dummies

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will provide CISSP training for Domain 6 (Security Assessment and Testing) of the CISSP Exam.  His extensive training will cover all of the CISSP domains.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

Question:  110

Tom would like to test system that lie within his network for vulnerabilities that could be exploited by the most recent set of ransomware variants.  Which one of the following tools would be best suited to accomplish this task?

1. Network discovery scanner
2. Network vulnerability scanner
3. Web vulnerability scanner
4. Ping sweep

Explanation [b] A network vulnerability scanner would be the best tool for discovering what vulnerabilities reside within your network.

-----------------------------------

Question:  111

1. When trying to gain the most detailed information about a system from a scan, what is the best scan to meet that objective?
2. 1. Port Scan
   2. Authenticated Scan
   3. Vulnerability Scan
   4. Unauthenticated Scan

Explanation: [b] An authenticated scan allows you to use credentials which will provide you the most detailed information.   An unauthenticated scan will only provide you a view that is available from the outside and may not be an adequate or fair assessment of the system. 

------------------------------------

Question:  112

What is the most common port used to communicated encrypted traffic on a web server?

1. 22
2. 143
3. 80
4. 443

Explanation: [d] 443 is the common standard where encrypted communications use for transmitting data.  However, any port can be used for encrypted data, but 443 is considered the common standard. 

------------------------------------

Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will provide CISSP training for Domain 6 (Security Assessment and Testing) of the CISSP Exam.  His extensive training will cover all of the CISSP domains.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

Question:  108

What are the various phases associated with completing a Penetration Test for an organization.

1. Planning, Reporting, Vulnerability Management, Exploiting, Information Gathering
2. Production, Registration, Vulnerability Management, Exploiting, Information Gathering
3. Planning, Reporting, Vulnerability Scanning, Exploiting, Information Gathering
4. Production, Reporting, Vulnerability Management, Exploiting, Information Gathering

Explanation: [c] Planning, Reporting, Vulnerability Scanning, Exploiting, and Information Gathering (not in order) are the phases of completing a penetration test for an organization.

------------------------------------

Question:  109

When creating metrics for your leadership, what are first items you should focus first on and what should be your level of complexity for the report?

1. Very complex metrics focused on all systems; Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues
2. Very simple metrics focused on critical systems; Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues
3. Very simple metrics focused on critical systems; Management processes, Closed vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance issues
4. Very simple metrics focused on critical systems; Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues

Explanation:  [b] Starting off with simple metrics focused on critical systems with the following metrics:  Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues is the best method to get started.  Obviously, you organization may be different and you will have to modify to meet your needs, but it is good place to get started….keep it simple.  

------------------------------------

Question:  110

When completing a Penetration Test of your organization who needs to be involved in the discussion and decision?

1. No one; informing people that the penetration test will occur will taint the results resulting in waste
2. Everyone; it is important that people don't feel duped that this test was designed to trick them
3. Key personnel; it is important to focus on only telling the decision makers/influencers (CEO/CIO, Legal, Public Affairs, Compliance) as it relates to a penetration test.
4. None of the above

Explanation: [c] It is important the right people are involved in the decision making process as a Pen Test can have significant impact on an organization and cause a disruption within a company.

------------------------------------

Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - 

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will provide CISSP training for Domain 6 (Security Assessment and Testing) of the CISSP Exam.  His extensive training will cover all of the CISSP domains.

• CISSP Article – RAYGUN - SDLC:  7 phases, popular models, benefits, and more
• CISSP Training –  Integrate Security in the Software Development Life Cycle (SDLC)
• CISSP Exam Questions

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ 

CISSP Exam Questions

Question:  105

What tool is commonly used as scan engine to find vulnerabilities within an environment

1. Nessus
2. NMAP
3. Ping
4. DNS

Explanation: [a] Nessus is commonly used to look for vulnerabilities within an network to determine if an exploit can be used against the system.

------------------------------------

Question:  106

What are the typical components that security assessments are typically used within an organization?

1. Tests, Assessments, and Audits
2. Tests, Audits, and Reviews
3. Assessments, Access Reviews, Tests
4. None of the above

Explanation: [a] Tests, Assessments, and Audits are the main components of a security assessment for an organization. 

------------------------------------

Question:  107

Which one items below is not normally added as part of a security assessment?

1. Risk assessments
2. Vulnerability mitigation strategies
3. Threat assessments
4. Vulnerability scan

Explanation: [c] Vulnerability mitigation strategies are not typically added as a part of the overall security assessment as the mitigation and/or acceptance of risk is highly dependent on the organization.

