Back to CISSP (CISSP)

Security and Risk Management

Learn to manage information security

This domain teaches the basics of information security and risk management, including the management of security frameworks, policies and procedures, data classification, and the management of risks and vulnerabilities.
5 minutes 5 Questions

Security and Risk Management forms the foundation of the CISSP domains, encompassing key principles that guide information security programs. This domain focuses on establishing governance frameworks, compliance with laws and regulations, ethical practices, and robust risk management strategies. C…

Concepts covered: Security Architecture and Engineering, Security Assessment and Testing, Security Operations, Security Governance, Threat and Vulnerability Management, Compliance and Regulatory Environment, Risk Assessment, Confidentiality, Integrity, and Availability (CIA) Triad, Identity and Access Management, Business Continuity and Disaster Recovery, Incident Response Management, Risk Management Process, Asset Security, Security Policies, Standards and Guidelines

Test mode:
Start practice test
CISSP - Security and Risk Management Example Questions

Test your knowledge of Security and Risk Management

Question 1

What is the purpose of a vulnerability scan?

Correct Answer: To identify weaknesses in a system

The purpose of a vulnerability scan is to identify weaknesses in a system. Mitigating or patching vulnerabilities is a subsequent step to address identified weaknesses. Preventing all attacks from occurring is impossible, as there will always be some form of vulnerability, no matter how small. Removing all malware from a system is a different process – an antivirus software or malware scan would be more appropriate for that purpose. Monitoring network traffic and preventing system downtime are also important security practices, but they are not the main purpose of a vulnerability scan.

Question 2

Which of the following is not a principle of cryptography?

Correct Answer: Pseudonymity

Cryptography has five main principles: confidentiality, integrity, authentication, non-repudiation, and availability. Pseudonymity is not one of them.

Question 3

Which of the following is a characteristic of a strong password?

Correct Answer: It contains both upper and lower case letters, numbers, and special characters

A strong password should contain a mix of upper and lowercase letters, numbers, and special characters. It should not be easy to guess, easy to remember, or a commonly used word or phrase. It is also important to use a different password for each account, to prevent a cyber attacker from gaining access to all accounts if they are able to crack one password.

More Security and Risk Management questions
169 questions (total)
Start 100 question test