Welcome to the CISSP Cyber Training Podcast , where we provide you the training and tools you need to pass the CISSP exam the first time . Hi , my name is Sean Gerber and I'm your host for this action-packed , informative podcast . Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge .
All right , let's get started . Let's go cybersecurity knowledge .
All right , let's get started . Hey all , it's Sean Gerber with CISSP Cyber Training , and today is CISSP Question Thursday and we're going to be talking about some of the questions that came from our last podcast that occurred on Monday , as it relates to domain five of the CISSP exam .
So we're going to get into some questions that you may anticipate to potentially see for the exam . Obviously , we going to get into some questions that you may anticipate to potentially see for the exam . Obviously , we talk about this routinely . These are not questions that would be found on the exam per se .
These are questions that you may see that are similar to that on the test . But the bottom line is we're trying to teach you how can you respond , how can you understand these questions as you go to get ready to take the test .
Before we get started , I wanted to bring up an article that I saw while I was getting ready to do this podcast , and this comes out of a Scottish non-profit incident response center that has indicating they've had a uptick in ransomware attacks , and these from 123 instances to 263 in 23 and 24 . So they're seeing a massive increase .
So basically , 100% increase over the period of one year and that's substantial in the fact that you're now dealing with these cyber crimes and it's directly impacting businesses in a very substantial way . I read an article yesterday where it was talking about the business resiliency for overall companies in general has actually gone down from the year prior .
So what it's saying is that attacks are going up and people feel like in the past they felt somewhat resilient , that they could withstand these , but actually that sentiment is now going down because there's just more attacks and people don't feel like they're properly prepared .
It talks about here where in this article that they confirmed some patient data has been obviously taken over and was by a ransom group . They've been having a lot of different ransom groups hit them , but one of the main ones that have actually been is black basta lock bit and akira were the most commonly reported ones in this past year .
Now the fraud case is expected over $33 million and , as we know , that's a pretty substantial amount of money , especially when you're dealing with a smaller country that maybe doesn't have the same level of funds or the same amount of people that can manage all of that .
So $33 million is a lot of money and I come back to the point of it's all this money for nothing . You're basically paying money for your data that you had before that unfortunately now is unavailable to you , and the sad part is is you can't guarantee that these individuals have left your organization , even though they give you the keys to unencrypt your data .
So this nonprofit is dealing with right now they said over 153 cases , most of which are dealing with investment fraud and business email compromises , impersonation fraud and then obviously , redirect and safe account scams . So you're seeing more of this stuff coming down and it's just going to continue to grow .
So I bring all this up to be to the fact that you , as cybersecurity professionals whether you're in your beginning in your journey or you are further along , it really comes down to you you owe a responsibility to people to help them understand this risk and to work through this risk .
What I'm realizing more and more is that there's so many people out there they don't understand the technology and they're looking to someone to come help . I say , with a cape on , come save them .
But in reality , we need more security professionals that really truly understand the risk but can convey that in a way that helps these individuals better , make their systems and their businesses more resilient , because at the end of all of this , if we don't do that , these businesses are going to close up .
They're going to close shop because they can't operate , and it's a bad thing for everyone when fraudsters are taking advantage of businesses . I'm owning a business myself . It's very challenging just to be able to make a profit , let alone even just pay the bills .
So you have these situations that come up where your entire environment is encrypted and you've done nothing other than potentially clicking on a link that you maybe shouldn't have but maybe didn't even know .
So , again , you , as cybersecurity professionals , it's important for you to get your CISSP , get out there in the market and help people with these situations , to help protect them from the bad guys and gals and the evil hacker horde . All right , so let's get started on what we're going to be talking about today with domain five CISSP questions .
Okay , question one what is the first step in a user account provisioning process ? A assign roles based on job function . B creating login credentials . C collecting user information . Or . D granting access to resources . So question one what is the first step in the user account provisioning process ? And the answer is C collecting user information .
Right , you want to be able to get the information you need that is set especially , I can't even speak , I don't know . It's important , yeah , to establish your digital identity for the organization , so you want to be able to get the user's information for that Did that just recently .
You have to have name , date of birth , all those fun things has to be accomplished , so you want to get that account provisioning done as soon as possible . Question two during the deprovisioning process , which action is generally performed last disabling user access ? B archiving user data , c notifying the user or d logging the d provisioning action .
So during the deep provisioning process , which action is generally performed last and your disabling user access isn't last ? Archiving the user data might be last . Notifying the user was usually on the front end of it and then the back end is logging the deprovisioning action , right .
