Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

CISSP - DOMAIN 1: SECURITY AND RISK MANAGEMENT QUESTIONS AND ANSWERS WITH SOLUTIONS 2024

Puntuación
-
Vendido
-
Páginas
61
Grado
A+
Subido en
25-08-2024
Escrito en
2024/2025

CISSP - DOMAIN 1: SECURITY AND RISK MANAGEMENT QUESTIONS AND ANSWERS WITH SOLUTIONS 2024

Institución
Ccep
Grado
Ccep

Vista previa del contenido

CISSP - DOMAIN 1: SECURITY AND RISK
MANAGEMENT QUESTIONS AND
ANSWERS WITH SOLUTIONS 2024
Domain Objectives 1.1 Understand, adhere to, and promote professional ethics - ANSWER •(ISC)2 Code
of Professional Ethics

•Organizational code of ethics



(ISC)2 Code of Professional Ethics - ANSWER (ISC)2 states in its preamble to the actual code of ethics,
"The safety and welfare of society and the common good, duty to our principles, and to each other,
requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore,
strict adherence to this code is a condition of certification."



(ISC)2 Code of Professional Ethics - ANSWER The (ISC)2 code of ethics is a collection of requirements that
apply to how you act, interact with others (including employers), and make decisions as an information
security professional. The code is designed to "give assured reliance on the character, ability, strength, or
truth of a fellow (ISC)2 member, and it provides a high level of confidence when dealing with a peer
member.



(ISC)2 Code of Professional Ethics - 4 Canons - ANSWER The official four canons are as follows (ranked in
importance):

•Protect society, the commonwealth, and the infrastructure.

•Act honorably, honestly, justly, responsibly, and legally.

•Provide diligent and competent service to principals.

•Advance and protect the profession.



(ISC)2 Code of Professional Ethics - "Protect society, the commonwealth, and the infrastructure," -
ANSWER (ISC)2 expands to:

•Promote and preserve public trust and confidence in information and systems.

•Promote the understanding and acceptance of prudent information security measures.

•Preserve and strengthen the integrity of the public infrastructure.

•Discourage unsafe practices.

,(ISC)2 Code of Professional Ethics - "Act honorably, justly, responsibly and legally," - ANSWER refers to:

•Tell the truth; make all stakeholders aware of your actions on a timely basis.

•Observe all contracts and agreements, express or implied.

•Treat all members fairly. In resolving conflicts, consider public safety and duties to principals,
individuals, and the profession in that order.

•Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort. Take care to be
truthful, objective, cautious, and within your competence.

•When resolving different laws in different jurisdictions, give preference to the laws of the jurisdiction in
which you render your service.



(ISC)2 Code of Professional Ethics - "Provide diligent and competent service to principals," - ANSWER
compels you to:

•Preserve the value of their systems, applications and information.

•Respect their trust and the privileges that they grant you.

•Avoid conflicts of interest or the appearance thereof.

•Render only those services for which you are fully competent and qualified.



(ISC)2 Code of Professional Ethics - "Advance and protect the profession," - ANSWER (ISC)2 offers this
guidance:

•Sponsor for professional advancement those best qualified. All other things equal, prefer those who are
certified and who adhere to these canons. Avoid professional association with those whose practices or
reputation might diminish the profession.

•Take care not to injure the reputation of other professionals through malice, or indifference.

•Maintain your competence; keep your skills and knowledge current. Give generously of your time and
knowledge in training others.



(ISC)2 Code of Professional Ethics - Compliance - ANSWER •Strict compliance with these ethics is
required to maintain your standing as a CISSP credential holder.

•If you are aware of a credentialed member breaking these canons, it is your responsibility to report
them to the ethics committee.



Organizational Code of Ethics - ANSWER •Policies, procedures and culture of doing the right things in the
face of difficult and often controversial issues.

,•Ethics topics that challenge organizations include but aren't limited to discrimination, social
responsibility and fiduciary issues.

•Positive Corporate Culture

•Consumer Confidence

•Reduced Financial Liabilities



Domain Objectives 1.2 Understand and apply security concepts - ANSWER •Confidentiality

•Integrity

•Availability

•Authenticity

•Nonrepudiation



CIA triad (Confidentiality, Integrity, Availability) - ANSWER CIA Triad The three essential security
principles of confidentiality, integrity, and availability.



Confidentiality - ANSWER The assurance that information is protected from unauthorized

disclosure and the defined level of secrecy is maintained throughout all subject-object.

interactions.



Other concepts, conditions, and aspects of confidentiality include sensitivity, discretion, criticality,
concealment, secrecy, privacy, seclusion, and isolation (Sybex, p. 181, 4th ed.)



Without confidentiality, integrity can not be maintained.



Compliance with all laws and regulations is mandatory and the CISSP exam allows for no wiggle room.



Threats to Confidentiality - ANSWER •Sniffing

•Stealing password files

•Social engineering

•Shoulder surfing

, •Eavesdropping

•Poor user training/awareness

•Disclosure



Countermeasures to Threats for Confidentiality - ANSWER •Encryption

•Traffic padding

•Access controls

•Authentication

•Data classification

•Personnel training

•Shielding



Integrity - ANSWER A state characterized by the assurance that modifications are not made by
unauthorized

users and authorized users do not make unauthorized modifications.



•Provides assurance of accuracy and reliability

•Ensures objects retain their veracity

•Modifications by authorized subjects only

•Detects alterations that have occurred

•In storage

•In transit

•In process



Threats to Integrity - ANSWER •Viruses

•Logic bombs

•Unauthorized access

•Coding errors

•Malicious modifications

Escuela, estudio y materia

Institución
Ccep
Grado
Ccep

Información del documento

Subido en
25 de agosto de 2024
Número de páginas
61
Escrito en
2024/2025
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

$11.49
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF


Documento también disponible en un lote

Conoce al vendedor

Seller avatar
Los indicadores de reputación están sujetos a la cantidad de artículos vendidos por una tarifa y las reseñas que ha recibido por esos documentos. Hay tres niveles: Bronce, Plata y Oro. Cuanto mayor reputación, más podrás confiar en la calidad del trabajo del vendedor.
Performance Chamberlain College Of Nursing
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
466
Miembro desde
2 año
Número de seguidores
40
Documentos
18352
Última venta
1 día hace

4.3

235 reseñas

5
134
4
62
3
25
2
4
1
10

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes