CCT 079: CISSP Practice Test Questions - Security Operations Concepts of Need to Know, Least Privilege, Separation of Duties and More

Ready to conquer the CISSP exam? Let's take a deep dive into the world of cybersecurity operations, breaking down complex concepts into easy-to-understand explanations. We'll explore how 'need to know access,' 'least privilege,' 'separation of duties' are vital defenses in the cybersecurity landscape, offering insights from real-life scenarios like the pricey MGM hack and a critical flaw in Cisco routers. Get ready to challenge yourself with CISSP questions tied to domain seven, focusing on access granted based on job descriptions, least access required, separation of duties, two-person control, and the benefits of job rotation.

Looking to level up your security team's skills? Cross-training could be the golden ticket. We'll narrow down how cross-training embeds versatility into your team, enabling them to deal with a diverse set of roles and smoothly execute two-person control. We'll also touch on why earning a CISSP certification can be a game-changer for your career, and share the exhilaration of acing the exam. We'll also tackle 15 vital CISSP questions, offering comprehensive answers and explanations to enrich your understanding. Pop in those earbuds, and let's boost your cybersecurity prowess and CISSP exam readiness!

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

TRANSCRIPT

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Good morning. This is Sean Gerber with CISSP Cyber Training, and today we're going to be doing CISSP exam questions Thursday. So today we're going to be talking about security operations and the need to know least privilege, separation of duties and so much more. Right? So we're going to get into the CISSP questions for this domain. This is domain seven and, just like everything else we have at CISSP Cyber Training, this is all available to you. If you go to CISSPcybertrainingcom, you can check out all of the questions that are available to you. Obviously and we do if you sign up for my email list, you'll get access to my daily, or actually you get 30 questions a month. So it's like what out of a year, 360, is that right? Yeah, 360 questions you can gain access to all free, doesn't cost you nothing. Or you can gain access to my membership and gain access to various other CISSP questions and training things all that you need to pass the CISSP, all right, so let us get started Now. Before we do, I wanted to kind of talk about a little bit of news. I've been kind of banging on this whole MGM hack and there was an interesting piece that came out just today around the MGM hack that occurred, and it was they're expecting that the overall cost for them is going to be right around $100 million. So that's huge $100 million, and that is just because of this situation. They didn't want to pay the ransom at first and so therefore, that's where they ended up at Now. When you think about that, that is a huge amount of money for basically causing all kinds of disruption and pandemonium within your environment. So this is where ransomware and being a CISSP and being a cybersecurity professional is so important. There's also another quick article I saw out there about Cisco and I know it's been in the news recently related to their routers and there's a critical flaw that they have and what they've been seeing then this I used to do this when I was on the red team. They would go and they're targeting specific routers that are vulnerable and they're usually finding them in small offices that are sitting off to the side. So if you have a company, maybe you have a remote office that maybe some salespeople sit into, so forth. These are the ones they target and in many cases, because they target those systems or those routers, and then that network, because the networks are one big giant network and more or less if you get access to one, you get access to many, and so that has become a big factor. It's an APT, which is advanced, persistent threat from China that's been doing this Again. This is hacking 101 and they're just utilizing flaws that are out there and they're targeting the least place where people look and their ultimate goal is to blend in, and that's what a hacker will do. You have to try to root them out, you have to try to discover them and if they go to places where there's not a lot of people but yet they have the same privileges as if they were on the bigger network, that is a prime place for these guys to go. So interesting articles out there around Cisco and around the MGM hack. I recommend that you go check those out. You can see those on InfosecIndustrycom. That's a high. I highly recommend that website, especially for any sort of security news that you might want to deal with. All right, so we're going to roll into domain seven and so let's get started in these 15 questions that we can have available to you and you can get this and listen to it. All right? Question one Alice is a system administrator setting up access controls for a new project. What does need to know access actually mean? A access granted based on the job description, b access granted based on seniority, c access granted only for required information or D access granted to all employees. So we all know about need to know and send the word right Whatever you need to know In quotes. So it would be C access granted only for the required information. Question two Bob is configuring user accounts for a financial application. What should be his primary consideration for granting privileges? A the department role. B the employee request. C least access necessary or D managerial approval. So again, bob's configuring user accounts for a financial application. What should be his primary consideration when granting privileges? Again, the primary piece in this sentence it would be C least access that is necessary. Again, the principal leaf privilege mandates that all users should be given minimum levels of access necessary to complete the task in their role. Question three Carol's designing a system where the task for approving and dispersing funds should be divided. What principal is Carol implementing? A separation of duties? B need to know, c least privilege or D to person control. Again, carol's designing a system where tasks for approving and dispersing funds should be divided. What principal is Carol implementing that would be A separation of duties. This helps prevent fraud by dividing the tasks and responsibilities among multiple people or systems. That is separation of duties. Question four Dave needs to implement a control where sensitive actions require approval from two individuals. This is a control known as a job rotation, the mandatory vacation, c privileged account management or PAM or D two-person control. Again, we're talking now. We need sensitive actions requiring two people. It would be D two-person control. Two-person controls do ensure that no single individual can perform the sensitive functions and therefore it can keep the nuclear missiles from leaving the submarine. That's a different story but in this