Course 2/MOD1 -Explore the CISSP security domains, Part 1
7.Security operations
-conduct forensic investigation -active attacks
data
. Question 1 Fill in the blank: Security posture refers to an organization's ability to react to change and manage its defense of _____ and critical assets. -domains -consequences -gaps -data
-high-risk asset
. Question 2 Information protected by regulations or laws is a _____. If it is compromised, there is likely to be a severe negative impact on an organization's finances, operations, or reputation. -high-risk asset -low-risk asset -medium-risk asset -new-risk asset
-change
1. Fill in the blank: Security posture refers to an organization's ability to react to _____ and manage its defense of critical assets and data. -change -sustainability -competition -tasks
7 steps for managing risks
1. Prepare 2.Categorize 3. Select 4. Implement 5. assess 6. Authorize 7.Monitor
Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations
2. Question 2 What is the focus of the security and risk management domain? 1 point
lifecycle
7. Fill in the blank: The software development security domain involves the use of the software development ___, which is an efficient process used by teams to quickly build software products and services. functionality operations lifecycle staging
Conducting secure code reviews Performing penetration testing Initiating a secure design review
7.When working in the software development security domain, which of the following are tasks that security team members may complete during various phases of the software development lifecycle? Select three answers. Participating in incident investigations Conducting secure code reviews Performing penetration testing Initiating a secure design review
vulnerability
A ____________ is a weakness that can be exploited by a threat. Therefore, organizations need to regularly inspect for vulnerabilities within their systems. Some vulnerabilities include:
3. Security architecture and engineering
An example of managing data is the use of a security information and event management (SIEM) tool to monitor for flags related to unusual login or user activity that could indicate a threat actor is attempting to access private data.
Business Continuity
An organization's ability to maintain everyday productivity by establishing risk disaster recovery plans.
security Posture
An organization's ability to manage its defense of critical assets and data and react to change.
1.Security and risk management
Goal: defining security goals and objectives, risk mitigation , compliance, business continuity, and regulation.
Staff members or vendors abuse their authorized access to obtain data that may harm an organization.
Insider threat
identity and access management
Question 1 Fill in the blank: The _____ domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets.
-Maintain everyday productivity
Question 3 What is the goal of business continuity? -Reduce personnel -Destroy publicly available data -Remove access to assets -Maintain everyday productivity
Anything that can impact the confidentiality , integrity, or availability or an asset
Risk
Surface web
accessed using a web browser
Dark Web
only accessed by using special software
Deep web
requires permission to acess.
4. implemetent
the fourth step of the NIST RMF that means to implement security and privacy plans for an organization
-Maintain business continuity -Mitigate risk -Follow legal regulations
2. which of the following examples are key focus areas of the security and risk management domain? Select three answers. -Maintain business continuity -Store data properly -Mitigate risk -Follow legal regulations
Security assessment and testing
3. Question 3 In which domain would a security professional conduct security control testing; collect and analyze data; and perform security audits to monitor for risks, threats, and vulnerabilities?
-Maintain everyday productivity
3.What is the goal of business continuity? -Reduce personnel -Destroy publicly available data -Remove access to assets -Maintain everyday productivity-
security operations
4. Question 4 Fill in the blank: The _____ domain concerns conducting investigations and implementing preventive measures.
Identity and access management
5.A security analyst ensures that employees are able to review only the data they need to do their jobs. Which security domain does this scenario relate to? Software development security Identity and access management Security assessment and testing Communication and network security
Perform security audits Collect and analyze data Conduct security control testing
6.What are the key areas of focus in the security assessment and testing domain? Select three answers. Perform security audits Use secure coding practices Collect and analyze data Conduct security control testing
-Collect and analyze security data regularly -Evaluate whether current controls help achieve business goals -Implement multi-factor authentication
6.Which of the following activities may be part of establishing security controls? Select three answers. -Collect and analyze security data regularly -Monitor and record user requests -Evaluate whether current controls help achieve business goals -Implement multi-factor authentication
-Assets with SPII, PII, or intellectual property are examples of high-risk assets. -Determining whether a risk is low, medium, or high depends on the possible threat and the asset involved. -If compromised, a medium-risk asset may cause some damage to an organization's reputation.
8.Which of the following statements accurately describe risk? Select all that apply. -Assets with SPII, PII, or intellectual property are examples of high-risk assets. -If compromised, a low-risk asset would not require ongoing monitoring or action. -Determining whether a risk is low, medium, or high depends on the possible threat and the asset involved. -If compromised, a medium-risk asset may cause some damage to an organization's reputation.
Identity theft
9.A business experiences an attack. As a result, sensitive personally identifiable information (SPII) is leaked through the dark web. What type of consequence does this scenario describe? Financial gain Reputation Customer Identity theft
Vulnerability
: A weakness that can be exploited by a threat
high-risk
A ____ _____asset is any information protected by regulations or laws, which if compromised, would have a severe negative impact on an organization's finances, ongoing operations, or reputation. This could include leaked assets with SPII, PII, or intellectual property.
low risk
A _____ _____asset is information that would not harm the organization's reputation or ongoing operations, and would not cause financial damage if compromised.
medium-risk
A ___________ _______asset might include information that's not available to the public and may cause some damage to the organization's finances, reputation, or ongoing operations
Ransomware
A malicious attack where threat actors encrypt an organization's data and demand payment to restore access
ProxyLogon:
A pre-authenticated vulnerability that affects the Microsoft Exchange server. This means a threat actor can complete a user authentication process to deploy malicious code from a remote location.
ZeroLogon:
A vulnerability in Microsoft's Netlogon authentication protocol. An authentication protocol is a way to verify a person's identity. Netlogon is a service that ensures a user's identity before allowing access to a website's location.
