COURSE 2 – PLAY IT SAFE: MANAGE SECURITY RISKS

Module 1: Security Domains

GOOGLE CYBERSECURITY PROFESSIONAL CERTIFICATE

Coursera Study Guide

Enroll in Coursera Google Cybersecurity Professional Certificate

TABLE OF CONTENT

INTRODUCTION – Security Domains

Embark on a comprehensive learning journey encompassing the eight security domains of the Certified Information Systems Security Professional (CISSP) certification. This exploration extends into the identification and analysis of primary threats, risks, and vulnerabilities affecting business operations. Additionally, delve into the National Institute of Standards and Technology’s (NIST) Risk Management Framework (RMF), unraveling its structured approach to risk management. Gain practical insights into the sequential steps of risk management, equipping yourself with a holistic understanding of information security principles and strategies to safeguard organizational integrity.

Learning Objectives

  • Recognize and explain the focus of CISSP’s eight security domains.
  • Identify and define the primary threats, risks, and vulnerabilities to business operations.
  • Describe the threats, risks, and vulnerabilities that entry-level security analysts are most focused on.
  • Determine how threats, risks, and vulnerabilities impact business operations.
  • Identify the steps of risk management.

TEST YOUR KNOWLEDGE: MORE ABOUT THE CISSP SECURITY DOMAINS

1. Fill in the blank: The _____ domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets.

  • asset security
  • security operations
  • communication and network security
  • identity and access management (CORRECT)

The identity and access management domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets.

2. What is the focus of the security and risk management domain?

  • Optimize data security by ensuring effective processes are in place
  • Manage and secure wireless communications
  • Secure physical networks and wireless communications
  • Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations. (CORRECT)

The focus of the security and risk management domain is defining security goals and objectives, risk mitigation, compliance, business continuity, and regulations.

3. In which domain would a security professional conduct security control testing; collect and analyze data; and perform security audits to monitor for risks, threats, and vulnerabilities?

  • Identity and access management
  • Communication and network engineering
  • Security architecture and engineering
  • Security assessment and testing (CORRECT)

In the security assessment and testing domain, a security professional conducts security control testing; collects and analyzes data; and performs security audits to monitor for risks, threats, and vulnerabilities.

4. Fill in the blank: The _____ domain concerns conducting investigations and implementing preventive measures.

  • communications and networking engineering
  • software development security
  • asset security
  • security operations (CORRECT)

The security operations domain concerns conducting investigations and implementing preventative measures.

TEST YOUR KNOWLEDGE: NAVIGATE THREATS, RISKS, AND VULNERABILITIES

1. What is a vulnerability?

  • A weakness that can be exploited by a threat (CORRECT)
  • An organization’s ability to manage its defense of critical assets and data and react to change
  • Anything that can impact the confidentiality, integrity, or availability of an asset
  • Any circumstance or event that can negatively impact assets

A vulnerability is a weakness that can be exploited by a threat.

2. Fill in the blank: Information protected by regulations or laws is a _____. If it is compromised, there is likely to be a severe negative impact on an organization’s finances, operations, or reputation.

  • new-risk asset
  • medium-risk asset
  • low-risk asset
  • high-risk asset (CORRECT)

Information protected by regulations or laws is a high-risk asset. If it is compromised, there is likely to be a severe negative impact on an organization’s finances, operations, or reputation.

3. What are the key impacts of threats, risks, and vulnerabilities? Select three answers.

  • Identity theft (CORRECT)
  • Employee retention
  • Financial damage (CORRECT)
  • Damage to reputation (CORRECT)

The key impacts of threats, risks, and vulnerabilities are financial damage, identity theft, and damage to reputation.

4. Fill in the blank: The steps in the Risk Management Framework (RMF) are prepare, _____, select, implement, assess, authorize, and monitor.

  • categorize (CORRECT)
  • communicate
  • reflect
  • produce

The steps in the RMF are prepare, categorize, select, implement, assess, authorize, and monitor. In the categorize step, security professionals develop risk-management processes and tasks.

5. Phishing exploits human error to acquire sensitive data and private information.

  • True (CORRECT)
  • False

Phishing exploits human error to acquire sensitive data and private information. It is one method of social engineering.

Liking our content? Then, don’t forget to ad us to your bookmarks so you can find us easily!

Subscribe

MODULE 1 CHALLENGE

1. Fill in the blank: Security posture refers to an organization’s ability to react to change and manage its defense of _____ and critical assets.

  • data (CORRECT)
  • domains
  • consequences
  • gaps

Correct!

2. Which of the following examples are key focus areas of the security and risk management domain? Select three answers.

  • Define security goals (CORRECT)
  • Follow legal regulations (CORRECT)
  • Maintain business continuity (CORRECT)
  • Conduct control testing

Correct!

3. How does business continuity enable an organization to maintain everyday productivity?

  • By ensuring return on investment
  • By establishing risk disaster recovery plans (CORRECT)
  • By exploiting vulnerabilities
  • By outlining faults to business policies

Correct!

