Module 1: Security Domains

by
Contents hide
1 INTRODUCTION – Security Domains
2 TEST YOUR KNOWLEDGE: MORE ABOUT THE CISSP SECURITY DOMAINS
3 TEST YOUR KNOWLEDGE: NAVIGATE THREATS, RISKS, AND VULNERABILITIES
4 MODULE 1 CHALLENGE
Spread the love

INTRODUCTION – Security Domains

Take the security journey to the fullest and cover the eight security domains of the Certified Information Systems Security Professional (CISSP) certification. This will show you how to identify and analyze the key threats, risks, and vulnerabilities to business operations. In cyberspace, you can also explore the National Institute of Standards and Technology (NIST’s) Risk Management Framework (RMF), which gives risk management a structured approach. By examining the sequenced steps of risk management, you will know how you’ve learned to apply the principles and strategies of effective information security to safeguard your organization.

Learning Objectives:

  • Recognize and explain the point of CISSP’s eight security domains.
  • Identify and define the greatest threats, risks, and vulnerabilities to business operations.
  • Outline the types of threats, risks, and vulnerabilities that entry-level security analysts will usually be concentrating on.
  • Understand the effect of threats, risks, and vulnerabilities on business operations.
  • Identify the steps of risk management.

TEST YOUR KNOWLEDGE: MORE ABOUT THE CISSP SECURITY DOMAINS

1. Fill in the blank: The _____ domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets.

  • asset security
  • security operations
  • communication and network security
  • identity and access management (CORRECT)

Identity and Access Management (IAM) domain is all about giving safe and authorized access to data and systems through policies that manage and control user access to assets. It makes sure that users are authenticated and authorized before being granted access to critical data, which, in turn, saves the data and keeps it secure to prevent unauthorized access. This domain consists of processes such as user identification, authentication, authorization, and maintaining access controls across the user lifecycle.

2. What is the focus of the security and risk management domain?

  • Optimize data security by ensuring effective processes are in place
  • Manage and secure wireless communications
  • Secure physical networks and wireless communications
  • Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations. (CORRECT)

With the premise the domain of security and risk management is justified with a broad vision of its design in keeping with the strong security foundation that information seeks to define measurable security goals and objectives-policies and measures designed to mitigate risk-comply with laws and regulations relevant for granting business-very related business continuity- and risk management related to security. It is the most considerable task of learning and establishing sound processes for the purpose of safeguarding organizational assets, ensuring continuity of business operations even under projected interruptions and incidents of security-related affairs-projected because much of the organization’s risk environment will be needed to understand before one even tries to put some of these processes in place to have them effective and efficient.

3. In which domain would a security professional conduct security control testing; collect and analyze data; and perform security audits to monitor for risks, threats, and vulnerabilities?

  • Identity and access management
  • Communication and network engineering
  • Security architecture and engineering
  • Security assessment and testing (CORRECT)

A Security professional performs testing of a security control, collects and analyzes data, as well as security audits in the area of security assessment and testing to detect and monitor risks, threats, and vulnerabilities.

4. Fill in the blank: The _____ domain concerns conducting investigations and implementing preventive measures.

  • communications and networking engineering
  • software development security
  • asset security
  • security operations (CORRECT)

The domain security operations involve investigating and applying preventive measures to secure an organization against security threats.

TEST YOUR KNOWLEDGE: NAVIGATE THREATS, RISKS, AND VULNERABILITIES

1. What is a vulnerability?

  • A weakness that can be exploited by a threat (CORRECT)
  • An organization’s ability to manage its defense of critical assets and data and react to change
  • Anything that can impact the confidentiality, integrity, or availability of an asset
  • Any circumstance or event that can negatively impact assets

A vulnerability refers to a weakness or flaw that a threat may take advantage of to undermine the security of a system.

2. Fill in the blank: Information protected by regulations or laws is a _____. If it is compromised, there is likely to be a severe negative impact on an organization’s finances, operations, or reputation.

  • new-risk asset
  • medium-risk asset
  • low-risk asset
  • high-risk asset (CORRECT)

Such information will be protected under regulations or laws, thus meaning that such information is a high-risk asset as any compromise will lead to significant loss to the organization in terms of finance, operations, or reputation.

3. What are the key impacts of threats, risks, and vulnerabilities? Select three answers.

  • Identity theft (CORRECT)
  • Employee retention
  • Financial damage (CORRECT)
  • Damage to reputation (CORRECT)

The primary forms through which threats, risks, and vulnerabilities have direct and indirect strong significant impacts on the organization include financial loss, identity theft, or reputational damage.

4. Fill in the blank: The steps in the Risk Management Framework (RMF) are prepare, _____, select, implement, assess, authorize, and monitor.

  • categorize (CORRECT)
  • communicate
  • reflect
  • produce

The Risk Management Framework (RMF) involves the preparation, categorization, selection, implementation, assessment, authorization, and monitoring steps. During the categorize process, security professionals will describe processes and tasks that will manage risk for the purpose of classifying the system’s security requirements and impact level.

5. Phishing exploits human error to acquire sensitive data and private information.

  • True (CORRECT)
  • False

Phishing, essentially a social engineering technique, uses human errors to lure an individual to disclose their sensitive data and private information.

 

MODULE 1 CHALLENGE

1. Fill in the blank: Security posture refers to an organization’s ability to react to change and manage its defense of _____ and critical assets.

