FUNDAMENTAL QUESTIONS AND ANSWERS FOR CISSP EXAMINATION

1. **Q:** What is cybersecurity?

**A:** Cybersecurity is the practice of protecting systems, networks, and programs from digital
attacks aimed at accessing, changing, or destroying sensitive information.

2. **Q:** What is the difference between a virus and a worm?

**A:** A virus attaches itself to a program or file and spreads when the infected program or file is
executed. A worm is standalone software that replicates itself to spread to other computers without
needing to attach to a host.

3. **Q:** What is phishing?

**A:** Phishing is a cyberattack that uses disguised email as a weapon to trick the recipient into
revealing personal information, such as passwords and credit card numbers.

4. **Q:** What is a firewall?

**A:** A firewall is a network security device that monitors and filters incoming and outgoing
network traffic based on security policies.

5. **Q:** What is encryption?

**A:** Encryption is the process of converting data into a code to prevent unauthorized access.

6. **Q:** What is two-factor authentication (2FA)?

**A:** 2FA is an extra layer of security used to ensure that people trying to gain access to an online
account are who they say they are, typically requiring both something they know (password) and
something they have (phone).

7. **Q:** What is a botnet?

**A:** A botnet is a network of compromised computers controlled by an attacker to carry out

various tasks, such as sending spam or launching DDoS attacks.

8. **Q:** What is the principle of least privilege?

 **A:** The principle of least privilege is a security concept that restricts user access rights to only
what is necessary to perform their work.

9. **Q:** What is a Denial-of-Service (DoS) attack?

**A:** A DoS attack is an attack intended to shut down a machine or network, making it
inaccessible to its intended users by overwhelming it with a flood of traffic.

10. **Q:** What is social engineering?

**A:** Social engineering is the manipulation of people into performing actions or divulging
confidential information.

### **Network Security**

11. **Q:** What is a VPN?

**A:** A Virtual Private Network (VPN) extends a private network across a public network, allowing
users to send and receive data securely over the public network.

12. **Q:** What is an Intrusion Detection System (IDS)?

**A:** An IDS monitors network traffic for suspicious activity and alerts the system or network
administrator.

13. **Q:** What is the difference between an IDS and an IPS?

**A:** An Intrusion Prevention System (IPS) not only detects intrusions but also takes action to
prevent the attack, while an IDS only detects and alerts.

14. **Q:** What is port scanning?

**A:** Port scanning is the process of probing a server or host for open ports, often used by
attackers to identify vulnerabilities.

15. **Q:** What is the purpose of network segmentation?

**A:** Network segmentation involves dividing a network into smaller segments to improve
performance and security by limiting the spread of potential attacks.
16. **Q:** What is a DMZ in network security?

**A:** A Demilitarized Zone (DMZ) is a physical or logical subnetwork that separates an internal
local area network (LAN) from other untrusted networks, such as the internet.

17. **Q:** What is a honeypot?

**A:** A honeypot is a security mechanism set up to detect, deflect, or study attempts to gain
unauthorized access to information systems.

18. **Q:** What is MAC address filtering?

**A:** MAC address filtering is a security feature that allows devices with specific MAC addresses
to connect to a network, while blocking others.

19. **Q:** What is an ARP spoofing attack?

**A:** ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address
Resolution Protocol) messages to a local area network, causing traffic to be misdirected.

20. **Q:** What is the purpose of SSL/TLS?

**A:** SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols
designed to provide secure communication over a computer network.

### **Operating System Security**

21. **Q:** What is the purpose of a security patch?

**A:** A security patch is an update applied to an operating system or software to fix

vulnerabilities and prevent attacks.

22. **Q:** What is file integrity monitoring (FIM)?

**A:** FIM is a security technique that monitors and detects changes to files that may indicate a
security breach.
23. **Q:** What is user account control (UAC) in Windows?

**A:** UAC is a Windows security feature that prevents unauthorized changes to the operating
system by prompting for administrator-level approval.

24. **Q:** What is the purpose of an antivirus program?

**A:** An antivirus program detects, prevents, and removes malware, including viruses, worms,
and other malicious software.

25. **Q:** What is a rootkit?

**A:** A rootkit is a type of malicious software designed to remotely control or access a computer
without being detected.

26. **Q:** What is SELinux?