------------------------------------

Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will provide CISSP training for  Domain 3 (Engineering Secure Design) of the CISSP Exam.  His extensive training will cover all of the CISSP domains.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

Question:  081

Which one of the following storage devices is most likely to require encryption technology in order to maintain data security in a networked environment?

1. A) Hard disk
2. B) Backup tape
3. C) Removable drives
4. D) RAM

Removable drives

Removable drives are easily taken out of their authorized physical location, and it is often not possible to apply operating system access controls to them. Therefore, encryption is often the only security measure short of physical security that can be afforded to them. Backup tapes are most often well controlled through physical security measures. Hard disks and RAM chips are often secured through operating system access controls.

Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328>

------------------------------------

Question:  082

What advanced virus technique modifies the malicious code of a virus on each system it infects?

1. A) Polymorphism
2. B) Stealth
3. C) Encryption
4. D) Multipartitism

Polymorphism

In an attempt to avoid detection by signature-based antivirus software packages, polymorphic viruses modify their own code each time they infect a system.

Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328>

------------------------------------

Question:  083

Which one of the following types of memory might retain information after being removed from a computer and, therefore, represent a security risk?

1. A) Static RAM
2. B) Dynamic RAM
3. C) Secondary memory
4. D) Real memory

Secondary memory

Secondary memory is a term used to describe magnetic and optical media. These devices will retain their contents after being removed from the computer and may later be read by another user.

Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328>

------------------------------------

Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Re

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will provide CISSP training for  Domain 3 (Engineering Secure Design) of the CISSP Exam.  His extensive training will cover all of the CISSP domains.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ 

CISSP Exam Questions

Question:  078

Which database security risk occurs when data from a higher classification level is mixed with data from a lower classification level?

1. A) Aggregation
2. B) Inference
3. C) Contamination
4. D) Polyinstantiation

Contamination

Contamination is the mixing of data from a higher classification level and/or need-to-know requirement with data from a lower classification level and/or need-to-know requirement.

Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328>

------------------------------------

Question:  079

How many major categories do the TCSEC criteria define?

1. A) Two
2. B) Three
3. C) Four
4. D) Five

Four

TCSEC defines four major categories: category A is verified protection, category B is mandatory protection, category C is discretionary protection, and category D is minimal protection.

Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328>

------------------------------------

Question:  080

Which Bell-LaPadula property keeps lower-level subjects from accessing objects with a higher security level?

1. A) (star) Security Property
2. B) No write up property
3. C) No read up property
4. D) No read down property

No read up property

The no read up the property, also called the Simple Security Policy, prohibits subjects from reading a higher security level object.

Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328>

------------------------------------

Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources
• Online Article
• • https://thorteaches.com/what-is-the-best-way-to-study-for-the-cissp-certification/

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 2 (Asset Security) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

Question:  075

As head of sales, Jim is the data owner for the sales department. Which of the following is not Jim’s responsibility as data owner?

1. Assigning information classifications
2. Dictating how data should be protected
3. Verifying the availability of data
4. Determining how long to retain data

Answer: C. The responsibility of verifying the availability of data is the only responsibility listed that does not belong to the data (information) owner. Rather, it is the responsibility of the data (information) custodian. The data custodian is also responsible for maintaining and protecting data as dictated by the data owner. This includes performing regular backups of data, restoring data from backup media, retaining records of activity, and fulfilling information security and data protection requirements in the company’s policies, guidelines, and standards. Data owners work at a higher level than the data custodians. The data owners basically state, “This is the level of integrity, availability, and confidentiality that needs to be provided—now go do it.” The data custodian must then carry out these mandates and follow up with the installed controls to make sure they are working properly.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165>

------------------------------------

Question:  076

Assigning data classification levels can help with all of the following except:

1. The grouping of classified information with hierarchical and restrictive security
2. Ensuring that nonsensitive data is not being protected by unnecessary controls
3. Extracting data from a database
4. Lowering the costs of protecting data

Answer: C. Data classification does not involve the extraction of data from a database. However, data classification can be used to dictate who has access to read and write data that is stored in a database. Each classification should have separate handling requirements and procedures pertaining to how that data is accessed, used, and destroyed. For example, in a corporation, confidential information may only be accessed by senior management. Auditing could be very detailed and its results monitored daily, and degaussing or overwriting procedures may be required to erase the data. On the other hand, information classified as public may be accessed by all employees, with no special auditing or destruction methods required.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165>

------------------------------------

Question:  077

Susan, an attorney, has been hired to fill a new position at Widgets, Inc.: chief privacy officer (CPO). What is the primary function of her new role?

