CISMP REVISION QUESTIONS AND ANSWERS WITH COMPLETE SOLUTIONS VERIFIED LATEST UPDATE
9 views 0 purchase
Course
CISMP
Institution
CISMP
CISMP REVISION QUESTIONS AND ANSWERS WITH COMPLETE SOLUTIONS VERIFIED LATEST UPDATE
What is protective monitoring?
Ensuring that system owners are provided with a real-time feed of information regarding the status of ICT systems, providing awareness of activities of the threat sources and enabl...
Confidentiality - non disclosure, access on a need to know basis, least privilege
Integrity - protecting the accuracy and completeness of assets
,Availability - reliability and timely access to data or IT resources by appropriate people
What is non repudiation?
The ability to prove the occurrence of a claimed event or action and its originating
entities.
What is defence in depth?
Layering security to provide redundancy and to buy time to detect and enact a
response.
Examples include SSO, firewall, TLS, fences, walls, badges, data classification,
password strength
What is IAAA?
Identity - usernames, etc, who a user is
Authentication - proving the user is who they say they are, using a password, etc
Authorisation - ensuring that user can only access what they are authorised to access
Accounting/ Auditing - record of actions taken and can be traced back
What are the three primary strands of security governance?
Governance, Risk Management, Compliance
How does security as an enabler work?
Delivering value rather than cost
Enable new ways of working
,Improve working practices
Minimise costs
What is compliance?
Conforming to:
rules
policies
standards
law
legal contracts
What is risk defined as?
The effect of uncertainty on objectives.
How is risk calculated?
Risk = likelihood x impact
Identify a vulnerability and evaluate the likelihood of it being exploited by a threat and
the impact that a successful exploit would have.
What is a vulnerability?
A weakness that could be triggered accidentally or exploited intentionally to cause a
security breach.
Examples include improper configurations, misuse of software or communication
protocols, untested software and firmware patches, poorly designed network
architecture, insecure password usage, design flaws, etc.
, What is a threat?
The potential for someone or something to exploit a vulnerability and breach security.
May be intentional or unintentional.
Examples include hackers, cyberterrorists, criminal gangs, earthquakes, floods,
hurricanes, etc.
What are the five threat categories?
External, internal, deliberate, multiparty and accidental.
Multiparty is relevant to third party or supplier issues which can arise from the impact to
multiple organisations.
Accidental could be an engineer accidentally cutting important cables for power supply
while doing his job.
What are some examples of vulnerabilities?
General:
Lack of physical controls
Lack of pre-employment checks
Information specific:
Lack of security patches
No firewall on a website
Out of date antivirus software
What is the difference between quantitative and qualitative in risk evaluation?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller NurseAdvocate. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