**A:** Security-Enhanced Linux (SELinux) is a security architecture integrated into the Linux kernel
that provides mandatory access control (MAC) to enhance system security.

27. **Q:** What is a zero-day vulnerability?

**A:** A zero-day vulnerability is a software flaw that is unknown to the vendor and for which no
patch is available, leaving it vulnerable to exploitation.

28. **Q:** What is BitLocker?

**A:** BitLocker is a full-disk encryption feature included with Microsoft Windows to protect data
by encrypting entire volumes.

29. **Q:** What is the Windows Security Center?

**A:** The Windows Security Center is a control panel applet that provides users with an overview
of the security status of their system, including firewall settings, antivirus protection, and other
security features.

30. **Q:** What is sandboxing in operating systems?

**A:** Sandboxing is a security mechanism that isolates running programs to prevent them from
affecting the rest of the system, commonly used to safely execute untested code.
### **Application Security**

31. **Q:** What is SQL injection?

**A:** SQL injection is a code injection technique that exploits vulnerabilities in a web application's
database layer to execute arbitrary SQL code.

32. **Q:** What is cross-site scripting (XSS)?

**A:** XSS is a type of security vulnerability in web applications where attackers inject malicious
scripts into content that is viewed by other users.

33. **Q:** What is cross-site request forgery (CSRF)?

**A:** CSRF is an attack that tricks a user into performing actions on a web application in which
they are authenticated, without their consent.

34. **Q:** What is input validation?

**A:** Input validation is the process of ensuring that user input is clean, correct, and secure before
it is processed by an application.

35. **Q:** What is the purpose of a web application firewall (WAF)?

**A:** A WAF filters, monitors, and blocks HTTP traffic to and from a web application to protect it
from various attacks, such as SQL injection and XSS.

36. **Q:** What is OAuth?

**A:** OAuth is an open standard for access delegation that allows users to grant third-party
applications limited access to their resources without sharing their credentials.

37. **Q:** What is the OWASP Top Ten?

**A:** The OWASP Top Ten is a list of the ten most critical security risks to web applications,
maintained by the Open Web Application Security Project (OWASP).
38. **Q:** What is a buffer overflow?

**A:** A buffer overflow is a type of vulnerability that occurs when more data is written to a buffer
than it can hold, potentially allowing attackers to execute arbitrary code.

39. **Q:** What is a security token?

**A:** A security token is a physical or digital device that provides authentication for access to a
resource, often used in two-factor authentication.

40. **Q:** What is data masking?

**A:** Data masking is the process of obscuring specific data within a database so that it remains
accessible for testing or analysis but is not exposed to unauthorized users.

### **Cryptography**

41. **Q:** What is symmetric encryption?

**A:** Symmetric encryption uses the same key for both encryption and decryption of data.

42. **Q:** What is asymmetric encryption?

**A:** Asymmetric encryption uses a pair of keys – a public key for encryption and a private key for
decryption.

43. **Q:** What is a digital signature?

**A:** A digital signature is a cryptographic technique that ensures the authenticity and integrity of
a message, document, or software.

44. **Q:** What is a hash function?

**A:** A hash function is a cryptographic algorithm that converts an input (or 'message') into a
fixed-length string of characters, which is typically a digest that represents the data.

45. **Q:** What is the difference between MD5 and SHA-256?

 **A:** MD5 produces a 128-bit hash value, while SHA-256 produces a 256-bit hash value. SHA-256
is more secure and resistant to collisions than MD5.

46. **Q:**

What is key exchange?

**A:** Key exchange is the process of securely exchanging cryptographic keys between parties to
enable secure communication.

47. **Q:** What is a public key infrastructure (PKI)?

**A:** PKI is a framework that manages digital keys and certificates, ensuring secure electronic
transactions and communication.

48. **Q:** What is a certificate authority (CA)?

**A:** A CA is an entity that issues digital certificates, which validate the ownership of public keys
used in secure communication.

49. **Q:** What is steganography?

**A:** Steganography is the practice of concealing a message, image, or file within another
message, image, or file to prevent detection.

50. **Q:** What is elliptic curve cryptography (ECC)?

**A:** ECC is a form of public key cryptography based on the algebraic structure of elliptic curves
over finite fields, offering high security with smaller keys.

### **Security Frameworks and Standards**

51. **Q:** What is the ISO/IEC 27001 standard?

