一、每日知识点(以下知识点源自CISSP官方学习指南Flash CARD)
知识点1
Q:What is IIoT?
问:什么是IIoT?
A:Industrial Internet of Things (IIoT) is a derivative of IoT that focuses on industrial, engineering, manufacturing, or infrastructure level oversight, automation, management, and sensing. IIoT is an evolution of ICS and DCS that integrates cloud services to perform data collection, analysis, optimization, and automation.
答:工业物联网(IIoT)是物联网的衍生产品,专注于工业、工程、制造或基础设施层面的监督、自动化、管理和传感。IIoT是ICS和DCS的演变,它集成了云服务来执行数据收集、分析、优化和自动化。
知识点2
Q:What is a false positive?
问:什么是假阳性?
A:When the scanner tests a system for vulnerabilities, it uses the tests in its database to determine whether a system may contain the vulnerability. In some cases, the scanner may not have enough information to conclusively determine that a vulnerability exists and it reports a vulnerability when there really is no problem. This situation is known as a false positive report and is sometimes seen as a nuisance to system administrators.答:当扫描程序测试系统的漏洞时,它会使用其数据库中的测试来确定系统是否可能包含该漏洞。在某些情况下,扫描程序可能没有足够的信息来确定漏洞是否存在,并且在确实没有问题时报告漏洞。这种情况被称为误报,有时被视为对系统管理员的滋扰。
知识点3
Q:When users are granted only the minimum access necessary to complete some task or process, what principle is involved?
问:当用户只被授予完成某项任务或流程所需的最低访问权限时,涉及到什么原则?
A:The principle of least privilege答:最小特权原则
---------------
可扫描以下二维码、添加小助手微信,申请加入 “2022年CISSP认证学习群” 交流和讨论。
二、CISSP认证常错题(源自CISSP认证官方习题集、CISSP认证官方综合测试题)【答案解析在题目之后】
题目1
Joanna是她所在组织的CISO,在她的安全运营监督角色中,她希望确保对与安全相关的变更进行管理监督。在大多数组织中,她应该关注什么系统来跟踪此类数据?
Joanna is her organization's CISO, and in her security operations oversight role she wants to ensure that management oversight is happening for security-related changes. What system should she focus on to track this type of data in most organizations?
A、 SIEM系统
The SIEM system
B、 IPS系统
The IPS system
C、 CMS工具
The CMS tool
D、 ITSM工具
The ITSM tool
题目2
Henry想验证他的备份是否有效。以下哪个选项是他确保备份在真正的灾难恢复场景中有用的最佳方式?
Henry wants to validate that his backups are working. Which of the following options is the best way for him to ensure that the backups will be useful in a true disaster recovery scenario?
A、 定期恢复随机文件以确保备份工作正常
Periodically restore a random file to ensure that the backups are working.
B、 定期检查配置和设置以验证备份设置
Review configurations and settings on a regular schedule to validate backup settings.
C、 查看备份日志以确保没有发生错误
Review the backup logs to ensure no errors are occurring.
D、 定期从备份执行完整还原以验证其成功
Regularly perform full restores from backups to validate their success.
题目3
Elaine在她的组织使用的产品中发现了一个以前未知的严重漏洞。她的组织对道德披露有着坚定的承诺,Elaine希望遵循常见的道德披露实践。她首先应该做什么?
Elaine has discovered a previously unknown critical vulnerability in a product that her organization uses. Her organization has a strong commitment to ethical disclosure, and Elaine wants to follow common ethical disclosure practices. What should she do first?
A、 建立内部修补或控制,然后公开披露漏洞,提示供应商快速修补
Build an in-house remediation or control and then publicly disclosure the vulnerability to prompt the vendor to patch it quickly.
B、 建立内部修补或控制,然后将问题通知供应商
Build an in-house remediation or control and then notify the vendor of the issue.
C、 通知供应商并给他们合理的时间来解决问题
Notify the vendor and give them a reasonable amount of time to fix the issue.
D、 公开披露漏洞,以便供应商在适当的时间内对其进行修补
Publicly disclose the vulnerability so that the vendor will patch it in an appropriate amount of time.
---------------
题目1
答案:D
解析:IT服务管理或ITSM工具包括变更管理以及Joanna正在寻找的批准和审查流程的类型。SIEM 帮助处理安全日志和事件,IPS查找入侵和不需要的流量,CMS是一种内容管理工具。
IT service management, or ITSM, tools include change management and thus the type of approvals and review processes that Joanna is looking for. An SIEM helps with security logs and events, an IPS looks for intrusions and unwanted traffic, and a CMS is a content management tool.
题目2
答案:D
解析:所有这些都是备份策略的有用部分,但定期从备份执行完整还原是列出的最佳选项。如果定期执行恢复,而且单个文件将是可恢复的,但单个文件可能不会显示更大的备份问题。配置和设置审查很重要,但不会验证备份本身,错误消息可能表明存在问题,但也不会显示完整的日志。
All of these are useful parts of a backup strategy, but performing full restores from backups on a regular basis is the best option listed. If regular restores work, then individual files will be recoverable, but individual files may not show larger issues with backups. Configuration and setting reviews are important but will not validate the backups themselves, and error messages can indicate problems but won't demonstrate intact logs either.
