CISSP

🛡️ Understanding Cryptographic Algorithms for Internet Security (CISSP Domain 3: Security Architecture and Engineering) 🧪 CISSP Practice Question Which of the following is a cryptographic algorithm that is commonly used for secure communications over the internet? A: RSA ✅ B: Blowfish C: Triple DES D: AES ❌ ✅ Correct Answer: A — RSA CISSP Domain 3: Security Architecture and Engineering RSA (Rivest-Shamir-Adleman) is an asymmetric cryptographic algorithm used extensively in secure communications, particularly within: TLS/SSL protocols Public key infrastructure (PKI) Digital signatures and certificates RSA enables the secure exchange of symmetric keys between a client and server, which is the backbone of how secure sessions are established on the internet (e.g., HTTPS). 🔑 In CISSP terms, RSA supports the confidentiality , integrity , and authentication pillars of cryptographic design. ❌ Why the Other Options Are Incorrect B: Blowfish CISSP Domain 3 Symmetric cip...

CISSP Domain 1 – Security and Risk Management Understanding the Bell-LaPadula Model for Confidentiality Question: Which of the following is a security model that uses mandatory access control to enforce confidentiality? Answer: ✅ Bell-LaPadula model Correct Answer: A. Bell-LaPadula Model The Bell-LaPadula (BLP) model is a classic security model focused exclusively on confidentiality . Developed in the 1970s for the U.S. Department of Defense, it enforces Mandatory Access Control (MAC) policies to ensure that sensitive information doesn’t leak to unauthorized users. Why Bell-LaPadula Is the Right Answer: ✅ MAC-based model: Access is governed by security labels (e.g., Top Secret, Secret). ✅ Focus: Prevents unauthorized disclosure of information. ✅ Core Rules: Simple Security Property ("No Read Up") – Subjects cannot read data at a higher security level. * -Property ("No Write Down") – Subjects cannot write data to a lower security level, ...

One of the most deceptively simple—but commonly misunderstood—concepts in cybersecurity is the difference between a threat and a risk . While these terms are often used interchangeably in casual conversation, in the context of the CISSP (Certified Information Systems Security Professional) exam and professional cybersecurity practice, they have distinct meanings that you'll need to understand cold. 🔐 The Correct Definition Threat : A threat is a potential danger —an event, actor, or condition that could cause harm to an organization. Risk : A risk is the likelihood and impact of a threat actually exploiting a vulnerability and causing damage. Or put another way: ✅ A threat is a “what could go wrong.” A risk is “how likely it is to go wrong and how bad it would be.” ❓ Sample Exam Question What is the difference between a threat and a risk? A. A threat is a potential event or activity that can cause harm to an organization, while a risk is the likelihood and impact of that...

  CISSP Domain 1 – Governance, Risk, and Compliance Mastering Risk and Internal Controls with COBIT Question: Which of the following frameworks is MOST associated with managing risk and internal controls in the enterprise? Answer: ✅ COBIT Correct Answer: COBIT COBIT (Control Objectives for Information and Related Technologies) is an enterprise IT governance framework developed by ISACA. It’s designed specifically to help organizations manage risk, align IT with business goals, and establish robust internal control mechanisms. Why COBIT is the Best Fit: Governance-centric: COBIT provides a governance and management framework that bridges the gap between technical issues, business risks, and control requirements. Enterprise-level focus: It addresses enterprise-wide control and risk, not just technical configurations or isolated systems. Control Objectives: The core of COBIT is built around control objectives , making it highly suitable for implementing and evalua...

CISSP Study Note: The CIA Triad – Confidentiality, Integrity, Availability The CIA Triad is the core foundation of information security and shows up throughout the CISSP exam — especially in Domain 1: Security and Risk Management . To pass the exam and excel as a cybersecurity professional, you must understand how each pillar works, how we implement protections, and what threatens them. 🔒 Confidentiality – Keep Secrets Secret CISSP – the CIA Triad – Confidentiality We want to ensure that only authorized users can access information. Confidentiality is about preventing unauthorized disclosure of data. ✅ How We Protect Confidentiality: Encryption for data at rest (e.g., AES-256), full disk encryption. Secure transport protocols for data in motion: SSL, TLS, IPsec. Best practices for data in use : Clean desk policy Screen privacy filters Automatic and manual screen locking Avoid shoulder surfing Access control principles : Strong passwords ...

CISSP Study Note: Easy Mnemonic for the (ISC)² Code of Ethics – 4 Canons Understanding the (ISC)² Code of Ethics is critical for passing the CISSP exam—and more importantly, for practicing as a responsible cybersecurity professional. These 4 ethical canons aren't just theoretical guidelines. They're enforceable standards, and questions on them do appear in the CISSP exam , particularly under Domain 1: Security and Risk Management . 🧭 The 4 Canons (in order of precedence) Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principals. Advance and protect the profession. When in doubt: Canon 1 overrides the rest. If a decision benefits your employer but harms the public, Canon 1 comes first. 🧠 Mnemonic to Lock It In: "People Always Protect Advancement" Each word in the mnemonic maps directly to a cano...