Exam (elaborations)
CISSP - DOMAIN 1: SECURITY AND RISK MANAGEMENT QUESTIONS AND ANSWERS WITH SOLUTIONS 2024
- Course
- Institution
CISSP - DOMAIN 1: SECURITY AND RISK MANAGEMENT QUESTIONS AND ANSWERS WITH SOLUTIONS 2024
[Show more]
Content preview
CISSP - DOMAIN 1: SECURITY AND RISKMANAGEMENT QUESTIONS AND
ANSWERS WITH SOLUTIONS 2024
Domain Objectives 1.1 Understand, adhere to, and promote professional ethics - ANSWER •(ISC)2 Code
of Professional Ethics
•Organizational code of ethics
(ISC)2 Code of Professional Ethics - ANSWER (ISC)2 states in its preamble to the actual code of ethics,
"The safety and welfare of society and the common good, duty to our principles, and to each other,
requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore,
strict adherence to this code is a condition of certification."
(ISC)2 Code of Professional Ethics - ANSWER The (ISC)2 code of ethics is a collection of requirements that
apply to how you act, interact with others (including employers), and make decisions as an information
security professional. The code is designed to "give assured reliance on the character, ability, strength, or
truth of a fellow (ISC)2 member, and it provides a high level of confidence when dealing with a peer
member.
(ISC)2 Code of Professional Ethics - 4 Canons - ANSWER The official four canons are as follows (ranked in
importance):
•Protect society, the commonwealth, and the infrastructure.
•Act honorably, honestly, justly, responsibly, and legally.
•Provide diligent and competent service to principals.
•Advance and protect the profession.
(ISC)2 Code of Professional Ethics - "Protect society, the commonwealth, and the infrastructure," -
ANSWER (ISC)2 expands to:
•Promote and preserve public trust and confidence in information and systems.
•Promote the understanding and acceptance of prudent information security measures.
•Preserve and strengthen the integrity of the public infrastructure.
•Discourage unsafe practices.
,(ISC)2 Code of Professional Ethics - "Act honorably, justly, responsibly and legally," - ANSWER refers to:
•Tell the truth; make all stakeholders aware of your actions on a timely basis.
•Observe all contracts and agreements, express or implied.
•Treat all members fairly. In resolving conflicts, consider public safety and duties to principals,
individuals, and the profession in that order.
•Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort. Take care to be
truthful, objective, cautious, and within your competence.
•When resolving different laws in different jurisdictions, give preference to the laws of the jurisdiction in
which you render your service.
(ISC)2 Code of Professional Ethics - "Provide diligent and competent service to principals," - ANSWER
compels you to:
•Preserve the value of their systems, applications and information.
•Respect their trust and the privileges that they grant you.
•Avoid conflicts of interest or the appearance thereof.
•Render only those services for which you are fully competent and qualified.
(ISC)2 Code of Professional Ethics - "Advance and protect the profession," - ANSWER (ISC)2 offers this
guidance:
•Sponsor for professional advancement those best qualified. All other things equal, prefer those who are
certified and who adhere to these canons. Avoid professional association with those whose practices or
reputation might diminish the profession.
•Take care not to injure the reputation of other professionals through malice, or indifference.
•Maintain your competence; keep your skills and knowledge current. Give generously of your time and
knowledge in training others.
(ISC)2 Code of Professional Ethics - Compliance - ANSWER •Strict compliance with these ethics is
required to maintain your standing as a CISSP credential holder.
•If you are aware of a credentialed member breaking these canons, it is your responsibility to report
them to the ethics committee.
Organizational Code of Ethics - ANSWER •Policies, procedures and culture of doing the right things in the
face of difficult and often controversial issues.
,•Ethics topics that challenge organizations include but aren't limited to discrimination, social
responsibility and fiduciary issues.
•Positive Corporate Culture
•Consumer Confidence
•Reduced Financial Liabilities
Domain Objectives 1.2 Understand and apply security concepts - ANSWER •Confidentiality
•Integrity
•Availability
•Authenticity
•Nonrepudiation
CIA triad (Confidentiality, Integrity, Availability) - ANSWER CIA Triad The three essential security
principles of confidentiality, integrity, and availability.
Confidentiality - ANSWER The assurance that information is protected from unauthorized
disclosure and the defined level of secrecy is maintained throughout all subject-object.
interactions.
Other concepts, conditions, and aspects of confidentiality include sensitivity, discretion, criticality,
concealment, secrecy, privacy, seclusion, and isolation (Sybex, p. 181, 4th ed.)
Without confidentiality, integrity can not be maintained.
Compliance with all laws and regulations is mandatory and the CISSP exam allows for no wiggle room.
Threats to Confidentiality - ANSWER •Sniffing
•Stealing password files
•Social engineering
•Shoulder surfing
, •Eavesdropping
•Poor user training/awareness
•Disclosure
Countermeasures to Threats for Confidentiality - ANSWER •Encryption
•Traffic padding
•Access controls
•Authentication
•Data classification
•Personnel training
•Shielding
Integrity - ANSWER A state characterized by the assurance that modifications are not made by
unauthorized
users and authorized users do not make unauthorized modifications.
•Provides assurance of accuracy and reliability
•Ensures objects retain their veracity
•Modifications by authorized subjects only
•Detects alterations that have occurred
•In storage
•In transit
•In process
Threats to Integrity - ANSWER •Viruses
•Logic bombs
•Unauthorized access
•Coding errors
•Malicious modifications
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Performance. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
78121 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now