CYBER SECURITY FUNDAMENTALS UPDATED 2024 PRE
TEST(QUESTIONS AND ANSWERS)CISSP COMPLETE
EXAM//ALREADY PASSED/GRADED A+
The CIA Triad
Confidentiality, Integrity, Availability
What is Maximum Tolerable Downtime (MTD) & Maximum Allowable Downtime
(MAD)?
Total length of time a process can be unavailable without causing significant harm to the
organization.
What is OECD?
Organization for Economic Cooperation and Development - Privacy Guidelines.
What is a disaster recovery plan?
A detailed process for recovering information or an IT system in the event of a
catastrophic disaster such as a fire or flood
What is click-wrap License?
Presents the user with a message on his or her computer screen, requires the user
manifest his or her compliance to the terms of the license user agreement by clicking on
an icon.
What is a shrink-wrap agreement?
A shrink wrap license is an end user agreement (EULA) that is enclosed with software
in plastic-wrapped packaging. Once the end user opens the package the, EULA is
considered to be in effect.
Qualitative Risk Analysis - Techniques & Methods
Brainstorming, Story boarding, Surveys/Questionnaires, One-on-one meetings, Delphi
technique, Focus Groups, Checklists, Interviews
Quantitative Risk Analysis
What is Agile Software Development?
Evolutionary approach measured in weeks
Very Flexible & adaptable
Not predictable
Testing is done during the development
5 Phases of NIST Systems Development Life Cycle
Acquisition/Development
Implement/Assessment
Operations/Maintenance
, Sunset (disposal)
Initiation
What are Recovery Time Objectives (RTO)?
Planned time & level of services where it meets minimum services expectations.
When the BIA indicated the RTO will exceed the MTD, the owner is accepting the risk
for this period of time (planning for the disaster)
What is a Recovery Point Objective (RPO)?
A measurement of tolerable data loss
Based on time, not storage amounts
What is Footprinting?
Footprinting (also known as reconnaissance) is the technique used for gathering
information about computer systems and the entities they belong to. To get this
information, a hacker might use various tools and technologies. This information is very
useful to a hacker who is trying to crack a whole system.
What is the Plan-Do-Check-Act (PDCA)?
•Plan: identify an opportunity and plan for change
•Do: Implement the change on a small scale
•Check: analyze the results of the change
•Act: If successful implement on a wider scale; if the change did not work, begin the
cycle again
What are some Threat Modeling attributes?
•Enables informed decision making
•Can produce a prioritized list of security improvements
•Part of the design phase of SDLC
•A procedure for optimizing Network / Application / Internet Security by identifying
objectives and vulnerabilities and then defining countermeasures to prevent or mitigate
the threat
What type of encryption algorithm uses an S-Box?
Symmetric BLOCK style
Is it true if you conceal data in something other than an audio file or graphic file it
is no longer considered to be steganography but instead considered as a covert
channel?
FALSE
What are the two fundamental types of errors?
1. Errors of omission
2. Errors of commission
Define the term tertiary.
third in order or level
What is collision in reference to hashing?
TEST(QUESTIONS AND ANSWERS)CISSP COMPLETE
EXAM//ALREADY PASSED/GRADED A+
The CIA Triad
Confidentiality, Integrity, Availability
What is Maximum Tolerable Downtime (MTD) & Maximum Allowable Downtime
(MAD)?
Total length of time a process can be unavailable without causing significant harm to the
organization.
What is OECD?
Organization for Economic Cooperation and Development - Privacy Guidelines.
What is a disaster recovery plan?
A detailed process for recovering information or an IT system in the event of a
catastrophic disaster such as a fire or flood
What is click-wrap License?
Presents the user with a message on his or her computer screen, requires the user
manifest his or her compliance to the terms of the license user agreement by clicking on
an icon.
What is a shrink-wrap agreement?
A shrink wrap license is an end user agreement (EULA) that is enclosed with software
in plastic-wrapped packaging. Once the end user opens the package the, EULA is
considered to be in effect.
Qualitative Risk Analysis - Techniques & Methods
Brainstorming, Story boarding, Surveys/Questionnaires, One-on-one meetings, Delphi
technique, Focus Groups, Checklists, Interviews
Quantitative Risk Analysis
What is Agile Software Development?
Evolutionary approach measured in weeks
Very Flexible & adaptable
Not predictable
Testing is done during the development
5 Phases of NIST Systems Development Life Cycle
Acquisition/Development
Implement/Assessment
Operations/Maintenance
, Sunset (disposal)
Initiation
What are Recovery Time Objectives (RTO)?
Planned time & level of services where it meets minimum services expectations.
When the BIA indicated the RTO will exceed the MTD, the owner is accepting the risk
for this period of time (planning for the disaster)
What is a Recovery Point Objective (RPO)?
A measurement of tolerable data loss
Based on time, not storage amounts
What is Footprinting?
Footprinting (also known as reconnaissance) is the technique used for gathering
information about computer systems and the entities they belong to. To get this
information, a hacker might use various tools and technologies. This information is very
useful to a hacker who is trying to crack a whole system.
What is the Plan-Do-Check-Act (PDCA)?
•Plan: identify an opportunity and plan for change
•Do: Implement the change on a small scale
•Check: analyze the results of the change
•Act: If successful implement on a wider scale; if the change did not work, begin the
cycle again
What are some Threat Modeling attributes?
•Enables informed decision making
•Can produce a prioritized list of security improvements
•Part of the design phase of SDLC
•A procedure for optimizing Network / Application / Internet Security by identifying
objectives and vulnerabilities and then defining countermeasures to prevent or mitigate
the threat
What type of encryption algorithm uses an S-Box?
Symmetric BLOCK style
Is it true if you conceal data in something other than an audio file or graphic file it
is no longer considered to be steganography but instead considered as a covert
channel?
FALSE
What are the two fundamental types of errors?
1. Errors of omission
2. Errors of commission
Define the term tertiary.
third in order or level
What is collision in reference to hashing?
