Flashcards

Security and Risk Management

Learn to manage information security

5 minutes 5 Questions

Security and Risk Management forms the foundation of the CISSP domains, encompassing key principles that guide information security programs. This domain focuses on establishing governance frameworks, compliance with laws and regulations, ethical practices, and robust risk management strategies. C…

Concepts covered

Security Architecture and Engineering Security Assessment and Testing Security Operations Security Governance Threat and Vulnerability Management Compliance and Regulatory Environment Risk Assessment Confidentiality, Integrity, and Availability (CIA) Triad Identity and Access Management Business Continuity and Disaster Recovery Incident Response Management Risk Management Process Asset Security Security Policies, Standards and Guidelines

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

Question 1

What is the purpose of a vulnerability scan?

To remove all malware from the system To patch all vulnerabilities To identify weaknesses in a system To prevent all attacks from occurring

Correct Answer: To identify weaknesses in a system

The purpose of a vulnerability scan is to identify weaknesses in a system. Mitigating or patching vulnerabilities is a subsequent step to address identified weaknesses. Preventing all attacks from occurring is impossible, as there will always be some form of vulnerability, no matter how small. Removing all malware from a system is a different process – an antivirus software or malware scan would be more appropriate for that purpose. Monitoring network traffic and preventing system downtime are also important security practices, but they are not the main purpose of a vulnerability scan.

Question 2

Which of the following is not a principle of cryptography?

Pseudonymity Confidentiality Integrity Authentication

Correct Answer: Pseudonymity

Cryptography has five main principles: confidentiality, integrity, authentication, non-repudiation, and availability. Pseudonymity is not one of them.

Question 3

Which of the following is a characteristic of a strong password?

It contains both upper and lower case letters, numbers, and special characters It is the same password used for all accounts It contains only lowercase letters It is easy to remember

Correct Answer: It contains both upper and lower case letters, numbers, and special characters

A strong password should contain a mix of upper and lowercase letters, numbers, and special characters. It should not be easy to guess, easy to remember, or a commonly used word or phrase. It is also important to use a different password for each account, to prevent a cyber attacker from gaining access to all accounts if they are able to crack one password.

Unlock Premium Access

CISSP

More Security and Risk Management questions

167 questions (total)

Start 100 question test

Security and Risk Management

CISSP - Security and Risk Management Example Questions

Question 1

Question 2

Question 3

Unlock Premium Access