CCT 031: CISSP Exam Questions (Domain 1)

CCT 031 - RCR 128 - CISSP Exam Questions (Domain 1)

[00:00:00] Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action packed informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity.

Alright, let's get started. Let's go. Okay, so we are in CISSP exam questions, and we're gonna roll into a couple other ones. These are from domain one. So which of the following is an example of a conflict of interest that an information security professional should avoid? A accepting a gift from a vendor for recommending their product.

B. Reporting a security breach to an appropriate author. De declining a job offer from a competing organization or de participating in professional development activities to enhance their skills. Okay, so which of the following [00:01:00] examples is a conflict of interest that an information security professional should avoid?

A accepting a gift from a vendor for recommending their product. B. Reporting a security breach to the appropriate authorities. C. Declining an offer from a competing organization or D, participating in professional development activities to enhance their. So what main thing I wanna look at is a conflict of informa, a conflict of interest in this pro overall plan.

So which one should be the correct one to avoid a conflict of interest? Accepting a gift from a vendor for recommending their product can get you into some sticky situations. So you need to avoid accepting gifts from vendors. Uh, there'll be times when you will get gifts from vendors that are very nominal in cost, but you should never do it in the event that you are actually providing a recommendation for.

So again, that product can create a conflict of interest as it may compromise the information security professionals object, objectivity, and integrity. So again, you just wanna [00:02:00] avoid those and you also wanna avoid any perception that that could be a problem. So better to play it safe than to be sorry in that whole situation.

All right, so let's go onto the next question.

Which of the following is not a characteristic of professional ethics? A. Subjective. B, consistent C. Discerning D. Universal. Again, which of the following is not a characteristic of professional ethics? A. Subjective. B, consistent. C. Discerning D Univers. The answer is a subjective is not a characteristic of professional ethics.

Professional ethics are expected to be consistent, discerning, and universal, meaning they apply to all members of the profession regardless of their personal beliefs or opinions. Ethics are objective principles that guide the behavior and the action of the professionals in their [00:03:00] specific practice.

Again, which of the following is not a characteristic of professional eth ethics? A subject. B consistent C discerning D universal. The answer is a subjective is not a characteristic of professional ethics.

Okay, so the next question, which of the following is an example of plagiarism? So citing a reference A, the, that source is used in a research paper. Okay. B, using copyrighted materials for educational purposes. C. Paraphrasing ideas from a published article without proper attribution. Or D, creating an original work based on existing research.

Okay, so which of the following is an example of plagiarism? Make sure I said that right. I don't wanna say not is an example of plagiarism. A citing a reference. Uh, referencing sources using a research paper. B, using copyright materials for educational [00:04:00] purposes. C. Paraphrasing ideas from a published article without proper attribution.

Or D, creating the original work based on existing research. And then you think about, Makes a lot of sense, right? The answer would be, c paraphrasing ideas from a published article without proper attribution. It's always best to put some level of attribution with this. Uh, paraphrasing ideas from a published article without proper attribution is an example of plagiarism.

Okay? What is plagiarism? It's the act of presenting someone else's work or ideas as your own without giving proper credit. That is, again, that's a violation of professional ethics and academic integrity. When I was teaching in. That's one of the big factors you want to avoid, obviously, is plagiarizing people's work.

Give proper recognition for what people do. Okay. Let's move on to the next question. As an information security professional, you come across a security incident involving a colleague who has violated security policies. What is the most appropriate ethical course of action? [00:05:00] Ignore the incident and avoid conflict with the.

B, report the incident to your manager or appropriate authority. C. Confront the colleague directly and ask them to fix the issue. D, help the colleague cover up the incident and avoid repercussions. Okay, so if you can listen to those, it's pretty obvious which one it is. Right? So as an information security professional, you come across a security incident involving a colleague who violated security policies.

Okay? So they already violated something, right? Their policies. What is the most appropriate, most appropriate ethical course of. A, ignore the incident and avoid conflict with the colleague that isn't right. B, report the incident to your manager or appropriate authorities. Sounds about right. C. Confront the colleague directly and ask them to fix the issue.

Now, that could potentially be it, but it's not the most appropriate. And then, D, help the colleague cover up the incident. Avoid repercussions. The correct answer is B. Obviously reporting the incident to your manager or appropriate authority is the most appropriate court ethical course of [00:06:00] action. Again, C could be kind of, but you don't want to go down that path because again, you're now, you're conf, you're talking to the colleague directly and you're asking the fixie issue.

The problem is that already occurred, so something has already occurred, so that's not the most appropriate way of. All right. That's all we have for today. Go check out CISSP cyber training.com and get out all the free stuff that I have available to everyone there. All right, have a great day. We'll catch you on the flip side.

See you.