A threat actor maintains unauthorized access to a system for an extended period of time
Advanced persistent threats (APTs)
PetitPotam
Affects Windows New Technology Local Area Network (LAN) Manager (NTLM). It is a theft technique that allows a LAN-based attacker to initiate an authentication request.
Shared Responsibility
All individuals in an organization take an active role in lowering risk and maintaining both physical and virtual security.
Server-side request forgery:
Allows attackers to manipulate a server-side application into accessing and updating backend resources. It can also allow threat actors to steal data.
Log4Shell:
Allows attackers to run Java code on someone else's computer or leak sensitive information. It does this by enabling a remote attacker to take control of devices connected to the internet and run malicious code.
5. IAM- principle of least privilage
As an example, a cybersecurity analyst might be asked to ensure that customer service representatives can only view the private data of a customer, such as their phone number, while working to resolve the customer's issue; then remove access when the customer's issue is resolved.
the primary goal of orgations is to protect _____________ or an item received as having value to an organization. These can be both digital or physical.
Assests
5. Identity and access management EX
EX. everyone at a company is using the same admin login there is no way to figure out who is a valid user and who is a threat actor.
6.Security assessment and testing
EX. examining organizational goals and objectives and evaluating if controls being used actually achieve those goals.
4.Communication network security
Ex. Employees working in public spaces need to be protected from vulnerabilities that can occur when they use public wifi or insecure bluetooth connections.
8.Software development security
Ex. Performing a secure design review during the design phase, secure code reviews during the development and testing phases, and penetration testing during the deployment and implementation phase.
2. Asset security
Ex. Security analyst overseeing destruction of hard drives being properly disposed of
6. Security assessment and testing
Ex. implementing a new control could be requiring the use of multi-factor authentication to better protect the organization from potential threats and risks.
8. Software Development Security
For example, an entry-level analyst working for a pharmaceutical company might be asked to make sure encryption is properly configured for a new medical device that will store private patient data.
1. Identification 2.Authentication 3. Authorization 4. Accountability
Four components of IAM
6.Security assessments and testing
Goal: Conducting security control and testing. -Collecting and analyzing data -Conducting security audits to monitor for risks,threats and vulnerabilities.
4. communication Network security
Goal: Managing and securing physical networks and wireless communications.
7. Security Operations
Goal: conducting investigations and implementing preventative measures.
3.Security Architecture and engineering
Goal: optimizing data security by ensuring effective tools , systems and processes are in place to protect an organization's assets and data
2.Asset security
Goal: secure Digital and physical assets. Storage, Maintenance retention and destruction of data. Ex. PII is still protected when being transferred over internet or physically collected.
8. Software development security
Goal: secure coding practices.
5. Identity and access management (IAM)
Goal; Access and authorization to keep data secure. -Makes sure users follow established policies to control and manage assets.
Security logging and monitoring failures:
Insufficient logging and monitoring capabilities that result in attackers exploiting vulnerabilities without the organization knowing it
A weakness that can be exploited by a threat
Question 1 What is a vulnerability? -Anything that can impact the confidentiality, integrity, or availability of an asset -An organization's ability to manage its defense of critical assets and data and react to change -Any circumstance or event that can negatively impact assets -A weakness that can be exploited by a threat
Authorize
Question 10 In the Risk Management Framework (RMF), which step notes the importance of being accountable for potential risks and may involve generating reports or developing plans of action? Categorize Authorize Prepare Select
-Define security goals and objectives -Be in compliance -Mitigate risk
Question 2 Which of the following examples are key focus areas of the security and risk management domain? Select three answers. -Define security goals and objectives -Be in compliance -Mitigate risk -Secure digital and physical assets
-Financial damage -Identity theft -Damage to reputation to reputation
Question 3 What are the key impacts of threats, risks, and vulnerabilities? Select three answers. -Financial damage -Identity theft -Employee retention -Damage to reputation to reputation
recognizing and reporting security concerns taking an active role
Question 4 Fill in the blank: According to the concept of shared responsibility, employees can help lower risk to physical and virtual security by _____. Select two answers. recognizing and reporting security concerns taking an active role meeting productivity goals limiting their communication with team members
Organizations often rate risks at different levels: low, medium, and high. If compromised, a medium-risk asset may cause some damage to an organization's finances.
Question 8 Which of the following statements accurately describes risk? Select all that apply. -If compromised, a high-risk asset is unlikely to cause financial damage. -Organizations often rate risks at different levels: low, medium, and high. -If compromised, a medium-risk asset may cause some damage to an organization's finances. -Website content or published research data are examples of low-risk assets.
Identity theft
Question 9 A business experiences an attack. As a result, sensitive personally identifiable information (SPII) is leaked through the dark web. What type of consequence does this scenario describe? Financial gain Reputation Customer Identity theft
5. assess
The fifth step of the NIST RMF that means to determine if established controls are implemented correctly
1. prepare
The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs
Risk Mitigation
The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach.
2. Categorize
The second step of the NIST RMF that is used to develop risk management processes and tasks
7. Monitor
The seventh step of the NIST RMF that means be aware of how systems are operating
6. Authorize
The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that may exist in an organization
3. select
The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization
Any circumstance or event that can negatively impact assests.
Treats
-Security goals and objectives -Risk Mitigation Processes -Compliance -Business Continuity plans -Legal Regulations -Professional organizational Ethics
What are the elements of 1.Security and Risk management security posture?
Examples of ____________ are SSN numbers, dates of birth, bank account numbers, ________, payment kiosks, servers, desktop computers, ___________ _________.
assets, mailing addresses, Office spaces.