100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CISSP Exam Questions And Accurate Answers (A+ Graded) $9.99   Add to cart

Exam (elaborations)

CISSP Exam Questions And Accurate Answers (A+ Graded)

 8 views  0 purchase
  • Course
  • CISSP
  • Institution
  • CISSP

CISSP Exam Questions And Accurate Answers (A+ Graded)...

Preview 4 out of 32  pages

  • November 1, 2024
  • 32
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CISSP
  • CISSP
avatar-seller
Easton
CISSP Exam Questions And Accurate
Answers (A+ Graded)

CIA Triangle - Answer root of infosec. Confidentiality, Integrity, Availability



Confidentiality CIA Triangle - Answer prevention of unauthorized disclosure of
information; prevention of unauthorized read access to data



Integrity CIA Triangle - Answer prevention of unauthorized modification of data;
prevention of unauthorized write access to data



Availability CIA Triangle - Answer assures data is usable when needed by those who
need them



Opposing forces to CIA - Answer DAD: disclosure, alteration, destruction



Identification is the process that started when a subject claims an identity and
accountability Ex: typing a username, swiping a smart card, waving a proximity device -
badging in, speaking a phrase, etc Always part of a two-step process with
authenticating



Authentication - The process of verifying that a person is who they say they are: ex
password/PIN entrée, biometrics, etc. Always two-factor with identification

Authorization - What does a person have access or privileges to the applicable data

Auditing (monitoring) - Log of events and activities relating to the system and subjects



accountability (accounting)-the process of reviewing log files to detect the type of
compliance and violations that need to occur in order to hold subjects accountable

,non-repudiation-the inability for a user to deny taking a particular action



subject-an entity that independently performs active functions within the system;
typically a user, but could also be a script or program designed to perform actions on
data



object-any passive data within the system



ISC2 Code of Ethics Canons (4) - Answer 1. protect society, commonwealth,
infrastructure

2. act honorably, justly, responsibly, legally

3. provide diligent and competent service

4. advance and protect the profession



applied strictly in order; exam questions where more than one canon could be the
answer, pick the highest priority per this order



policy - Answer required high level management directions; elements of policy



1. purpose: describes why the policy is necessary

2. scope: what systems, people, facilities, organizations are covered

3. responsibilities: specific duties of involved parties

4. compliance: effectiveness of policy, violations of policy



procedure - Response low level step by step guide for accomplishing a task



standard - Response describes the specific use of technology applied to hardware or
software; mandatory

,guideline - Response discretionary recommendations (e.g. not mandatory)



baseline - Response a uniform way of implementing a standard



3 access/security control categories - Answer 1. administrative: implemented by
creating org policy, procedure, regulation. user awareness/training also fall here

2. technical: implemented using hardware, software, firmware that restricts logical
access to a system

3. physical: locks, fences, walls, etc

preventive access control

(can be administrative, technical, physical) - Answer prevents actions from occurring by
applying restrictions on what a user can do. example: privilege level

detective access control

(can be administrative, technical, physical) - Answer controls that signal an alarm
during or after a successful attack; alarm systems, or closed circuit tv



corrective access control

(can be administrative, technical, physical) - Answer restoring a system that has been
damaged; often works in conjunction with detective controls for example antivirus
software



recovery access control

(can be administrative, technical, physical) - Answer controls to restore a system after
an incident has occurred;

deterrent access control

Administrative, Technical, Physical-Answer prevents users from taking actions against
a system



Compensating Access Control

, Administrative, Technical, Physical-Answer extra control implemented to compensate
for deficiencies in other controls when necessary



Formula of Risk-Answer risk=threat x vulnerability x impact



Market approach-to estimate intangible asset. ANSWER assumes the fair value of an
asset reflects the price which comparable assets have been purchased in transactions
under similar circumstances.



Income approach-for estimating intangible asset. ANSWER the value of an asset is the
present value of the future earning capacity that an asset will generate over the rest of
its lifecycle.



cost approach for determining intangible assets - fair value estimated based on
replacement cost



exposure factor EF- percentage of asset value lost as a result of the incident



single loss expectancy SLE - AV x EF dollar value of asset times exposure factor



annualized rate of occurrence ARO- Number of losses that occur in one year



annualized loss expectancy (ALE) - Answer yearly cost due to risk

SLE x ARO = ALE



legally defensible security - Answer to obtain legal restitution a company must
demonstrate a crime was committed, suspect committed that crime, and took
reasonable efforts to prevent the crime



files are accurate, policy in place, proper authentication, compliance with laws and
regulation

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Easton. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $9.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

72042 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$9.99
  • (0)
  Add to cart