Must know for an Information Security Professional (A CISSP professional will know these in general) . Want to be a security professional, learn these as well.
What is a security policy?
What are policies in general?
What are the different types of Security Controls?
Give examples of Audit Trail.
Give examples of security guard.
Difference between authentication and authorization
Can SSO be decentralized? How can you implement that? Just examples are good.
What is the least privilege policy?
What is a job rotation policy?
TACAS, RADIUS what are these? Does your organization need to use these? In what cases? Is it a good fit?
Give examples of access control attacks?
Give examples of Social Engineering?
What is your experience with reviewing the access configurations?
What TCP/IP, OSI, ATM, QoS?
Give examples of Network Access Control Devices?
Give examples on how Network Access Control Devices are used in your organization? How can you configure them?
Is Endpoint security a good practice? What is Endpoint security anyway?
POTS, PBX, VoIP – does your organization use these? What are the related security risks?
How can attackers inject data into video stream (video conferencing)?
Give examples of Tunneling Protocols? esp. the secured ones?
Is VPN a tunneling concept? What protocols are used on VPN?
How is IpSec data formatted? What is AH ? What is ESP?
What is the primary purpose of SSL and TLS?
What is a Syn Flood Attack.
What is spoofing?
What is VLAN? Will you implement VLAN in your organization? When?
What is the concept of Risk when it comes to organizational IT resource security?
Can your security measures mitigate all risks?
What is the relation between a security policy and local laws and regulations?
Does your organization conduct Due care and Due diligence for security?
How do you ensure confidentiality, integrity, and availability?
How is managing information lifecycle important for an organization?
To which organizations HIPAA apply?
What are Risk Avoidance, Risk transference, Risk Mitigation, Risk Acceptance?
Can Risk Acceptance be acceptable policy? Give examples…
How can you apply and ensure security in the software development lifecycle?
What are backdoors in software?
What is XSS security risk? How can you prevent XSS?
What is security testing?
Can you use white box testing as a security measure?
Should you encrypt all sensitive – data files?
Define Symmetric and Asymmetric cryptography? Give examples. Which one is more secure?
What is Hybrid cryptography, What is Hashing?
What is Social Engineering for Key Discovery?
What is a rainbow table attack?
What is PKI? How does PKI work?
What are security models?
What is Bell-Lapadula model?
What is Biba model?
what is Clark-Wilson access model.
How can XML traffic be protected?
OWASP what is it? Who sponsors OWASP?
How can Separation of duties and responsibilities help with security?
What is the last step in incident response?
What is root cause analysis?
What is change management?
How do software configuration, and configuration management help with security?
What you know About RAID? Describe in your own way.
Give example ways you can make your servers fault tolerant.
Give an example of a backup strategy for a hypothetical organization.
Give types and examples of computer crimes.
What is Shrinkwrap contract?
Give some example guidelines from ISC code of Professional Ethics.
Give examples of forensic procedures.
Give examples of Site and facility design considerations for security?
By
Sayed Ahmed
Linkedin: https://ca.linkedin.com/in/sayedjustetc
Blog: http://Bangla.SaLearningSchool.com, http://SitesTree.com
Online and Offline Training: http://Training.SitesTree.com
If you want to contribute to the operation of this site including occasional free online training (using Skype, Zoom.us): http://Training.SitesTree.com (or charitable/non-profit work in the education sector), you can financially contribute to: safoundation at salearningschool.com using Paypal. Sometime, we also provide
Affiliate Links:
Hottest Deals on Amazon USA: http://tiny.cc/38lddz
Hottest Deals on Amazon CA: http://tiny.cc/bgnddz
Hottest Deals on Amazon Europe: http://tiny.cc/w4nddz From: http://sitestree.com/must-know-for-an-information-security-professional-a-cissp-professional-will-know-these-in-general/
Categories:Root
Tags:
Post Data:2019-11-19 22:29:35
Shop Online: https://www.ShopForSoul.com/
(Big Data, Cloud, Security, Machine Learning): Courses: http://Training.SitesTree.com
In Bengali: http://Bangla.SaLearningSchool.com
http://SitesTree.com
8112223 Canada Inc./JustEtc: http://JustEtc.net (Software/Web/Mobile/Big-Data/Machine Learning)
Shop Online: https://www.ShopForSoul.com/
Medium: https://medium.com/@SayedAhmedCanada
