Question

Which of the following best describes the job duties of security administrators?

	a) They create security policies.
	b) They design secure systems.
	c) They check if employees comply with security policies.
	d) They ensure appropriate separation of duties exists to prevent abuse of privilege.

Managing incident response is a key area of which of the following CBK domains?

	a) Information security governance and risk management
	b) Security architecture and design
	c) Business continuity and disaster recovery planning
	d) Operations security

Understanding how to apply security in all stages of the SDLC is a key area of which of the following CBK domains?

	a) Information security governance and risk management
	b) Software development security
	c) Business continuity and disaster recovery planning
	d) Operations security

Which of the following best describes deterrent controls?

	a) Reduce the likelihood of a deliberate attack.
	b) Protect vulnerabilities.
	c) Reduce the effect of an attack.
	d) Discover attack and trigger preventive or corrective controls.

Answer 1

Answers are in the same order as the question :

1. Which of the following best describes the job duties of security administrators?
   1. Security policies are policies that are set of rules that have to be followed by the employees of the organisation to ensures the data of organisation more confidential, this policies are also followed by security administrator as well. So all the policies are not made by security administrator. It is not the correct answer.
   2. Security administrator are responsible to maintain the security of the organisation's network by preventing the network from unauthorised access, and from any external and internal threats as well by designing the system more secure. So it is the right answer.
   3. Security administrator not only check the employees comply with security policies or not but also secures the system from outside unauthorised access as well. So, this is not correct option.
   4. Yes Security administrator ensure appropriate separation of duties exists to prevent abuse of privilege but also secures the system from outside threats as well. so it is not the right option.

2. Managing incident response is a key area of which of the following CBK domains?

   1. Information security governance and risk management domain of the CISSP CBK deals with the identification of the organisation's data and information and the development, updation and also the implementation of the policies, procedure and guidlines of the copany as well , that ensures the security of the organisation's data and its integrity. But it is not for the managment of the incident response , it is not correct answer.
   2. Security architecture and design domain deals with the security architecture and software vulneribilities, also covers the security models concept and the threats, which ensure the managment of incident responce as well. that means this is right answer.
   3. Business continuity and disaster recovery planning domain deals with the strategies that ensures the continuity of the operation and work flow with minimum fault or downtime. recovery plans are there to prevent the loss from the disasters. it is not the correct option as this domain does not manages incident response.
   4. Operations security or Security operations domain deal with the prevention of the oragnisation's data from the attack of Cybercriminal, the team responsible for security operations prevent, manages and update policies for the prevention of the organisation's data. but it not deals with managment of the incident response. so it is not correct option

3. Understanding how to apply security in all stages of the SDLC is a key area of which of the following CBK domains?

   1. AS in the above question we see that Information security governance and risk management domain of the CISSP CBK deals with the identification of the organisation's data and information and the development, updation and also the implementation of the policies, procedure and guidlines of the copany as well , that ensures the security of the organisation's data and its integrity. that means it provide the security in all stages of the SDLC as well. this is the correct option.

   2. Software devlopment security deals with the confidentiality of the application and its integrity, as in every stage of the devlopment there is involvment of the humans. but it not provide the security in all stages of the SDLC as well. this is not the correct option.

   3. Business continuity and disaster recovery planning domain deals with the strategies that ensures the continuity of the operation and work flow with minimum fault or downtime. recovery plans are there to prevent the loss from the disasters. it does not deals with the security so it is not the correct answer.

   4. Operations security or Security operations domain deal with the prevention of the oragnisation's data from the attack of Cybercriminal, that is done with data of the organisation, not the developing software, so it is not the correct option.

4. Which of the following best describes deterrent controls?

​​​​​​​​​​​​​​In this question the deterrent control do all the three things that was in option a,b,and d. as it reduce the likelihood of a deliberate attack, also prevent the system from vulnerabilities and also discover the attack and trigger the corrective control or preventive control for the prevention. the c option is incorrect as corrective control reduce the effect of an attack not detrrent controls.

But the best describtion of the deterrent control is it identify or discover the attack and trigger the corrective control or preventive control for the prevention. So option D is the correct option.

KINDLY HIT LIKE!!!!!!!!!!!!!!!!!