Show
This preview shows page 3 - 5 out of 5 pages. Which of the following systems or tools can be used to detect that a credit card transactionmay have resulted from a stolen credit card rather than from the credit card owner?Intrusion detectionsystemsPacket filtering routersStateful inspectionfirewallsData miningtechniques To ensure that a database administrator is in line with the custodianship of the enterprise'sdata, which of the following is an effective preventive control? Get answer to your question and much more Exception reportsWhich of the following is an example of implementing "defense in depth" security bestpractices? Get answer to your question and much more SecurityAdministratorsData OwnersNetworkAdministratorsData AnalystsIf a hacker obtains passwords without the use of computer tools or programs, whattechnique did they use? Get answer to your question and much more What is the primary purpose of using digital signatures? Upload your study docs or become a Course Hero member to access this document End of preview. Want to read all 5 pages? Upload your study docs or become a Course Hero member to access this document Test your knowledge of the CISSP exam’s Domain 1: Security and Risk Management -- one of the heaviest-weighted portions of the test -- with this practice quiz.The following quiz is excerpted from the CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition, ©2015 John Wiley & Sons, All Rights Reserved. For IT professionals whose background may be more focused on hardware and software, the world of cybersecurity, risk management and compliance can be new, and sometimes challenging, territory. As opposed to the muscle-memory tasks like firewall configuration or patch deployment, the skills needed to navigate the shifting, strategic concepts of risk and compliance uses a different part of your brain. But these areas are critical for building a security program in any organization, from small businesses to global enterprises. The importance of these disciplines is not lost on the (ISC)2, which administers the Certified Information Systems Security Professional (CISSP) exam. Domain 1 of the certification exam, Security and Risk Management, is one of the most heavily weighted sections of the test. It accounts for 16% of the final score -- the largest amount assigned to the exam’s eight domains. Only other section of the test, Domain 7: Security Operations, shares the same weight. At a high level, Domain 1 covers cybersecurity, risk management, compliance, law, regulations and business continuity. According to (ISC)2, more specific concepts tested in Domain 1 include:
Planning to take the CISSP exam and obtain certification? Test your knowledge of Domain 1 with this practice quiz, comprising five multiple-choice questions and 10 true/false questions on key concepts, vocabulary and principles of cybersecurity, risk management, compliance and more. CISSP® is a registered mark of (ISC)². This was last published in July 2017 Dig Deeper on Careers and certifications
Which of the following preventive controls best helps secure a Web application?D. Vulnerability testing can help to ensure the security of web applications; however, the best preventive control is developer education because building secure applications from the start is more effective.
Which of the following findings would be of greatest concern to an IS auditor during a review of logical access to an application?Which of the following performance indicators is MOST important? During a logical access controls review, an IS auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that: user accountability is not established.
Which of the following is determined on the basis of the acceptable data loss in case of disruption of operations?The RPO is determined based on the acceptable data loss in case of a disruption of operations. It indicates the earliest point in time that is acceptable to recover the data.
Which of the following is the best way to determine the effectiveness of a security awareness and training program?Which of the following is the BEST way for an IS auditor to determine the effectiveness of a security awareness and training program? Interview a sample of employees.
|