Week 1

Question 1

What year was the first edition of the CBK created?

jpresuello

Answer 1

1992

Question 2

When was CISSP certification created?

jpresuello

Answer 2

1994

Question 3

When was ISC2 established?

jpresuello

Answer 3

1989

Question 4

What is the meaning of CISSP?

jpresuello

Answer 4

Certified Information Systems Security Professional

Question 5

What does ISC2 mean?

jpresuello

Answer 5

International Information Systems Security Certification Consortium

Question 6

Is CISSP a VENDOR NEUTRAL CERTIFICATION?

jpresuello

Answer 6

Yes

Question 7

How many domains are covered in CISSP?

jpresuello

Answer 7

8 domains

Question 8

What are the 3 specific functional areas of CISSP?

jpresuello

Answer 8

Architecture, Engineering, Management

Question 9

What are the 8 knowledge Domains of CISSP

jpresuello

Answer 9

Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, Software Development Security

Question 10

A documented set of your organization’s information security policies, procedures, tools, controls, guidelines, and standards.

jpresuello

Answer 10

Security Program

Question 11

4 lifecycle of Security Program

jpresuello

Answer 11

1. Plan & organize
2. Implement
3. Operate & Maintain
4. Monitor & Evaluate

Question 12

used to determine whether security is cost effective, relevant, timely and responsive to threats

jpresuello

Answer 12

Risk Analysis

Question 13

Assign real and meaningful numbers (DOLLARS) to all elements of risk analysis process

jpresuello

Answer 13

Quantitative Risk Analysis

Question 14

Rank the seriousness of the threats and the validity of the different possible countermeasures based on opinions

jpresuello

Answer 14

Qualitative Risk Analysis

Question 15

An overall general statement produced by senior management that dictates what role security plays within the organization

jpresuello

Answer 15

Security Policy

Question 16

Mandatory activities, actions or rules

jpresuello

Answer 16

Standards

Question 17

Minimum level of protection required

jpresuello

Answer 17

Baseline

Question 18

General guide and recommended actions when a specific Standard does not apply

jpresuello

Answer 18

Guidelines

Question 19

Step by step detailed instruction on specific tasks

jpresuello

Answer 19

Procedure

Question 20

Determining vulnerabilities and risks.

jpresuello

Answer 20

Due Diligence

Question 21

Implementing countermeasures against risks and threats

jpresuello

Answer 21

Due Care

Question 22

Responsible for specific data subset

jpresuello

Answer 22

Data Owner

Question 23

Responsible for maintaining and protecting data/information

jpresuello

Answer 23

Data Custodian

Question 24

Responsible for one or more systems

jpresuello

Answer 24

System owner

Question 25

Responsible for properly defining business processes ## Footnote jpresuello

Answer 25

Process owner

Question 26

Decide who can and cannot access their applications ## Footnote jpresuello

Answer 26

Application Owner

Question 27

Anyone with a root or administrative account to a system ## Footnote jpresuello

Answer 27

Security Administrator

Question 28

Works at the design level than implementation ## Footnote jpresuello

Answer 28

Security Analyst

Question 29

Evaluates security controls within the company ## Footnote jpresuello

Answer 29

Auditor

Question 30

Responsible for approving and rejecting change control requests ## Footnote jpresuello

Answer 30

Change Control Analyst

Question 31

Ensures data is stored in a fashion that makes sense for the company ## Footnote jpresuello

Answer 31

Data Analyst

Question 32

Responsible for explaining business requirements to vendors ## Footnote jpresuello

Answer 32

Product Line Manager

Question 33

Responsible for all user activity and assets created and owned by these users ## Footnote jpresuello

Answer 33

Supervisor

Question 34

Uses data for work-related task ## Footnote jpresuello

Answer 34

User

Question 35

Works with business unit managers, data owners and senior managers to develop and deploy a solution ## Footnote jpresuello

Answer 35

Solution Provider

Question 36

Elected individuals that oversee the fulfillment of the corporation charter ## Footnote jpresuello

Answer 36

Board of Directors

Question 37

Day-to-day management of entire organization ## Footnote jpresuello

Answer 37

CEO

Question 38

Day-to-day account and financial activities ## Footnote jpresuello

Answer 38

CFO

Question 39

Responsible for information technology infrastructure ## Footnote jpresuello

Answer 39

CIO

Question 40

Oversee appropriate handling and usage of data ## Footnote jpresuello

Answer 40

CPO

Question 41

Responsible for understanding company specific risks and processes used to mitigate these risks ## Footnote jpresuello

Answer 41

CSO

Question 42

## Footnote jpresuello