koenig-logo

Certified Information Systems Security Professional (CISSP) Quiz Questions and Answers

Answer :
  • Require vendors to comply with the companys security policies and undergo regular security assessments.

Explanation :

By mandating that vendors adhere to the companys security policies and subject themselves to regular security assessments, Lisa ensures that vendors maintain security practices that meet or exceed the companys standards. This approach provides a comprehensive evaluation of the vendors security posture and allows for proactive identification and remediation of security gaps.
Answer :
  • ISO/IEC 27001

Explanation :

ISO/IEC 27001 is an international standard focused on information security management systems (ISMS). It is widely used in the financial services industry to ensure compliance with regulatory requirements and provide a systematic approach to managing sensitive company information.---
Answer :
  • Specific legal and regulatory requirements for each jurisdiction to ensure compliance during the incident response process

Explanation :

The incident response plan must account for each countrys legal and regulatory requirements, such as breach notification and data handling laws, to ensure compliance across jurisdictions. A unified or purely local approach could lead to legal violations or inconsistent responses.
Answer :
  • It specifically focuses on the threat actors perspective, complementing traditional defense-based approaches.

Explanation :

Threat modeling is an important part of a broader approach to cybersecurity. It involves thinking like an attacker, which is a subtle but often profound change of thinking. This can reveal previously undiscovered threat vectors and allows for appropriate risk mitigation.
Answer :
  • Establishing a comprehensive data classification scheme and access control measures

Explanation :

To prevent unauthorized access and safeguard assets, it is crucial to implement a thorough data classification scheme and strict access control measures. This helps define how data should be handled and who is authorized to access it, thus ensuring data security.
Answer :
  • Conducting a risk assessment to identify and prioritize risks

Explanation :

Conducting a risk assessment is critical to understanding the specific risks the organization faces. This enables the company to prioritize resources effectively, focusing on the most significant threats first, especially when resources are limited.---
Answer :
  • IPS actively blocks threats, while IDS only monitors and alerts

Explanation :

The primary distinction is that an Intrusion Prevention System (IPS) takes proactive measures to block or prevent threats, while an Intrusion Detection System (IDS) mainly monitors network traffic and alerts administrators about potential threats.