**A:** ISO/IEC 27001 is an international standard for managing information security, outlining the
requirements for an information security management system (ISMS).
52. **Q:** What is the NIST Cybersecurity Framework?

**A:** The NIST Cybersecurity Framework is a set of guidelines and best practices for managing and
reducing cybersecurity risk.

53. **Q:** What is PCI DSS?

**A:** The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards
designed to protect credit card information during and after a financial transaction.

54. **Q:** What is GDPR?

**A:** The General Data Protection Regulation (GDPR) is a European Union regulation that governs
data protection and privacy for individuals within the EU.

55. **Q:** What is HIPAA?

**A:** The Health Insurance Portability and Accountability Act (HIPAA) is a US law that sets
standards for protecting sensitive patient data.

56. **Q:** What is COBIT?

**A:** COBIT (Control Objectives for Information and Related Technologies) is a framework for
developing, implementing, monitoring, and improving IT governance and management practices.

57. **Q:** What is SOX compliance?

**A:** SOX (Sarbanes-Oxley Act) compliance involves implementing controls and procedures to
protect financial data and ensure the accuracy and reliability of financial reporting.

58. **Q:** What is the CIS Controls framework?

**A:** The CIS Controls are a prioritized set of actions to defend against cybersecurity threats,
developed by the Center for Internet Security.

59. **Q:** What is the difference between SOC 1 and SOC 2?

**A:** SOC 1 focuses on internal controls over financial reporting, while SOC 2 addresses the
security, availability, processing integrity, confidentiality, and privacy of data.
60. **Q:** What is the purpose of ISO/IEC 27002?

**A:** ISO/IEC 27002 provides guidelines and best practices for implementing information security
controls based on the ISO/IEC 27001 standard.

### **Incident Response**

61. **Q:** What is an incident response plan?

**A:** An incident response plan is a documented, structured approach to handle and manage the
aftermath of a security breach or cyberattack.

62. **Q:** What is a security incident?

**A:** A security incident is an event that may indicate a breach of a system or network’s security
policy, leading to unauthorized access or data loss.

63. **Q:** What is the first step in the incident response process?

**A:** The first step is preparation, which involves establishing and maintaining an incident
response capability.

64. **Q:** What is the difference between a security event and a security incident?

**A:** A security event is any observable occurrence in a system or network, while a security
incident is a security event that has been confirmed to compromise the integrity, confidentiality, or
availability of information.

65. **Q:** What is the purpose of a post-incident review?

**A:** A post-incident review analyzes the incident to understand what happened, assess the
response, and identify areas for improvement.

66. **Q:** What is containment in incident response?

**A:** Containment involves isolating affected systems to prevent further damage during a security
incident.

67. **Q:** What is the role of a Security Operations Center (SOC)?

 **A:** A SOC is responsible for monitoring, detecting, and responding to cybersecurity incidents in
real-time.

68. **Q:** What is the purpose of threat hunting?

**A:** Threat hunting is the proactive search for cyber threats that may have evaded security
defenses.

69. **Q:** What is the difference between a vulnerability and an exploit?

**A:** A vulnerability is a weakness in a system that can be exploited, while an exploit is the actual
method or tool used to take advantage of a vulnerability.

70. **Q:** What is the role of digital forensics in cybersecurity?

**A:** Digital forensics involves collecting, preserving, analyzing, and presenting digital evidence to
investigate and respond to security incidents.

### **Identity and Access Management**

71. **Q:** What is identity and access management (IAM)?

**A:** IAM is a framework of policies and technologies to ensure that the right individuals have
access to the right resources at the right times for the right reasons.

72. **Q:** What is multi-factor authentication (MFA)?

**A:** MFA is an authentication method that requires users to provide two or more verification
factors to gain access to a resource.

73. **Q:** What is role-based access control (RBAC)?

**A:** RBAC is a method of regulating access to systems and data based on the roles of individual
users within an organization.

74. **Q:** What is a federated identity?

**A:** Federated identity is the linking of a user's digital identity across multiple systems and
organizations, allowing single sign-on (SSO) across them.
75. **Q:** What is single sign-on (SSO)?

**A:** SSO is an authentication process that allows a user to access multiple applications with one
set of login credentials.

76. **Q:** What is an access control list (ACL)?