case, same concept. In 5, emily is planning to rotate roles among her security team every six months. What is the primary benefit of job rotation? A skill development Again, primary benefit, skill development. B detecting malicious activity. C reducing burnout or D fulfilling SLAs or surface level agreements. When Emily is planning to rotate roles every six months. What is the primary, primary benefit of the job rotation? And that would be B detecting malicious activity. This can help a lot, especially when you're dealing with malicious activity or fraud by not allowing a single employee to occupy a role for an extended period. Now I say this, and how many security professionals are in extended periods of time and you probably need to look at auditing them or something like that? Question 6, frank is enforcing a policy where every employee must take a mandatory two-week vacation. What is the main security benefit of this policy? A employee well-being, b reducing overtime, c detecting unauthorized activities or D skill development. Okay, what is the security benefit of this policy? Not the benefit to the employee, but the benefit of the security, and that is C detecting unauthorized activities. Again, we want to look for unauthorized activities or fraudulent activities and therefore you are moving people around or putting them on vacation. Next question Grace needs to manage accounts with elevated permissions. What is her main concern? A setting complex passwords. B ensuring need to know access. C monitoring and auditing, or D all of the above. Again, managing accounts with elevated permissions is dealing with a PAM, privilege Account Management and that requires stringent security managers, which is everything that includes complex passwords, need to know access and ongoing monitoring and auditing. So the answer is D, all of the above. Question eight Henry is reviewing the SLAs, or service level agreements, for a new third party service. What should be Henry's primary focus in an SLA? A cost of service, b feature set, c downtime allowances or D contract duration. So, again, new third party service. What should be his primary focus in this SLA? And that would be downtime allowances, because really what you want, that's one of the biggest things that costs you money if your systems go down. So you really need to clearly define the downtime allowances and other performance metrics that the SLA must call out and that what meets your specific organizational needs. Question nine Irene detects an account that went from normal user privileges to admin level. What should be her immediate action? A disable the account. B monitor the activity for or the account for activity or. C notify her superior or. D perform a system wide audit. Again, you notice that it goes from normal to admin. What should you do? Disable the account, right. So you want to go as fast as you can to. If it's got potential privilege escalation situation, you want to disable that account very quickly. Now the question comes into sometimes is you don't want to disable it too soon because you might tip your hand, but in this situation, this scenario, that was the best answer. Question 10, jack is conducting a quarterly review of access rights in his organization. What principle is he primarily enforcing? A to person control, c lease privilege, or actually B lease privilege, c job rotation or D need to know. Again, he's conducting a quarterly review of access rights within his organization. What principle is he primarily enforcing? And that is, b leased privilege. Access reviews do help enforce the principle of leased privilege, and that does allow and ensures that only the necessary access and the rights are provided to them and granted. Question 11, karen is regularly auditing privilege accounts. What is her main aim or main goal? A ensuring password complexity, b verifying account activity, c checking role assignments or D all of the above. So Karen is regularly auditing privileged accounts. What does she want to do? She's doing all of the above right. She's making sure password complexity, account activity and role assignments are all correct. So therefore that is the correct answer. Question 12, luke, who is a data owner, needs to specify who can access his specific data. What principle is he enforcing? A separation of duties, b need to know. C to person control or D leased privilege. Again, he's looking needs to specify who can access his specific data, and that would be need to know. B by specifying who needs that data, he's enforcing the need to know principle. Question 13, nancy's negotiating an SLA with a cloud provider. What should she focus on as it relates to security? A incident response time, b encryption standards, c compliance certifications or D all of the above. And, as we've talked about in the podcast over and over again, that would be all of the above. If you're talking, you want to understand the incident response, you want to understand how they're encrypting your data and you want to understand if they have compliance certifications that they are adhering to. So all of the above. Question 14, olivia is a system admin with full access to every system that is out there that she's in her purview at least. How can her access be made compliant with the principle of leased privilege? Okay, so now she's got access to everything. She's got demigod access. So what are you going to do? You need to get her leased privilege? A you grant her a temporary elevated rights when needed. B you revoke her admin rights. C you create role-based access profiles or? D you disable her account. That correct answer is A temporary elevated rights do allow her to do her role, her job and do the access that she has to have for her role, but it also limits the exposure, or I like to say blast radius in the event that Olivia goes rogue or her account goes rogue. Last question Paul is planning to cross train his team on different security roles. What benefit does cross training primarily have? A cost saving, b fulfilling an SLA, c implementing two person control or D enhancing team skills. Okay, so there's a lot in there that can be helpful. Right of having you to cross train people, but the main answer is two person control. This cross training does enable the team members to assume multiple roles. There are four facilitating and implementing the two person control by having more than one person capable of performing the sensitive tasks. Okay, that's all I've got for you on CISSP exam question Thursday, and we will move on to the next podcast, which will be coming out on Monday, and I hope that'll be over domain eight, because we follow a sequence of events. But I hope you guys are having a great day. I hope you enjoy this. Work hard on the CISSP. I've got. Plenty of my students are passing the CISSP and they are excited about it, just signing off on one here tonight. So I'm super excited for everybody that's wanting to take this test because, by golly, you've got to get it done. It's important for you to get it done, for you and your career. All right, have a great day and we'll catch you on the flip side, see ya.