CISSP ISC2 9TH ED 2024 QUESTIONS
AND ANSWERS WITH SOLUTIONS 2024
3 common types of security evaluation: - ANSWER Risk assessment, vulnerability assessment,
penetration testing
Risk assessment - ANSWER Process of identifying assets, threats, and vulnerabilities, then using that
information to calculate risks. Understanding risks guides improvement to security infrastructure.
Vulnerability Assessment - ANSWER Uses automated tools to locate known weaknesses, that are
addressed by adding more defenses or adjusting existing protections
Penetration Testing - ANSWER Uses trusted individuals to stress test the security infrastructure to find
issues not discovered through risk assessment or vulnerability assessment
Confidentiality concepts - ANSWER Sensitivity, discretion, criticality, concealment, secrecy, privacy,
seclusion, isolation
Confidentiality attacks - ANSWER Unauthorized disclosure
Confidentiality countermeasures - ANSWER "Encryption, traffic padding, access control, rigorous
authentication procedures, data classification, personnel training, shielding"
Integrity concepts - ANSWER Accuracy, truthfulness, validity, accountability, responsibility, completeness,
comprehensiveness
Integrity attacks - ANSWER viruses, logic bombs, unauthorized access, errors in coding and applications,
malicious modification, intentional replacement, system back doors, Human error, oversight, and
ineptitude.
Integrity countermeasures - ANSWER Strict access controls, rigorous authentication procedures, IDS,
object and data encryption, hash verification, interface restrictions, input/function checks, personnel
training
AND ANSWERS WITH SOLUTIONS 2024
3 common types of security evaluation: - ANSWER Risk assessment, vulnerability assessment,
penetration testing
Risk assessment - ANSWER Process of identifying assets, threats, and vulnerabilities, then using that
information to calculate risks. Understanding risks guides improvement to security infrastructure.
Vulnerability Assessment - ANSWER Uses automated tools to locate known weaknesses, that are
addressed by adding more defenses or adjusting existing protections
Penetration Testing - ANSWER Uses trusted individuals to stress test the security infrastructure to find
issues not discovered through risk assessment or vulnerability assessment
Confidentiality concepts - ANSWER Sensitivity, discretion, criticality, concealment, secrecy, privacy,
seclusion, isolation
Confidentiality attacks - ANSWER Unauthorized disclosure
Confidentiality countermeasures - ANSWER "Encryption, traffic padding, access control, rigorous
authentication procedures, data classification, personnel training, shielding"
Integrity concepts - ANSWER Accuracy, truthfulness, validity, accountability, responsibility, completeness,
comprehensiveness
Integrity attacks - ANSWER viruses, logic bombs, unauthorized access, errors in coding and applications,
malicious modification, intentional replacement, system back doors, Human error, oversight, and
ineptitude.
Integrity countermeasures - ANSWER Strict access controls, rigorous authentication procedures, IDS,
object and data encryption, hash verification, interface restrictions, input/function checks, personnel
training
