Questions tagged [cissp]

CISSP is an abreviation for Certified Information Systems Security Professional. It is a certification offered by the International Information Systems Security Certification Consortium, AKA: (ISC)^2.

The CISSP is a widely recognized certification in the IT Security industry. Its requirements include:

Five years of security experience in relevant job roles.
- One year may be waived for having a four-year college degree, MS in information security, or certain other certifications.
- Candidates who do not meet this requirement may be certified as an "Associate of (ISC)²" for until they obtain the experience, up to six years.
Acceptance of CISSP Code of Ethics.
Potential audit of qualifications.
Completion of an exam, with an acceptable score.
Endorsement by a member of (ISC)² who is in good standing.

44 questions

votes

9 answers

Why would security cover things like natural disasters?

I'm taking a course which is designed with the CISSP certification in mind. Though the class is categorized as software engineering, we talked a lot about physical security and, in particular, floods, fires, earthquakes and cars running into things.…

physical cissp

asked Jan 10 '16 at 01:02

Celeritas

10,039
22
77
144

votes

9 answers

Good (preferably free) resource for CISSP practice questions

I'm looking to sit for my exam in a few weeks, and I want to have a good set of practice tests to bounce against and make sure that I'm up to par with the types of questions that will be asked.

certification cissp professional-education

asked Jan 25 '11 at 12:17

Jeff Ferland

38,090
9
93
171

votes

7 answers

How useful is CISSP to a recent graduate?

I am a recent graduate and would like to move into the IT Security field. My degree was just straight CS with no particular security focus. I have recently acquired a copy of a CISSP study guide and have started to work through it. Having discovered…

certification cissp

asked Feb 10 '11 at 19:02

sjp

votes

3 answers

Why does the ★-property rule of the Bell-LaPadula Model allow information to be stored in objects with HIGHER sensitivity labels?

I'm self-studying for the CISSP exam and am having difficulty wrapping my mind around the practical side of the ★-property rule in the Bell-LaPadula Model. I understand the mechanics of it and that it protects against accidentally downgrading…

access-control cissp bell-lapadula

asked Apr 22 '11 at 00:17

Mike B

3,336
4
29
39

votes

1 answer

What is a practical example of an action that violates the non-interference model?

I'm studying the non-interference model as part of CISSP prep and am having trouble thinking of a practical example where a violation would be involved (and the consequences of those violations). I understand the mechanics of it -- the idea is to…

access-control corporate-policy data-leakage cissp

asked May 13 '11 at 00:31

Mike B

3,336
4
29
39

votes

1 answer

What is collusion and how does seperation of duties prevent it, or fail to prevent it?

I'm studying for CISSP and came across the term "collusion". I understand it means when people work together to steal something, but don't quite get it. For example, if two gunmen rob a bank would that be collusion, or is it implied that two people…

physical terminology cissp

asked Feb 17 '16 at 04:47

Celeritas

10,039
22
77
144

votes

3 answers

Is SESAME really used in Europe?

I am looking at a text that mentions that the Secure European System for Applications in a Multi-vendor Environment (SESAME) was designed to address some of Kerberos weakness, with enhancements such as: Use of asymmetric cryptography Distributed…

access-control kerberos cissp

asked Apr 28 '14 at 01:55

ixe013

1,912
15
20

votes

1 answer

Is it correct to consider Task Based Access Control as a type of RBAC?

I'm studying for CISSP certification and one of the video lectures I viewed (CBT Nuggets) really confused me. Here are some excerpts from the lecture: "Role Based Access Control doesn't always use the role for the basis for how it's going to…

access-control rbac cissp

asked May 03 '11 at 00:22

Mike B

3,336
4
29
39

votes

2 answers

Is it correct to consider audits as exclusively "detective" in nature?

I'm studying for the CISSP exam and one of the video lecture points didn't quite make sense to me. The instructor was discussing access control administration areas and began categorizing certain things as "preventative" and "detective". For…

access-control audit certification cissp theory

asked May 05 '11 at 00:37

Mike B

3,336
4
29
39

votes

5 answers

difference between need to know, least privilege and confidential

I'm studying for CISSP. Is least privilege, need to know and confidentiality all the same thing? In my book it says "confidentiality is sometimes referred to as the principle of least privilege" and also in the index it has in parenthesis (need to…

terminology cissp

asked Feb 18 '16 at 04:12

Celeritas

10,039
22
77
144

votes

3 answers

Vulnerability or Threat?

I have a practice question here: A business is going to determine the dangers to which it is exposed. What do we call a possible event that can have a disruptive effect on the reliability of information: A) Vulnerability B) Attack C) Risk D)…

vulnerability cissp

asked Oct 09 '14 at 01:37

user41580

votes

3 answers

How is a pepper used with salted passwords?

How is a pepper (a large constant number) used after a password has been salted with a salt by a hashing function such as bcrypt? From Sybex CISSP Official Study Guide, 8th Edition (2018): Adding a pepper to a salted password increases the…

passwords salt bcrypt cissp pepper

asked Nov 13 '18 at 01:31

BJ Dela Cruz

votes

6 answers

Information Security Career tracks - Academically vs. IT certifications

I will try to be as straightforward as possible here. I am currently working as a security integrator at an integration company. I work with products of vendors like Check Point, Cisco, Juniper, HP, Symantec, Websense etc. All ranging from switches…

certification career cissp academia

asked May 24 '12 at 19:09

Franko

1,530
5
18
30

votes

3 answers

How do I clearly distinguish between groups of formal and informal models?

I'm currently studying for the CISSP exam and would like to ensure that I'm using proper terminology when referring to models. I'm a little confused because I'm coming across generic and specific labels; all of which seem to be referred to as…

access-control cissp terminology

asked May 18 '11 at 00:11

Mike B

3,336
4
29
39

votes

0 answers

Suggested books to study for CISSP?

Possible Duplicate: Good (preferably free) resource for CISSP practice questions I intend to study to take the CISSP exam within the next few months. Could anyone who's taken the CISSP please list the most helpful book you read to prepare for it?…

professional-education certification cissp

asked Jan 09 '13 at 17:37

T. Webster

2,301
3
19
18

2 3 Next