So logging when you're done is typically the last step in maintaining an audit trail for compliance and security monitoring purposes . So you want to be able to log it that the deprovisioning did occur . Question three which of the following is least important when determining roles and access requirements ?
So which of the following is least important when determining roles and access requirements A the user's job title . B the user's personal preferences . C the principle of least privilege or . D the user's responsibilities . So which of the following is least important when determining roles and access requirements ? And obviously it's B .
Their personal preferences are usually the last on any of that . I don't think anybody ever really cared too much about my personal preferences as it relates to these accounts . So access should be based on your job responsibilities and the principle of least privilege , not your personal preferences .
Question four in the context of offboarding , what is a primary concern ? So , in the context of offboarding , what is a primary concern ? So , in the context of off-boarding , what is the primary concern ? A the users complete all pending work . B revoking access to all company resources . C conducting an exit interview or . C providing a farewell party .
Okay , I just left my company and no one gave me a party . That's terrible . They said they're going to . We'll see if they do Now . Question four in the context of off-boarding , what is the primary concern ? And the answer is B revoking access to all company resources , right ?
So once a person leaves a company , you want to revoke those resources as soon as possible . Again , you want to be able to revoke them so that they cannot potentially have access back into your network once they leave the company .
Question five Regular account maintenance activities include all of the following , except what A Updating user roles , b Changing user passwords , c Monitoring user behavior or . D Increasing access privileges regularly . So question five is regular account maintenance activities include all of the following except D increasing access privileges regularly .
Again , you want to basically ensure that you're not going to keep increasing them on a regular basis unless it's absolutely needed . The ultimate goal is you actually want to go in and remove access more regularly than actually granting access more regularly . Question six which of the following best describes identity governance ?
A a framework for managing user identities and access rights . B a tool for monitoring network activity or network traffic . C a database for storing user credentials or . D a protocol for encrypting data transmissions . Which of the following best describes identity governance ? And the answer is A a framework for managing user identities and access rights .
So identity governance is an important part of any organization and these would include your policies , your processes , technologies and so forth , and that was helped to manage and secure the identities of individuals within your company .
So you really want to follow some sort of framework , and the framework's important because if you have that already established , you now can just go through and go step A , step B , step C , and you don't have to be guessing . What should you do from an identity standpoint ? Question seven privileged access management or PAM tools are a primary use for what ?
Okay , so not the spray for your cooking . It is a tool . What is it ? What is a PAM ? A privileged access management tool ? What are they used for ? A managing public Wi-Fi networks . B securing and monitoring privileged accounts . C implementing email encryption . Or .
D facilitating single sign-on for social media platforms facilitating single sign-on for social media platforms . So what is a PAM ? Basically , a PAM is a really cool password management tool password management vault per se . So it would be B securing your , monitoring , your privileged accounts .
You should have a PAM-type solution for all of your elevated accounts within your organization . I highly recommend that you shouldn't have your individuals have their own access to their admin accounts that are significant for your organization .
I highly recommend that you shouldn't have your individuals have their own access to their admin accounts that are significant for your organization . Obviously , local admin is one thing , but when you have like domain admin for your organization , you wouldn't want that stored on a person's computer .
You'd want that stored in a PAM and , again , the PAM would be something that would be very valuable for your organization . They're also very expensive , but they can be very valuable for your company . They're also very expensive , but they can be very valuable for your company . Multi-factor authentication enhances security by what ? Requiring a single complex password .
B requiring multiple forms of verification to authenticate a user . C encrypting user data at rest . Or D scanning for malware on user devices . So multi-factor authentication enhances security by what ? And the answer is B requiring multiple forms of verification to authenticate a user .
Again , the purpose of that is to ensure that something potentially you know , ie a password , something that you have would be like a security token . You may be something you are , such as biometric verifications . Again , these are all things that are in place that you would like to have them use for multi-factor .
Now I read an article that were talking about multi-factors being abused more and more , just because I think there was a recent Apple hack where they're using something along those lines and people are just getting through MFA fatigue and they're just basically clicking , clicking , clicking and that's a problem as well . So it's the user .
The user will get you in trouble almost every time . That's why you guys , as security professionals need to teach them and then be cognizant and understand and keep doing it all the time . Single sign-on is beneficial because what ? Okay , so SSO or single sign-on is beneficial because of what ? A it allows users to have different passwords for each application .
B it reduces the number of passwords users need to remember . C it increases the complexity of the authentication process . And D it eliminates the need for passwords altogether . So Single sign-on is beneficial because it is B . Now it can increase the complexity .
Obviously you can enforce that with single sign-on , but it's B reduces the number of passwords needed to remember . That's the ultimate purpose is that you don't have all those , because most people have reused these passwords over and over again , and so if you can limit the amount of passwords that people use , that'd be great .
