CCT 033: CISSP Exam Questions (Domains 1 & 3)
May 04, 2023CCT 033 - RCR 130 - CISSP Exam Questions (Domain 1)
[00:00:00] Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action packed informative podcast. Join me each week as I provide the information you need to pass the C I SS P exam and grow your cybersecurity knowledge.
Alright, let's get started. Let's go.
All right, so as we deal with more CISSP questions,
so as we deal with more CISSP questions, let's roll into another one out of domain one. Which of the following is an example of a violation of professional ethics for an information security profess? A, keeping sensitive information confidential and secure. B, [00:01:00] providing accurate and complete information to clients and stakeholders.
C, engaging in unauthorized access to systems or data, or D, adhering to the organization's security policies and procedures. So again, which of the following is an example of a violation of professional ethics for the information security profess. A, keeping infor, keeping sensitive information confidential and secure.
B, providing accurate and complete information to clients and stakeholders. C. Engaging in unauthorized access to systems or data or D. Adhering to organizations, security policies and procedures. So if you listen to that, you're gonna basically go with what is an example of a violation of professional ethics.
So as we're dealing with a violation of professional ethics, the correct answer would be, C, engaging in unauthorized access to systems or data. So engaging in unauthorized access to systems or data is a violation of professional ethics for an information [00:02:00] security professional. So it's important that you understand that.
Now if you read through the question really quick, you could grab a hold of the. Answer, especially if you go through example of a violation of professional ethics, if you just gloss over this violation part. So you could say an example of professional ethics, you could get yourself into trouble. So it's important that you do watch these words and you take your time, read them slowly, but at the same time as then you just need to make a decision and answer the question.
So again, that is answer Is C, engaging in unauthorized access to systems or. So next question, which of the following is not in capital words, A characteristic of professional ethics? Okay, so we've seen this question before, but the answer in a little bit different way. A objective D, consistent C universal, or D, subjective.
Again, which of the following is not a characteristic of professional ethics? A [00:03:00] object. B, consistent, C universal or D subjective? The correct answer obviously is D. D is part of it. When subjective is not a characteristic of professional ethics, those are expected to be objective, consistent and universal.
Meaning they apply to all members of the profession regardless of their beliefs. Again, that's the other one. So the bottom line is subjective is not a characteristic of professional. All right. This next question, which of the following is not a factor that information security professionals should consider when making ethical decisions?
A. Legal requirements. B, personal preferences. C. Organizational policies. D. Professional standards. Okay, so which of the following is not a factor that information security professionals should consider when making ethical decision? A legal requirements. B, personal preferences. C, organizational [00:04:00] policies, D, professional standards.
So again, if you look at the not a factor, which one of these is not a factor when considering making ethical decisions. So obviously legal, you need to always consider that. Organizational policies. Yeah. If the policies are in place, you need to follow the policies and then the professional standards. ISC squared has a set of professional standards that you must follow.
So the real answer is B, personal preference. Your personal preference should not be a factor when making ethical decisions. As an information security professional, ethical decision making should be based on factors such as legal, organizational, and professional standards. Again, you need to make sure that you understand that and you reduce any personal biases that could be part of your overall decision making process.
It can be a challenge at times, but it's an important factor that you need to consider. Okay, so another couple questions we've got are what type of document will help public relations specialists and other individuals who need a high level summary of disaster [00:05:00] recovery efforts while they're underway?
Okay, so what type of document will help PR people, public relations specialists, or other individuals who need a high level summary of a disaster recovery efforts while they're. Okay, so you've got A's executive summary B, technical guides, D department specific plans or D checklists. So if you listen to those three, executive summary technical guides, department specific plans and checklists, which one would be pretty high level.
Which one would provide a bigger picture of what exactly is occurring, and that is a executive summary. So what type of document will help public relations specialists and other individuals who need a high level summary of the disaster recovery efforts while they're underway? And the answer is a executive summary.
Now, if they needed something very specific, then you could get into department or technical guides. A checklist typically is not something you would use to help a public relations person. [00:06:00] Possibly a technical guide or a specific plan that you may have for your department could be used. But when they mention the term high level, that is really designed for your entire organization.
So again, keep that specific point in mind. Okay, so here's another question for you. What combination of backup strategies provides the fastest backup creation? A full backups with differential backups, B, partial backups and incremental backups. C, full backups and an incremental backup or incremental. D.
Incremental backups and differential backups. Okay, so which is, the question is what combination of backup strategies provides the fastest backup creation time? A. A full backup with differentials. C, a partial backup with incremental C, full backup with incremental and D and incremental backup with differentials.
So if you look at this, an easy way to glob onto it is, and it isn't always the case, but in many [00:07:00] cases if they're using full backups twice in this, both of 'em are differential. And from an incremental standpoint, if you don't know the answer, you can probably pick one of those two and you'll have at least a 50 50 shot.
That isn't always the case, but when you're testing, that's an important factor. So again, any backup strategy must include full backups at some point in the process, whether beginning through there, whatever that. Incremental backups are created faster than differentials because of the number of files it is necessary to backup up each time.
So incrementals are only going at a specific infr increment and therefore for a little bit at a time. So it's important to understand. The fastest one would be a full backup and an incremental backup in combination together. Okay. The last question for this day is what type of disaster recovery plan fully evaluates operational at the back of facility, but does not shift the primary operations responsibility from the main site?
Okay, so let's talk about that. What type of Dr. Plan. Test fully evaluates the [00:08:00] operations at the back of facility, but does not actually shift the primary operations responsibility from the main site. Basically means it's going, but it's not actually taking over. So that would be one. A structured walkthrough.
B, a parallel test, C, a full interruption. Or d a simulation test. And again, so let's walk through this, the disaster recovery test that evaluates operations at the backup facility, but does not actually shift it over, so it wouldn't be a simulation test because it's a full up. Operations in your backup facility.
It's also not a full interruption test because you're not moving it over, and then it's also not a structured walkthrough because you're actually going to be looking at the operations piece of your backup facility. So the actual answer is B, a parallel test. It involves moving personnel to the recovery site and gearing up for operations, but does not actually flip it.
To day-to-day operations. Okay, so these are all those the [00:09:00] exam questions I have for today. If you like it, awesome, go ahead and check it out at on different podcasts and you're probably listening to right now. But go to cissp cyber training.com. There's a lot of other free stuff that's out there. Get on my email mailing list and we will have some great information sent to you on a daily and weekly basis.
All right, have a great day. I hope your CISSP studying is going well. We are here to support you. Alright. We'll talk to you later. See you catch on the flip side. See?
CISSP Cyber Training Academy Program!
Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification?
Let CISSP Cyber Training help you pass the CISSP Test the first time!