1. Ensuring th

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 2 (Asset Security) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

Question:  072

Jared plays a role in his company’s data classification system. In this role, he must practice due care when accessing data and ensure that the data is used only in accordance with allowed policy while abiding by the rules set for the classification of the data. He does not determine, maintain, or evaluate controls, so what is Jared’s role?

1. Data owner
2. Data custodian
3. Data user
4. Information systems auditor

Answer: C. Any individual who uses data for work-related tasks is a data user. Users must have the necessary level of access to the data to perform the duties within their position and are responsible for following operational security procedures to ensure the data’s confidentiality, integrity, and availability to others. This means that users must practice due care and act in accordance with both security policy and data classification rules.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165

------------------------------------

Question:  073

Michael is charged with developing a data classification program for his company. Which of the following should he do first?

1. Understand the different levels of protection that must be provided
2. Specify data classification criteria
3. Identify the data custodians
4. Determine protection mechanisms for each classification level

Answer: A. Before Michael begins developing his company’s classification program, he must understand the different levels of protection that must be provided. Only then can he develop the necessary classification levels and their criteria. One company may choose to use only two layers of classification, whereas another may choose to use more. Regardless, when developing classification levels, he should keep in mind that too many or too few classification levels will render the classification ineffective; there should be no overlap in the criteria definitions between classification levels; and classification levels should be developed for both data and software.

From <https://www.brainscape.com/flashcards/asset-security-6578977/packs/10419165

------------------------------------

Question:  074

Which of the following is NOT a factor in determining the sensitivity of data?

1. Who should be accessing the data
2. The value of the data
3. How the data will be used
4. The level of damage that could be caused should the data be exposed

Answer: C. How the data will be used has no bearing on how sensitive it is. In other words, the data is sensitive no matter how it will be used—even if it is not used at all.

From <

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about the following items that are included within Domain 2 (Asset Security) of the CISSP Exam.

• CISSP Article – Best Practices for Data Management
• CISSP Training –  Determine and maintain information and asset ownership
• CISSP Exam Questions

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ 

CISSP Exam Questions

Question:  069

You work as an IT professional for a defense contractor that handles classified military information. Which one of the following data classifications applies to information that could be expected to cause serious damage to national security if disclosed in an unauthorized fashion? 

1. SBU
2. Top Secret
3. Secret
4. Confidential - Given

Top Secret classification is \"applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security.\" Confidential classification is \"applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.\" Sensitive But Unclassified (SBU) information is protected information that does not reach the threshold for classified information

From <https://www.techveze.com/cissp-asset-security/>

------------------------------------

Question:  070

You are using symmetric encryption to protect data stored on a hard drive that will be shipped across the country. What key(s) are involved in the protection of this information? 

1. Shared secret
2. Public key 
3. Public and private keys
4. Private key

Public keys are used to encrypt information intended for a specific recipient in asymmetric cryptography. They are not used in symmetric cryptography. Private keys are used to decrypt information in asymmetric cryptography. They are not used in symmetric cryptography. Public and private keypairs are used in asymmetric cryptography. They are not used in symmetric cryptography.

From <https://www.techveze.com/cissp-asset-security/>

------------------------------------

Question:  071

Which one of the following is NOT a European Union data handling principle required for participation in the Safe Harbor program? 

1. Onward Transfer
2. Choice 
3. Encryption
4. Notice

The Notice principle states that organizations must inform individuals about the purpose and scope of data collection efforts. The Choice principle states that organizations must offer individuals the ability to opt out of information collection and storage programs. The Onward Transfer principle states that organizations must only share information with other organizations that comply with the data privacy directive

From <https://www.techveze.com/cissp-asset-security/>

------------------------------------

Want to find Shon elsewhere on the internet?

Link

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 1 (Security and Risk Management) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

Question:  066

Which of the following would generally not be considered an asset in a risk analysis?

1. A) A development process
2. B) An IT infrastructure
3. C) A proprietary system resource
4. D) Users' personal files

Answer: [D] Users' personal files - The personal files of users are not usually considered assets of the organization and thus are not considered in a risk analysis.

From <https://www.brainscape.com/flashcards/information-security-guidelines-and-risk-973829/packs/1774328>

------------------------------------

Question:  067

You've performed a basic quantitative risk analysis on a specific threat/vulnerability/risk relation. You select a possible countermeasure. When performing the calculations again, which of the following factors will change?

