CISMP EXAM
What should inform the decision to invoke a BCP - ANSWERS-Risk
assessment, security policy and BIA
If an issue arises that requires a move to alternative office
accommodation what plan would it be? - ANSWERS-Disaster
recovery plan
There are 2 seperate connections to the intent through different
providers and physical connections. The work is shared between 2
connections what is this called? - ANSWERS-Resilience
forensic investigators - ANSWERS-Individuals who specialize in
fraud, most of whom have specialized training with law enforcement
agencies such as the FBI or IRS or have professional certifications
such as Certified Fraud Examiner (CFE).
PACE - ANSWERS-Police and Criminal Evidence Act
Evidence custody officer - ANSWERS-responsible for collecting and
securely storing evidence while maintaining a good documentary
record to preserve a chain of evidence
,chain of evidence - ANSWERS-legally retaining items of evidence
and accounting for their whereabouts at all times to prevent loss or
tampering.
Cryptography - ANSWERS-the art of protecting information by
transforming it into an unreadable format, called cipher text
asymmetric key encryption - ANSWERS-Encryption system in which
two keys are used: a public key used only to encrypt data, and a
private key used only to decrypt it.
Stream Cipher - ANSWERS-An algorithm that takes one character
and replaces it with one character.
Symmetric Key Encryption - ANSWERS-Encryption system in which
a single key is used for both encryption and decryption.
Block Cipher - ANSWERS-A cipher that manipulates an entire block
of plaintext at one time. 64 bits usually. Blowfish, Triple DES and
Advanced Encryption Standards are examples
Hash functions - ANSWERS-mathematical algorithms that generate a
message summary or digest (sometimes called a fingerprint) to
confirm message identity and integrity
,Pretty Good Privacy (PGP) - ANSWERS-A method of encrypting and
decrypting e-mail messages. It can also be used to encrypt a digital
signature.
Threat Intelligence - ANSWERS-The process of investigating and
collecting information about emerging threats and threat sources.
Big Data - ANSWERS-a broad term for datasets so large or complex
that traditional data processing applications are inadequate.
Cyber Threat Intelligence - ANSWERS-Threat intelligence specific to
the Internet
Indicators of Compromise - ANSWERS-Indicates that a system or
network has been hacked
Co-operative Threat Intelligence - ANSWERS-Combining forces to
reduce every parties risk
Production of a message digest enables the recipient to - ANSWERS-
Verify the integrity of a message content and authenticate the sender
asymmetric encryption is only used on short messages because -
ANSWERS-it takes too long to encrypt and decrypt
- ANSWERS-
, - ANSWERS-
Why is a working group a good idea? - ANSWERS-You get
perspective from all stakeholders across the business
Confidentiality - ANSWERS-The property that information is not
made available or disclosed to unauthorised individuals, entities or
processes
Integrity - ANSWERS-The property of accuracy and completeness
Availability - ANSWERS-The property of informatiuo being
accessible upon demand by an authorised entity
Asset - ANSWERS-Anything that has value to an organiation
What are the 3 main types of asset? - ANSWERS-1. Physical
2. Software
3. Pure information (in any format)
What is the difference between data and information? - ANSWERS-
Data is the basic facts and stats that can be analysed. Information is
the result of this analysis
What should inform the decision to invoke a BCP - ANSWERS-Risk
assessment, security policy and BIA
If an issue arises that requires a move to alternative office
accommodation what plan would it be? - ANSWERS-Disaster
recovery plan
There are 2 seperate connections to the intent through different
providers and physical connections. The work is shared between 2
connections what is this called? - ANSWERS-Resilience
forensic investigators - ANSWERS-Individuals who specialize in
fraud, most of whom have specialized training with law enforcement
agencies such as the FBI or IRS or have professional certifications
such as Certified Fraud Examiner (CFE).
PACE - ANSWERS-Police and Criminal Evidence Act
Evidence custody officer - ANSWERS-responsible for collecting and
securely storing evidence while maintaining a good documentary
record to preserve a chain of evidence
,chain of evidence - ANSWERS-legally retaining items of evidence
and accounting for their whereabouts at all times to prevent loss or
tampering.
Cryptography - ANSWERS-the art of protecting information by
transforming it into an unreadable format, called cipher text
asymmetric key encryption - ANSWERS-Encryption system in which
two keys are used: a public key used only to encrypt data, and a
private key used only to decrypt it.
Stream Cipher - ANSWERS-An algorithm that takes one character
and replaces it with one character.
Symmetric Key Encryption - ANSWERS-Encryption system in which
a single key is used for both encryption and decryption.
Block Cipher - ANSWERS-A cipher that manipulates an entire block
of plaintext at one time. 64 bits usually. Blowfish, Triple DES and
Advanced Encryption Standards are examples
Hash functions - ANSWERS-mathematical algorithms that generate a
message summary or digest (sometimes called a fingerprint) to
confirm message identity and integrity
,Pretty Good Privacy (PGP) - ANSWERS-A method of encrypting and
decrypting e-mail messages. It can also be used to encrypt a digital
signature.
Threat Intelligence - ANSWERS-The process of investigating and
collecting information about emerging threats and threat sources.
Big Data - ANSWERS-a broad term for datasets so large or complex
that traditional data processing applications are inadequate.
Cyber Threat Intelligence - ANSWERS-Threat intelligence specific to
the Internet
Indicators of Compromise - ANSWERS-Indicates that a system or
network has been hacked
Co-operative Threat Intelligence - ANSWERS-Combining forces to
reduce every parties risk
Production of a message digest enables the recipient to - ANSWERS-
Verify the integrity of a message content and authenticate the sender
asymmetric encryption is only used on short messages because -
ANSWERS-it takes too long to encrypt and decrypt
- ANSWERS-
, - ANSWERS-
Why is a working group a good idea? - ANSWERS-You get
perspective from all stakeholders across the business
Confidentiality - ANSWERS-The property that information is not
made available or disclosed to unauthorised individuals, entities or
processes
Integrity - ANSWERS-The property of accuracy and completeness
Availability - ANSWERS-The property of informatiuo being
accessible upon demand by an authorised entity
Asset - ANSWERS-Anything that has value to an organiation
What are the 3 main types of asset? - ANSWERS-1. Physical
2. Software
3. Pure information (in any format)
What is the difference between data and information? - ANSWERS-
Data is the basic facts and stats that can be analysed. Information is
the result of this analysis
