Security Compliance

Ensure compliance with regulations

This subtopic covers the regulations and standards that govern information security and how to ensure compliance through policies, procedures and auditing.

5 minutes 5 Questions

Concepts covered: Policies, Standards, and Procedures, Business Continuity and Disaster Recovery, Physical and Environmental Security, Encryption and Data Protection, Third-Party Management, Legal and Regulatory Compliance, Security Event Logging and Monitoring, Auditing and Monitoring, Employee Training and Awareness, Security Architecture and Design

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

CISSP - Security Compliance Example Questions

Test your knowledge of Amazon Simple Storage Service (S3)

Question 1

What is the purpose of the principle of least privilege?

b) To grant users only the privileges they need to perform their job functions. a) To grant users unlimited privileges in order to streamline their work processes. c) To grant users more privileges than they need to ensure they can perform their job functions without interruption. d) To grant all users the same level of privilege regardless of job function.

Correct Answer: b) To grant users only the privileges they need to perform their job functions.

The principle of least privilege is a fundamental security concept that aims to minimize potential risks by granting users only the minimum level of access rights necessary to perform their specific job functions. This approach reduces the attack surface and limits the potential damage that could occur if a user account is compromised. By restricting access to only what is essential, organizations can better protect sensitive data, maintain system integrity, and comply with various security regulations. This principle also helps in maintaining accountability, as it becomes easier to track and audit user activities when privileges are limited and well-defined.

Question 2

What is the purpose of the Role-Based Access Control (RBAC) model?

To restrict system access to authorized users based on their job function or role To grant system access to all users by default To grant system access based on user nationality or ethnicity To grant system access to all users for a limited time period

Correct Answer: To restrict system access to authorized users based on their job function or role

The RBAC model is used to restrict system access to authorized users based on their job function or role, rather than granting access to all users by default.

Question 3

Which of the following is an example of a shoulder surfing attack?

An attacker gains access to a target's computer through a backdoor. An attacker brute-forces a target's password. An attacker sends a phishing email to a victim to obtain their login credentials. An attacker looks over a victim's shoulder to obtain their password.

Correct Answer: An attacker looks over a victim's shoulder to obtain their password.

Shoulder surfing is a form of social engineering in which an attacker looks over a victim's shoulder to obtain their password or other sensitive information. The other options describe different types of attacks

Go Premium

CISSP Preparation Package (2024)

4537 Superior-grade CISSP practice questions.
Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
Unlock Effortless CISSP preparation: 5 full exams.
100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
Bonus: If you upgrade now you get upgraded access to all courses
Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!

Start Your Free 7-Day Trial