Flashcards

Security Compliance

Ensure compliance with regulations

This subtopic covers the regulations and standards that govern information security and how to ensure compliance through policies, procedures and auditing.

5 minutes 5 Questions

Security Compliance in CISSP refers to the process of ensuring an organization adheres to internal policies, industry standards, and legal regulations regarding information security. It represents a structured approach to managing security risks and protecting sensitive data. Key components of sec…

Concepts covered: Policies, Standards, and Procedures, Business Continuity and Disaster Recovery, Physical and Environmental Security, Encryption and Data Protection, Third-Party Management, Legal and Regulatory Compliance, Security Event Logging and Monitoring, Auditing and Monitoring, Employee Training and Awareness, Security Architecture and Design

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

CISSP - Security Compliance Example Questions

Test your knowledge of Security Compliance

Question 1

What is the purpose of the principle of least privilege?

a) To grant users unlimited privileges in order to streamline their work processes. b) To grant users only the privileges they need to perform their job functions. d) To grant all users the same level of privilege regardless of job function. c) To grant users more privileges than they need to ensure they can perform their job functions without interruption.

Correct Answer: b) To grant users only the privileges they need to perform their job functions.

The principle of least privilege is a fundamental security concept that aims to minimize potential risks by granting users only the minimum level of access rights necessary to perform their specific job functions. This approach reduces the attack surface and limits the potential damage that could occur if a user account is compromised. By restricting access to only what is essential, organizations can better protect sensitive data, maintain system integrity, and comply with various security regulations. This principle also helps in maintaining accountability, as it becomes easier to track and audit user activities when privileges are limited and well-defined.

Question 2

What is the purpose of the Role-Based Access Control (RBAC) model?

To grant system access to all users for a limited time period To grant system access to all users by default To restrict system access to authorized users based on their job function or role To grant system access based on user nationality or ethnicity

Correct Answer: To restrict system access to authorized users based on their job function or role

The RBAC model is used to restrict system access to authorized users based on their job function or role, rather than granting access to all users by default.

Question 3

Which of the following is an example of a shoulder surfing attack?

An attacker gains access to a target's computer through a backdoor. An attacker brute-forces a target's password. An attacker sends a phishing email to a victim to obtain their login credentials. An attacker looks over a victim's shoulder to obtain their password.

Correct Answer: An attacker looks over a victim's shoulder to obtain their password.

Shoulder surfing is a form of social engineering in which an attacker looks over a victim's shoulder to obtain their password or other sensitive information. The other options describe different types of attacks

🎓 Unlock Premium Access

CISSP + ALL Certifications

🎓 Access to ALL Certifications: Study for any certification on our platform with one subscription
4537 Superior-grade CISSP practice questions
Unlimited practice tests across all certifications
Detailed explanations for every question
CISSP: 5 full exams plus all other certification exams
100% Satisfaction Guaranteed: Full refund if unsatisfied
Risk-Free: 7-day free trial with all premium features!