Certified Information Systems Security Professional (CISSP) Quiz Questions and Answers
Answer :
50%
Explanation :
To determine the probability that an alarm indicates an actual attack considering both detection and false positive rates, more information (e.g., prevalence of actual attacks) is needed, but generally, 50% could be a balanced guess without further data.
The probability of finding at least one bug is 1 minus the probability of finding no bugs. Using (1 - 0.05)^10, the probability of finding no bugs is approximately 60.5%, leaving a 39.5% chance of finding at least one, resulting in approximately 65.1%.
The primary objective of implementing security controls in the software development lifecycle is to mitigate security risks during development. This ensures that the software remains secure and reliable throughout its lifecycle.
Asymmetric encryption uses a pair of keys: public and private. It eliminates the need for secure key exchange by allowing anyone to encrypt data with the public key, but only the holder of the private key can decrypt it.
It identifies and mitigates security threats early in the development process.
Explanation :
Threat modeling is essential in the secure software development lifecycle because it helps identify and mitigate potential security threats early in the process, thereby enhancing the overall security of the software.
Resource protection involves controlling access, encrypting data, and preventing data loss, but intrusion detection is focused on identifying unauthorized access attempts rather than protecting resources directly.
It assigns permissions based on user roles within an organization.
Explanation :
Role-Based Access Control (RBAC) assigns access permissions based on the roles assigned to users, which streamlines the process of managing access rights and ensures users have access only to necessary resources.
To increase security by requiring multiple verification methods
Explanation :
Multi-factor authentication (MFA) improves security by requiring an additional layer of verification, which reduces the likelihood of unauthorized access even if one factor (such as a password) is compromised.
Risk analysis involves identifying threats, assessing vulnerabilities, and determining the likelihood of an event occurring, but calculating annual revenue is not directly related to the risk analysis process.
By eliminating the need for users to remember multiple passwords
Explanation :
Federation of identity allows users to access multiple systems with a single set of credentials, which improves security by reducing password reuse and enhances user experience by simplifying login processes.
