area or system.
What is authentication? - ANSWER Authentication is proving that you are who you say you are
What is authorisation? - ANSWER Authorisation is defining the permissions of a resource and object
access for a specific identity or subject
What is auditing? - ANSWER Auditing is recording a log of the events and activities relayed to the system
and subjects.
What is accounting? - ANSWER Accounting is reviewing log files to check for compliance and violations in
order to held subjects accountable.
What is defence in depth? - ANSWER Defence in depth, AKA layering, is the use of multiple controls in a
series
What is abstraction? - ANSWER Abstraction is a process of hiding the implementation details and
showing only functionality to the user.
What is abstraction used for? - ANSWER Abstraction is used for efficiency. Similar elements are put into
groups that are assigned security controls/restrictions
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Performance. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
79373 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now