4. Fill in the blank: According to the concept of shared responsibility, employees can help lower risk to physical and virtual security by _____. Select two answers.

  • taking an active role (CORRECT)
  • meeting productivity goals
  • recognizing and reporting security concerns (CORRECT)
  • limiting their communication with team members

Correct!

5. A security analyst ensures that employees are able to review only the data they need to do their jobs. Which security domain does this scenario relate to?

  • Communication and network security
  • Identity and access management (CORRECT)
  • Software development security
  • Security assessment and testing

Correct!

6. Which of the following activities may be part of establishing security controls? Select three answers.

  • Implement multi-factor authentication (CORRECT)
  • Collect and analyze security data regularly (CORRECT)
  • Evaluate whether current controls help achieve business goals (CORRECT)
  • Monitor and record user requests

Correct!

7. When working in the software development security domain, which of the following are tasks that security team members may complete during various phases of the software development lifecycle? Select three answers.

  • Initiating a secure design review (CORRECT)                                       
  • Participating in incident investigations
  • Performing penetration testing (CORRECT)
  • Conducting secure code reviews (CORRECT)

Correct!

8. Which of the following statements accurately describe risk? Select all that apply.

  • If compromised, a medium-risk asset may cause some damage to an organization’s finances.
  • Website content or published research data are examples of low-risk assets. (CORRECT)
  • Organizations often rate risks at different levels: low, medium, and high. (CORRECT)
  • If compromised, a high-risk asset is unlikely to cause financial damage.

Correct!

9. A business experiences an attack. As a result, a major news outlet reports the attack, which creates bad press for the organization. What type of consequence does this scenario describe?

  • Loss of identity
  • Increase in profits
  • Lack of engagement
  • Damage to reputation (CORRECT)

Correct!

10. Fill in the blank: In the Risk Management Framework (RMF), the _____ step might involve implementing a plan to change password requirements in order to reduce requests to reset employee passwords.

  • implement (CORRECT)
  • categorize
  • prepare
  • authorize

Correct!

11. Fill in the blank: Security _____ refers to an organization’s ability to manage its defense of critical assets and data, as well as its ability to react to change.

  • architecture
  • hardening
  • governance
  • posture (CORRECT)

Correct!

12. Which of the following examples are key focus areas of the security and risk management domain? Select three answers.

  • Store data properly
  • Maintain business continuity (CORRECT)
  • Mitigate risk (CORRECT)
  • Follow legal regulations (CORRECT)

Correct!

13. What term describes an organization’s ability to maintain its everyday productivity by establishing risk disaster recovery plans?

  • Recovery
  • Business continuity (CORRECT)
  • Mitigation
  • Daily defense

Correct!

14. A security analyst verifies users and monitors employees’ login attempts. The goal is to keep the business’s assets secure. Which security domain does this scenario describe?

  • Communication and network security
  • Security operations
  • Security assessment and testing
  • Identity and access management (CORRECT)

Correct!

15. Fill in the blank: In the Risk Management Framework (RMF), the _____ step involves knowing how systems are operating and assessing whether or not those systems support the organization’s security goals.

  • monitor (CORRECT)
  • implement
  • categorize
  • authorize

Correct!

16. What security concept involves all individuals in an organization taking an active role in reducing risk and maintaining security?

  • Remote services
  • Employee retention
  • Secure coding
  • Shared responsibility (CORRECT)

Correct!

17. A security analyst is asked to conduct a security audit to identify vulnerabilities. Which security domain is this task related to?

  • Communication and network security
  • Software development security
  • Security assessment and testing (CORRECT)
  • Security architecture and engineering

Correct!

18. Fill in the blank: When working in the software development security domain, security team members can use each phase of the software development _____ to conduct security reviews and ensure that security can be fully integrated into software products.

  • operations
  • sequencing
  • lifecycle (CORRECT)
  • handling

Correct!

19. Which of the following statements accurately describe risk? Select all that apply.

  • Another way to think of risk is the likelihood of a threat occurring. (CORRECT)
  • If compromised, a low-risk asset would have a severe negative impact on an organization’s ongoing reputation.
  • If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations. (CORRECT)
  • A high-risk asset is any information protected by regulations or laws. (CORRECT)

Correct!

20. A business experiences an attack. As a result, its critical business operations are interrupted and it faces regulatory fines. What type of consequence does this scenario describe?

  • Practical
  • Reputation
  • Identity
  • Financial (CORRECT)

Correct!

21. In the Risk Management Framework (RMF), which step notes the importance of being accountable for potential risks and may involve generating reports or developing plans of action?

  • Categorize
  • Select
  • Prepare
  • Authorize (CORRECT)

Correct!

22. What is the goal of business continuity?

  • Remove access to assets
  • Reduce personnel
  • Destroy publicly available data
  • Maintain everyday productivity (CORRECT)

Correct!

Previous Course
Next Module

Subscribe to our site

Get new content delivered directly to your inbox.

Quiztudy Top Courses

Popular in Coursera

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!

Subscribe