Community
Classroom
Calendar
Members
Map
Leaderboards
About
May 24 • 📚 Study Material
CISSP Study Flash Cards for All 8 Domains
Here are flashcards for each of the 8 CISSP domains.
Domain 1: Security and Risk Management
Q: What are the three pillars of the CIA triad
A: Confidentiality, Integrity, Availability
Q: What is the main difference between due care and due diligence?
A: Due care is acting responsibly; due diligence is researching before acting.
Q: What is the purpose of a risk assessment?
A: To identify, evaluate, and prioritize risks to organizational assets.
Domain 2: Asset Security
Q: Who is responsible for classifying data
A: Data Owner
Q: What is data remanence?
A: Residual data left behind after attempts to erase it.
Q: What is the purpose of data labeling?
A: To indicate classification level and handling requirements.
Domain 3: Security Architecture and Engineering
Q: What does the Bell-LaPadula model focus on?
A: Confidentiality
Q: What is the difference between symmetric and asymmetric encryption?
A: Symmetric uses one key; asymmetric uses two keys (public/private).
Q: What is a TPM used for?
A: To securely store cryptographic keys.
Domain 4: Communication and Network Security
Q: What OSI layer is responsible for encryption?
A: Layer 6 – Presentation
Q: What is the function of a firewall?
A: To control traffic between networks based on rules.
Q: What does IPsec use to provide encryption?
A: ESP (Encapsulating Security Payload)
Domain 5: Identity and Access Management (IAM)
Q: What are the four phases of IAAA?
A: Identification, Authentication, Authorization, Accounting
Q: What is SAML used for?
A: Federated identity and Single Sign-On (SSO)
Q: What is the principle of least privilege?
A: Users get only the access they need to perform their job.
Domain 6: Security Assessment and Testing
Q: What is the purpose of a vulnerability scan?
A: To identify known security weaknesses.
Q: What is a penetration test?A:
A simulated attack to find exploitable vulnerabilities.
Q: What is the difference between white-box and black-box testing?
A: White-box: internal knowledge; Black-box: no prior knowledge.
Domain 7: Security Operations
Q: What is RTO?
A: Recovery Time Objective – maximum acceptable downtime
Q: What are the phases of incident response?
A: Preparation, Detection & Analysis, Containment, Eradication, Recovery, Lessons Learned
Q: What is job rotation used for?
A: To reduce fraud and provide backup capability.
Domain 8: Software Development Security
Q: What is the goal of the SDLC?
A: To ensure software is developed securely and efficiently.
Q: What does OWASP Top 10 refer to?
A: The top 10 most critical web application security risks.
Q: What is input validation?
A: Ensuring user input is clean and expected to prevent attacks.
1
0 comments
Fouad Ahmed
6
CISSP Study Flash Cards for All 8 Domains
CISSP Study Group
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
👉 AI Quiz APP
👉 UNLIMITED Mock Exams
Leaderboard (30-day)
1
David Hawkins
+44
2
Donny Daniels
+30
3
Fouad Ahmed
+30
4
Zaki Farooqi
+26
5
Sergio Stefani
+20
Powered by