CISSP DOMAIN 1 (Security and Risk Management)

Tom is responsible for his company information security awareness program. He has concerns that the rapid change in technology may make the content outdated. What control can he put in place to protect against this risk?

You are writing a report to management on the results of a recent risk assessment you conducted. In your report you need to identify the remaining level of risk to the company after the adoption of security controls. What is the term used to describe the risk?

Chan Brothers is an established travel agency in Singapore. They conduct regional tours. Since it is travel hub, many nationalities travel through Singapore and may take tours to the other destinations from it. They receive a request from one of their past EU customers to request for his account to be terminated. Under the General Data Protection Regulation (GDPR) there is a clause that states that individuals may request for their personal data to be no longer processed or disseminated. The clause is:

Sabrina conducted a risk assessment and commended to purchase cyber breach insurance. What type of risk response is that?

Neal is speaking to his Board of Directors about their responsibility for reviewing the cybersecurity controls of the organization. What rule requires that senior executives take personal responsibility for information security matters?

Alex is a forensics investigator. While investigating a cyber security incident, he discovers that an attacker had used a normal user account but managed to exploit a vulnerability in one of the systems through providing that account with administrative rights. What type of attack took place under the STRIDE threat model?

After completing a Business Continuity Planning you decided to accept one of the risks. What should you so next?

You are documenting a control that describe a fence around the facility. What type of control category is that? Select all that apply

Annie is developing a business continuity plan and is having difficulty prioritizing resources because of the difficulty of combining information about tangible and intangible assets. What would be the most effective risk assessment approach for her to use?

Which of the following principles imposes a standard of care upon an individual that is broad and equivalent to what one would expect from a reasonable person under the circumstances?