CISSP Certified Information Systems Security Professional Study guides, Class notes & Summaries

CISSP CHAPTER 1: EXAM REVIEW QUESTIONS AND ANSWERS, RATED A+ The objectives of security are: - -provide availability, integrity, and confidentiality protection to data and resources. Vulnerability - -is a weakness in a system that allows a threat source to compromise its security. Threat - -is the possibility that someone or something would exploit a vulnerability, either intentionally or accidentally, and cause harm to an asset. Risk - -is the probability of a threat agent exploiting ...

CISSP DOMAIN 2 EXAM REVIEW QUESTIONS AND ANSWERS, RATED A+/ VERIFIED/ Categorization - -The process of determining the impact of the loss of confidentiality, integrity, or availability of the information to an organization Clearing - -The removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions of software file/data recovery utilities Curie Temperature - -The critical point where a materia...

CISSP DOMAIN 3 EVR EXAM REVIEW QUESTIONS AND ANSWERS, RATED A+ Key clustering - -different encryption keys generate the same ciphertext from the same plaintext message Synchronous - -encryption or decryption request is performed immediately Asynchronous - -Encrypt/Decrypt requests are processed in queues Hash function - -a one-way mathematical operation that reduces a message or data file into a smaller fixed length output, or hash value. Variable data input (of any size) + hashing alg...

CISSP EXAM REVIEW QUESTIONS AND ANSWERS, RATED A+/ VERIFIED/ CIA Triangle - -Cornerstone of infosec. Confidentiality, Integrity, Availability Confidentiality (CIA Triangle) - -prevention of unauthorized disclosure of information; prevention of unauthorized read access to data Integrity (CIA Triangle) - -prevention of unauthorized modification of data; prevention of unauthorized write access to data Availability (CIA Triangle) - -ensures data is available when needed to authorized users...

CISSP EXAM REVIEW QUESTIONS & ANSWERS, GRADED A+ VERIFIED/ 1. Which of the following best describes the relationship between COBIT and ITIL? A. COBIT is a model for IT governance, whereas ITIL is a model for corporate governance. B. COBIT provides a corporate governance roadmap, whereas ITIL is a customizable framework for IT service management. C. COBIT defines IT goals, whereas ITIL provides the process-level steps on how to achieve them. D. COBIT provides a framework for achieving bu...

CISSP ISC2 9TH ED 2024/25 EXAM REVIEW QUESTIONS AND ANSWERS, RATED A+ 3 common types of security evaluation: - -Risk assessment, vulnerability assessment, penetration testing Risk assessment - -Process of identifying assets, threats, and vulnerabilities, then using that information to calculate risks. Understanding risks guides improvement to security infrastructure. Vulnerability Assessment - -Uses automated tools to locate known weaknesses, that are addressed by adding more defenses...

CISSP OFFICIAL ISC2 PRACTICE TESTS (ALL DOMAINS)/ ALL EXAM QUESTIONS AND ANSWERS. / EXAM QUESTIONS BANK/ COMPLETE/ RATIONALES PROVIDED| ALL YOU NEED TO PASS | APPROVED| 1. What is the final step of a quantitative risk analysis? A. Determine asset value. B. Assess the annualized rate of occurrence. C. Derive the annualized loss expectancy. D. Conduct a it analysis. - -D. The final step of a quantitative risk analysis is conducting a cost/benefit analysis to determine whether the organi...

CISSP PRACTICE TEST 1 250/ COMPLETE EXAM REVIEW QUESTIONS AND ANSWERS, RATED A+/ VERIFIED/ *baseline - -NIST SP 800-53 discusses security control baselines as a list of security controls. CIS releases security baselines, and a baseline is a useful part of a threat management strategy and may contain a list of acceptable configuration items. *Content Distribution Network (CDN) - -is designed to provide reliable, low-latency, geographically distributed content distribution. In this scena...

CISSP - EXAM PRACTICE/STUDY QUESTIONS & ANSWERS, 100% ACCURATE. VERIFIED/ What is the most effective defense against cross-site scripting attacks? a) Limiting account privileges b)User Authentication c) Input validation d)encryption c) Input validation prevents cross-site scripting attacks by limiting user input to a predefined range. This prevents the attacker from including the HTML ˂SCRIPT˃ tag in the input. What phase of the Electronic Discovery Reference Model puts evidence in a...

CISSP – PRACTICE/ COMPLETE EXAM REVIEW/ RATED A+/ VERIFIED/ Data Remanence - -The remains of partial or even the entire data set of digital information Disaster Recovery Planning (DRP) - -Deals with restoring normal business operations after the disaster takes place...works to get the business back to normal Maximum tolerable downtime - -The maximum period of time that a critical business function can be inoperative before the company incurs significant and long-lasting damage. 802.5 ...