1. A) Exposure factor
2. B) Single loss expectancy
3. C) Asset value
4. D) Annualized rate of occurrence

Answer: [d] Annualized rate of occurrence - A countermeasure directly affects the annualized rate of occurrence, primarily because the countermeasure is designed to prevent the occurrence of the risk, thus reducing its frequency per year.

From <https://www.brainscape.com/flashcards/information-security-guidelines-and-risk-973829/packs/1774328>

------------------------------------

Question:  068

What ensures that the subject of an activity or event cannot deny that the event occurred?

1. A) CIA Triad
2. B) Abstraction
3. C) Nonrepudiation
4. D) Hash totals

Answer: [c] Nonrepudiation - Nonrepudiation ensures that the subject of an activity or event cannot deny that the event occurred.

From <https://www.brainscape.com/flashcards/information-security-guidelines-and-risk-973829/packs/1774328>

 ------------------------------------

Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources
  •  

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Mary Ewing-Mulligan is the President of International Wine Center, located in New York City, and a co-author of the "Wine For Dummies" books.

Mary discusses her introduction to working with wine, employed by an Italian government agency responsible for promoting Italian wine. She explains the situation for Italian wines in the United States at the time, the 1970s, and how the Italian wines in the market went about competing with wines from other countries. She also contrasts that situation for Italian wine to the situation for Italian wine in the United States today, and points out what has changed. Mary then talks about her own experiences traveling to Italy, and her friendship with the Currado family of the Vietti winery in Italy's Piemonte.

Mary goes on to explain a key decision in her own wine career, leaving a high paying job in public relations to take a more modestly paid position at a wine school. She talks about her struggles to pass the Master of Wine exam, and her eventual triumph as the first woman residing in North America to earn a Master of Wine title. She then discusses her introduction of the Wine and Spirit Education Trust curriculum to the United States.

Mary's career takes another turn as she and her husband Ed McCarthy write the very successful "Wine For Dummies" book that led to a number of other wine books in the "Dummies" series being authored by the couple as well. She talks about how she and Ed went about writing the "Dummies" books, in terms of approach. And Mary grapples in this interview with being on the one hand the author of "Wine For Dummies," while on the other hand also being a Master of Wine. She explains how she feels about the pairing, and what her motivations were at each point in her career.

See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 1 (Security and Risk Management) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

Question:  063

When seeking to hire new employees, what is the first step?

1. A) Create a job description.
2. B) Set position classification.
3. C) Screen candidates.
4. D) Request resumes.

Answer: A. Create a job description.

The first step in hiring new employees is to create a job description. Without a job description, there is no consensus on what type of individual needs to be found and hired.

Source: From <https://www.brainscape.com/flashcards/information-security-guidelines-and-risk-973829/packs/1774328>

------------------------------------

Question:  064

Which of the following describes the freedom from being observed, monitored, or examined without consent or knowledge?

1. A) Integrity
2. B) Privacy
3. C) Authentication
4. D) Accountability

Answer: [b] Privacy - One definition of privacy is freedom from being observed, monitored, or examined without consent or knowledge.

Source:  From <https://www.brainscape.com/flashcards/information-security-guidelines-and-risk-973829/packs/1774328>

------------------------------------

Question:  065

Which of the following is typically not a characteristic considered when classifying data?

1. A) Value
2. B) Size of object
3. C) Useful lifetime
4. D) National security implications

Answer: [b] Size of object - Size is not a criterion for establishing data classification. When classifying an object, you should take value, lifetime, and security implications into consideration.

From <https://www.brainscape.com/flashcards/information-security-guidelines-and-risk-973829/packs/1774328>

------------------------------------

Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Description:

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about the following items that are included within Domain 1 (Security and Risk Management) of the CISSP Exam.

• CISSP Article – Threat Modeling
• CISSP Training – Data Integrity and Threat Modeling
• CISSP Exam Questions

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ 

CISSP Exam Questions

Question:  060

You are a security consultant. A large enterprise customer hires you to ensure that their security operations are following industry standard control frameworks. For this project, the customer wants you to focus on technology solutions that will discourage malicious activities. Which type of control framework should you focus on?

• A.  Preventative
• B.  Deterrent
• C.  Detective
• D.  Corrective
• E.  Assessment

Answer: [B] Explanation: Deterrent frameworks are technology-related and used to discourage malicious activities. For example, an intrusion prevention system or a firewall would be appropriate in this framework.

There are three other primary control frameworks. A preventative framework helps establish security policies and

security awareness training. A detective framework is focused on finding unauthorized activity in your environment

after a security incident. A corrective framework focuses on activities to get your environment back after a security

incident. There isn’t an assessment framework.