  • data (CORRECT)
  • domains
  • consequences
  • gaps

Correct!

2. Which of the following examples are key focus areas of the security and risk management domain? Select three answers.

  • Define security goals (CORRECT)
  • Follow legal regulations (CORRECT)
  • Maintain business continuity (CORRECT)
  • Conduct control testing

Correct!

3. How does business continuity enable an organization to maintain everyday productivity?

  • By ensuring return on investment
  • By establishing risk disaster recovery plans (CORRECT)
  • By exploiting vulnerabilities
  • By outlining faults to business policies

Correct!

4. Fill in the blank: According to the concept of shared responsibility, employees can help lower risk to physical and virtual security by _____. Select two answers.

  • taking an active role (CORRECT)
  • meeting productivity goals
  • recognizing and reporting security concerns (CORRECT)
  • limiting their communication with team members

Correct!

5. A security analyst ensures that employees are able to review only the data they need to do their jobs. Which security domain does this scenario relate to?

  • Communication and network security
  • Identity and access management (CORRECT)
  • Software development security
  • Security assessment and testing

Correct!

6. Which of the following activities may be part of establishing security controls? Select three answers.

  • Implement multi-factor authentication (CORRECT)
  • Collect and analyze security data regularly (CORRECT)
  • Evaluate whether current controls help achieve business goals (CORRECT)
  • Monitor and record user requests

Correct!

7. When working in the software development security domain, which of the following are tasks that security team members may complete during various phases of the software development lifecycle? Select three answers.

  • Initiating a secure design review (CORRECT)                                       
  • Participating in incident investigations
  • Performing penetration testing (CORRECT)
  • Conducting secure code reviews (CORRECT)

Correct!

8. Which of the following statements accurately describe risk? Select all that apply.

  • If compromised, a medium-risk asset may cause some damage to an organization’s finances.
  • Website content or published research data are examples of low-risk assets. (CORRECT)
  • Organizations often rate risks at different levels: low, medium, and high. (CORRECT)
  • If compromised, a high-risk asset is unlikely to cause financial damage.

Correct!

9. A business experiences an attack. As a result, a major news outlet reports the attack, which creates bad press for the organization. What type of consequence does this scenario describe?

  • Loss of identity
  • Increase in profits
  • Lack of engagement
  • Damage to reputation (CORRECT)

Correct!

10. Fill in the blank: In the Risk Management Framework (RMF), the _____ step might involve implementing a plan to change password requirements in order to reduce requests to reset employee passwords.

  • implement (CORRECT)
  • categorize
  • prepare
  • authorize

Correct!

11. Fill in the blank: Security _____ refers to an organization’s ability to manage its defense of critical assets and data, as well as its ability to react to change.

  • architecture
  • hardening
  • governance
  • posture (CORRECT)

Correct!

12. Which of the following examples are key focus areas of the security and risk management domain? Select three answers.

  • Store data properly
  • Maintain business continuity (CORRECT)
  • Mitigate risk (CORRECT)
  • Follow legal regulations (CORRECT)

Correct!

13. What term describes an organization’s ability to maintain its everyday productivity by establishing risk disaster recovery plans?

  • Recovery
  • Business continuity (CORRECT)
  • Mitigation
  • Daily defense

Correct!

14. A security analyst verifies users and monitors employees’ login attempts. The goal is to keep the business’s assets secure. Which security domain does this scenario describe?

  • Communication and network security
  • Security operations
  • Security assessment and testing
  • Identity and access management (CORRECT)

Correct!

15. Fill in the blank: In the Risk Management Framework (RMF), the _____ step involves knowing how systems are operating and assessing whether or not those systems support the organization’s security goals.

  • monitor (CORRECT)
  • implement
  • categorize
  • authorize

Correct!

16. What security concept involves all individuals in an organization taking an active role in reducing risk and maintaining security?

  • Remote services
  • Employee retention
  • Secure coding
  • Shared responsibility (CORRECT)

Correct!

17. A security analyst is asked to conduct a security audit to identify vulnerabilities. Which security domain is this task related to?

  • Communication and network security
  • Software development security
  • Security assessment and testing (CORRECT)
  • Security architecture and engineering

Correct!

18. Fill in the blank: When working in the software development security domain, security team members can use each phase of the software development _____ to conduct security reviews and ensure that security can be fully integrated into software products.

  • operations
  • sequencing
  • lifecycle (CORRECT)
  • handling

Correct!

19. Which of the following statements accurately describe risk? Select all that apply.

  • Another way to think of risk is the likelihood of a threat occurring. (CORRECT)
  • If compromised, a low-risk asset would have a severe negative impact on an organization’s ongoing reputation.
  • If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations. (CORRECT)
  • A high-risk asset is any information protected by regulations or laws. (CORRECT)

Correct!

20. A business experiences an attack. As a result, its critical business operations are interrupted and it faces regulatory fines. What type of consequence does this scenario describe?

  • Practical
  • Reputation
  • Identity
  • Financial (CORRECT)

Correct!

21. In the Risk Management Framework (RMF), which step notes the importance of being accountable for potential risks and may involve generating reports or developing plans of action?

  • Categorize
  • Select
  • Prepare
  • Authorize (CORRECT)

Correct!

22. What is the goal of business continuity?

  • Remove access to assets
  • Reduce personnel
  • Destroy publicly available data
  • Maintain everyday productivity (CORRECT)

Correct!

Leave a Comment