**A:** An ACL is a list of permissions attached to an object that specifies which users or system
processes are granted access to that object and what operations they are allowed to perform.

77. **Q:** What is a session timeout?

**A:** A session timeout is a security measure that logs a user out of a system after a period of
inactivity to prevent unauthorized access.

78. **Q:** What is a privilege escalation attack?

**A:** Privilege escalation is an attack that exploits a vulnerability to gain higher access levels than
intended within a system.

79. **Q:** What is a smart card?

**A:** A smart card is a physical card with an embedded microchip that stores data and can be
used for secure authentication and access control.

80. **Q:** What is biometric authentication?

**A:** Biometric authentication uses unique biological traits, such as fingerprints or facial
recognition, to verify a user's identity.

### **Cloud Security**

81. **Q:** What is cloud security?

**A:** Cloud security involves the policies, technologies, and controls used to protect data,
applications, and services in the cloud environment.
82. **Q:** What is the shared responsibility model in cloud security?

**A:** The shared responsibility model outlines the division of security responsibilities between a
cloud provider and its customers.

83. **Q:** What is data encryption in the cloud?

**A:** Data encryption in the cloud involves using encryption technologies to protect data at rest
and in transit in cloud environments.

84. **Q:** What is a cloud access security broker (CASB)?

**A:** A CASB is a security policy enforcement point positioned between cloud service consumers
and providers to enforce enterprise security policies.

85. **Q:** What are the three main cloud service models?

**A:** The three main cloud service models are Infrastructure as a Service (IaaS), Platform as a
Service (PaaS), and Software as a Service (SaaS).

86. **Q:** What is containerization in cloud computing?

**A:** Containerization is a lightweight form of virtualization that allows applications to run in

isolated environments called containers, which share the same operating system kernel.

87. **Q:** What is the difference between public, private, and hybrid clouds?

**A:** A public cloud is hosted by third-party providers and is available to anyone over the
internet. A private cloud is used exclusively by a single organization. A hybrid cloud combines
elements of both public and private clouds.

88. **Q:** What is cloud workload protection?

**A:** Cloud workload protection involves securing workloads in the cloud, such as applications,
databases, and services, from cyber threats.

89. **Q:** What is multi-cloud security?

**A:** Multi-cloud security refers to the practice of securing data and applications across multiple
cloud providers.
90. **Q:** What is cloud compliance?

**A:** Cloud compliance involves ensuring that cloud services adhere to regulatory and legal
standards for data protection and privacy.

### **Emerging Threats and Technologies**

91. **Q:** What is ransomware?

**A:** Ransomware is a type of malware that encrypts a victim's files, and the attacker demands
payment to restore access to the data.

92. **Q:** What is the Internet of Things (IoT)?

**A:** IoT refers to a network of physical devices embedded with sensors, software, and other
technologies to connect and

exchange data over the internet.

93. **Q:** What is quantum cryptography?

**A:** Quantum cryptography uses the principles of quantum mechanics to secure data, offering
potentially unbreakable encryption.

94. **Q:** What is artificial intelligence (AI) in cybersecurity?

**A:** AI in cybersecurity involves using machine learning and other AI techniques to detect,
predict, and respond to security threats.

95. **Q:** What is blockchain technology?

**A:** Blockchain is a decentralized, distributed ledger that records transactions across multiple
computers to ensure the security and transparency of the data.

96. **Q:** What is a deepfake?

 **A:** A deepfake is a synthetic media created using AI to manipulate or generate images, videos,
or audio that appear to be real.

97. **Q:** What is a supply chain attack?

**A:** A supply chain attack targets vulnerabilities in an organization's supply chain, often by
compromising a third-party vendor or supplier to gain access to the organization's systems.

98. **Q:** What is 5G and how does it impact cybersecurity?

**A:** 5G is the fifth generation of wireless technology, offering faster speeds and lower latency. It
also introduces new cybersecurity challenges, such as increased attack surfaces and the need for more
robust security measures.

99. **Q:** What is digital twin technology?

**A:** A digital twin is a virtual model of a physical object, process, or system that is used for
monitoring, analysis, and optimization. In cybersecurity, it can be used to simulate and predict the
impact of attacks.

100. **Q:** What are autonomous security systems?

**A:** Autonomous security systems use AI and machine learning to detect and respond to cyber
threats without human intervention.