Source:  From <https://blog.netwrix.com/2018/05/16/cissp-practice-exam-free-online-test-questions/>

------------------------------------

Question:  061

You are performing a risk analysis for an internet service provider (ISP) that has thousands of customers on its broadband network. Over the past 5 years, some customers have been compromised or experienced data breaches. The ISP has a large amount of monitoring and log data for all customers. You need to figure out the chances of additional customers experiencing a security incident based on that data. Which type of approach should you use for the risk analysis?

• A. Qualitative
• B. Quantitative
• C. STRIDE
• D. Reduction
• E. Market

Answer: [B] Explanation: You have three risk analysis methods to choose from: qualitative (which uses a risk analysis matrix), quantitative (which uses money or metrics to compute), or hybrid (a combination of qualitative and quantitative but not an answer choice in this scenario). Because the ISP has monitoring and log data, you should use a quantitative approach; it will help quantify the chances of additional customers experiencing a security risk.

STRIDE is used for threat modeling. A market approach is used for asset valuation. A reduction analysis attempts to eliminate duplicate analysis and is tied to threat modeling.

Source:  From <https://blog.netwrix.com/2018/05/16/

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 8 (Software Development Security) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

Want to find Shon Gerber elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources
• TechTarget
• • https://searchsecurity.techtarget.com/quiz/CISSP-Domain-8-quiz-Law-Investigations-and-Ethics?q0=1&q1=0&q2=2&q3=1&q4=1&q5=1&q6=2&q7=0&q8=2&q9=0&q10=1&q11=3&q12=0&q13=3&q14=2&x=69&y=11

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 8 (Software Development Security) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

Want to find Shon Gerber elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources
• TechTarget
• • https://searchsecurity.techtarget.com/quiz/CISSP-Domain-8-quiz-Law-Investigations-and-Ethics?q0=1&q1=0&q2=2&q3=1&q4=1&q5=1&q6=2&q7=0&q8=2&q9=0&q10=1&q11=3&q12=0&q13=3&q14=2&x=69&y=11

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 8 (Software Development Security) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

Want to find Shon Gerber elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources
• TechTarget
• • https://searchsecurity.techtarget.com/quiz/CISSP-Domain-8-quiz-Law-Investigations-and-Ethics?q0=1&q1=0&q2=2&q3=1&q4=1&q5=1&q6=2&q7=0&q8=2&q9=0&q10=1&q11=3&q12=0&q13=3&q14=2&x=69&y=11

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about the following items that are included within Domain 8 (Software Development Security) of the CISSP Exam.

• CISSP Articles – RAYGUN - SDLC:  7 phases, popular models, benefits, and more
• CISSP Training –  Integrate Security in the Software Development Life Cycle (SDLC)
• CISSP Exam Questions

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

Want to find Shon Gerber elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources
• Raygun
• • https://raygun.com/blog/software-development-life-cycle/
• TechTarget
• • https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=1&q1=2&q2=2&q3=3&q4=2&q5=2&q6=2&q7=2&q8=2&q9=2&x=70&y=11
• Vendors:
• • LastPass.com
  • • https://www.lastpass.com/

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 6 (Security Assessment and Testing) of the CISSP Exam:

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

Want to find Shon Gerber elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources
• TechTarget
• • https://searchsecurity.techtarget.com/quiz/Get-ready-for-CISSP-Domain-7-Cyberattack-prevention-quiz?q0=0&x=84&y=9>

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 6 (Security Assessment and Testing) of the CISSP Exam:

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

Want to find Shon Gerber elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources
• TechTarget
• • https://searchsecurity.techtarget.com/quiz/Get-ready-for-CISSP-Domain-7-Cyberattack-prevention-quiz?q0=0&x=84&y=9

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about the following items that are included within Domain 7 (Security Operations) of the CISSP Exam.

• CISSP Articles – Supporting Investigations
• CISSP Training –  Understanding and Supporting Investigations
• CISSP Exam Questions

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

Want to find Shon Gerber elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources
  • https://www.isc2.org/Training/Self-Study-Resources
• Infosec Institute
• • https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/identity-and-access-management/access-control-categories/#gref
• TechTarget
• • https://searchsecurity.techtarget.com/quiz/CISSP-Domain-7-quiz-Business-Continuity?q0=1&q1=2&q4=0&q6=1&q7=0&q9=1&q13=3&x=95&y=8
• Vendors:
• • LastPass.com
  • • https://www.lastpass.com/

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.