And then you can enforce a complex password on that overall process . Then you can also add some level of multi-factor authentication into it as well . And now you've done a good job of at least helping to protect yourself from your employees , at least a little bit . Which of the following is not a typical responsibility of identity governance solution ?
So question 10 , which of the following is not a typical responsibility of an identity governance solution ? A enforcing compliance with access policies . B managing the storage of physical files . C administering the user roles and access privileges or . D conducting access reviews and audits .
So which of the following is not a typical responsibility of an identity governance solution ? Okay , so all of those are typical kind of an identity governance solution , right , enforcing compliance , administrating user roles and then conducting access reviews and audits , except , obviously be managing the storage of physical files .
That's typically not part of a identity governance solution because that's storing files . So you don't really want to worry about that . You want to focus on digital identities . Access policies , rules and compliance are part of your identity Governance solution .
Sorry , question 11 , principle of least privilege is important because it A allows users to perform a job without unnecessary restrictions . B it ensures users have access to all information they might need . C it minimizes the risk for data breaches by limiting user access to only what is necessary . Or , d it makes it easier for users to remember their passwords .
So , again , the principle of least privilege is important because it does what ? Okay , what does it do ? It minimizes the risk of data breaches by limiting user access to only what is necessary and required for their job . Again , that is what we call least privilege the rest of the part .
I mean , you just want to basically get down to the point where they don't have access to everything that they want . They have access to only the things they need . Question 12 , which statement is most accurate regarding deprovisioning process ? So which statement is the most accurate regarding the deprovisioning process ?
A it should be delayed until user has returned all company property . B it is the same as offboarding process . D it should be initiated as soon as user employment ends . Or D it only involves disabling the user email accounts . So the most accurate around deprovisioning is c it should be initiated as soon as the employee , user , employer , user's employment ends .
Okay , again , this should be a happen immediately . Now , in the case of myself , I worked for a couple weeks after I left , but just the day that I I walked out the door , they then , in turn , turned off my account and I didn't really have access to anything cool , but it turned it all off . Question 13 .
In a privileged access management session , monitoring is used to do what ? So in a PAM session , monitoring is used to do what ? Okay , so if you have a PAM session , you're logging in , you're using the PAM tool . What's happening ? A it provides users with remote access to company resources .
B it tracks and record privileged sessions for auditing and forensic purposes . C it encrypts communication between the user's device and company servers . Or D it facilitates the sharing of user credentials among team members . So it does a lot of those , but what is it the session monitoring used for ?
And it is B to track and record privileged sessions for auditing and forensic purposes . Question 14 , the main goal of single sign-on is to do what ? A increase the number of passwords required for authentication . C to improve the user experience by simplifying the authentication process . C replace passwords with biometric authentication methods .
Or D store all user passwords in a centralized database . Again , the main goal of a single sign-on is to do what ? And it is to improve the user experience by simplifying the authentication process . Again , sso is to improve user experience by this simplification and it allows you to have access to multiple applications with one set of credentials .
Question 15 , the last melon . Which of the following is least likely to implement multi-factor authentication ? Which of the following is the least likely reason for implementing multi-factor authentication A to comply with regulatory requirements . B to reduce the risk of unauthorized access . C to increase the speed of authentication process . Or .
D , to add extra layer of security . So which of the following is the least likely reason for implementing multi-factor authentication ? And it is C , to increase the speed of authentication process . Again , mfa .
That is the least likely reason for MFA , probably , if anything , will probably slow down the authentication process because you have to go now , get to your phone and do the clicky clicky thing to make that happen . But at the end of it , it's a much more secure solution than just having usernames and passwords . Okay , that's all I have for you today .
Head on over to CISSP Cyber Training . Check out my blueprint . It's amazing . You will be very happy with the blueprint . It's part of the packages that I offer on the site that you can gain access to . Watch out for any sort of sales that I have coming out . I have those out every once a month . Once every couple of months You'll see one that comes out .
If you're interested in my product , you can purchase it there . Great product , you will be very , very happy with it , I guarantee . The other thing is is the fact that if you want just the free stuff , I have tons of free stuff on my site that's available to you , including the videos of these podcasts as well as the podcasts themselves .
Those are all there and available to you at cisspcybertrainingcom and it'll help you walk you through this entire process . Again , go out to cisspcybertrainingcom , check it out . Again , I'm here to help you pass your CISSP exam . That's what I'm here for . It's why I want you to be successful and , again , we're excited to be part of this journey with you .
Have a wonderful day and we will catch you on the flip side , see ya .