Author Archives: Chris

Introduction Comms & network security focuses on the CIA of data in motion One of the largest domains in the CBK, and also one of the most technically deep; the ability to understand this domain is critical for exam success Network architecture & design How networks should be designed and the controls they may contain.Continue reading “Domain 4: Communication & Network Security”

Which of the following is true for digital signatures?(a) The sender encrypts the hash with a public key(b) The sender encrypts the hash with a private key(c) The sender encrypts the plaintext with a public key(d) The sender encrypts the plaintext with a private key Under which type of cloud service level would Linux hostingContinue reading “Questions for Domain 3: Security Engineering”

Security models Provide “rules of the road” for security in operating systems Many governments are primarily concerned with confidentiality, while most businesses desire to ensure that the integrity of information is protected at the highest level. Reading down & writing up The concepts of reading down and writing up apply to mandatory access control (MAC)Continue reading “Domain 3: Security Engineering”

A company outsources payroll services to a third-party company. Which of the following roles most likely applies to the payroll company?(a) Data controller(b) Data handler(c) Data owner(d) Data processor Which managerial role is responsible for the actual computers that house data, including the security of hardware & software configurations?(a) Custodian(b) Data owner(c) Mission owner(d) SystemContinue reading “Questions for Domain 2: Asset Security”

Classifying data The day-to-day management of access control requires management of labels, clearances, formal access approval & need to know. These formal mechanisms are typically used to protect highly sensitive data, such as government or military data. Labels Objects have labels and subjects have clearances The object labels used by many world governments are confidential,Continue reading “Domain 2: Asset Security”

Use the following scenario to answer questions 1-3: Your company sells iPods online and has suffered many DoS attacks. Your company makes an average weekly profit of $20K, and a typical DoS attack lowers sales by 40%. On average, you suffer 7 DoS attacks per year. A DoS mitigation service is available for a subscriptionContinue reading “Questions for Domain 1: Security Risk Management”

Our job is to evaluate risks against our assets and deploy safeguards to mitigate those risks. Domain agenda Understand business continuity requirements Contribute to personnel security policies Understand & apply risk management concepts Understand & apply threat modelling Integrate security risk considerations into acquisitions strategy & practice Establish & manage security education, training & awarenessContinue reading “Domain 1: Security Risk Management”