Flashcards

Security Architecture and Engineering

Get familiar with security architecture

This domain covers the design and implementation of secure architectures, including the selection of appropriate security controls and the use of encryption and other cryptographic methods.

5 minutes 5 Questions

Security Architecture and Engineering is a critical domain in the CISSP certification that focuses on designing, building, and maintaining secure systems. It encompasses several key components: 1. Security Design Principles - Implementing concepts like defense in depth, least privilege, separation…

Concepts covered: Secure System Design Principles, Computer and Network Security, Physical Security, Identity and Access Management, Cryptography, Cloud Security, Embedded Systems Security, Secure Development Lifecycle, System Resiliency, Security Architectures, Security Testing and Evaluation, Security Models and Frameworks

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

Question 1

What is the difference between vulnerability and threat?

A vulnerability is a strength in a system, while a threat is a potential danger exploiting that strength. A vulnerability is a weakness, while a threat is a potential danger exploiting that weakness. A vulnerability is an attack, while a threat is a potential danger to a system. A vulnerability is a potential danger, while a threat is a weakness in a system.

Correct Answer: A vulnerability is a weakness, while a threat is a potential danger exploiting that weakness.

A vulnerability is a weakness in a system that could be exploited by a potential attacker. A threat is a potential danger exploiting that weakness. In other words, a vulnerability is a flaw in a system's security, while a threat is the potential for that flaw to be exploited.

Question 2

What is the purpose of a Least Privilege Access policy?

To provide maximum access to all resources to all employees To enforce strict password policies for all employees To allow unrestricted access to sensitive information To limit access to only the resources necessary for an employee to perform their job

Correct Answer: To limit access to only the resources necessary for an employee to perform their job

The purpose of a Least Privilege Access policy is to limit access to only the resources necessary for an employee to perform their job, which reduces the risk of unauthorized access and potential data breaches.

Question 3

What is the purpose of a continuity of operations plan (COOP)?

To ensure critical business operations can continue in the event of a disaster To mitigate vulnerabilities in a system To ensure compliance with government regulations To detect cyber threats in real-time

Correct Answer: To ensure critical business operations can continue in the event of a disaster

A continuity of operations plan (COOP) is designed to ensure critical business operations can continue in the event of a disaster. This allows organizations to continue serving customers and minimize financial losses during a crisis.

🎓 Unlock Premium Access

CISSP + ALL Certifications

More Security Architecture and Engineering questions

152 questions (total)

Start 100 question test

Security Architecture and Engineering

CISSP - Security Architecture and Engineering Example Questions

Question 1

Question 2

Question 3

🎓 Unlock Premium Access