题目3
答案:C
解析:道德(或负责任)披露规范包括通知供应商并为他们提供合理的时间来修补问题。在大多数情况下,在通知供应商之前或在短时间内公开披露被认为是不道德的。虽然这个时间框架各不相同,但由于软件和其他技术的复杂性,90到120天在整个行业中是常见的。
Ethical (or responsible) disclosure norms include notifying the vendor and providing them with a reasonable amount of time to remediate the issue. Public disclosures before notifying the vendor or in a short period of time are considered unethical in most circum- stances. While this time frame varies, 90 to 120 days is not uncommon across the industry due to the complexity of software and other technologies.
知识点1
Q:What is IIoT?
问:什么是IIoT?
A:Industrial Internet of Things (IIoT) is a derivative of IoT that focuses on industrial, engineering, manufacturing, or infrastructure level oversight, automation, management, and sensing. IIoT is an evolution of ICS and DCS that integrates cloud services to perform data collection, analysis, optimization, and automation.
答:工业物联网(IIoT)是物联网的衍生产品,专注于工业、工程、制造或基础设施层面的监督、自动化、管理和传感。IIoT是ICS和DCS的演变,它集成了云服务来执行数据收集、分析、优化和自动化。
知识点2
Q:What is a false positive?
问:什么是假阳性?
A:When the scanner tests a system for vulnerabilities, it uses the tests in its database to determine whether a system may contain the vulnerability. In some cases, the scanner may not have enough information to conclusively determine that a vulnerability exists and it reports a vulnerability when there really is no problem. This situation is known as a false positive report and is sometimes seen as a nuisance to system administrators.答:当扫描程序测试系统的漏洞时,它会使用其数据库中的测试来确定系统是否可能包含该漏洞。在某些情况下,扫描程序可能没有足够的信息来确定漏洞是否存在,并且在确实没有问题时报告漏洞。这种情况被称为误报,有时被视为对系统管理员的滋扰。
知识点3
Q:When users are granted only the minimum access necessary to complete some task or process, what principle is involved?
问:当用户只被授予完成某项任务或流程所需的最低访问权限时,涉及到什么原则?
A:The principle of least privilege答:最小特权原则
---------------
可扫描以下二维码、添加小助手微信,申请加入 “2022年CISSP认证学习群” 交流和讨论。
二、CISSP认证常错题(源自CISSP认证官方习题集、CISSP认证官方综合测试题)【答案解析在题目之后】
题目1
Joanna是她所在组织的CISO,在她的安全运营监督角色中,她希望确保对与安全相关的变更进行管理监督。在大多数组织中,她应该关注什么系统来跟踪此类数据?
Joanna is her organization's CISO, and in her security operations oversight role she wants to ensure that management oversight is happening for security-related changes. What system should she focus on to track this type of data in most organizations?
A、 SIEM系统
The SIEM system
B、 IPS系统
The IPS system
C、 CMS工具
The CMS tool
D、 ITSM工具
The ITSM tool
题目2
Henry想验证他的备份是否有效。以下哪个选项是他确保备份在真正的灾难恢复场景中有用的最佳方式?
Henry wants to validate that his backups are working. Which of the following options is the best way for him to ensure that the backups will be useful in a true disaster recovery scenario?
A、 定期恢复随机文件以确保备份工作正常
Periodically restore a random file to ensure that the backups are working.
B、 定期检查配置和设置以验证备份设置
Review configurations and settings on a regular schedule to validate backup settings.
C、 查看备份日志以确保没有发生错误
Review the backup logs to ensure no errors are occurring.
D、 定期从备份执行完整还原以验证其成功
Regularly perform full restores from backups to validate their success.
题目3
Elaine在她的组织使用的产品中发现了一个以前未知的严重漏洞。她的组织对道德披露有着坚定的承诺,Elaine希望遵循常见的道德披露实践。她首先应该做什么?
Elaine has discovered a previously unknown critical vulnerability in a product that her organization uses. Her organization has a strong commitment to ethical disclosure, and Elaine wants to follow common ethical disclosure practices. What should she do first?
A、 建立内部修补或控制,然后公开披露漏洞,提示供应商快速修补
Build an in-house remediation or control and then publicly disclosure the vulnerability to prompt the vendor to patch it quickly.
B、 建立内部修补或控制,然后将问题通知供应商
Build an in-house remediation or control and then notify the vendor of the issue.
C、 通知供应商并给他们合理的时间来解决问题
Notify the vendor and give them a reasonable amount of time to fix the issue.
D、 公开披露漏洞,以便供应商在适当的时间内对其进行修补
Publicly disclose the vulnerability so that the vendor will patch it in an appropriate amount of time.
---------------
题目1
答案:D
解析:IT服务管理或ITSM工具包括变更管理以及Joanna正在寻找的批准和审查流程的类型。SIEM 帮助处理安全日志和事件,IPS查找入侵和不需要的流量,CMS是一种内容管理工具。
IT service management, or ITSM, tools include change management and thus the type of approvals and review processes that Joanna is looking for. An SIEM helps with security logs and events, an IPS looks for intrusions and unwanted traffic, and a CMS is a content management tool.
题目2
答案:D
解析:所有这些都是备份策略的有用部分,但定期从备份执行完整还原是列出的最佳选项。如果定期执行恢复,而且单个文件将是可恢复的,但单个文件可能不会显示更大的备份问题。配置和设置审查很重要,但不会验证备份本身,错误消息可能表明存在问题,但也不会显示完整的日志。
All of these are useful parts of a backup strategy, but performing full restores from backups on a regular basis is the best option listed. If regular restores work, then individual files will be recoverable, but individual files may not show larger issues with backups. Configuration and setting reviews are important but will not validate the backups themselves, and error messages can indicate problems but won't demonstrate intact logs either.
题目3
答案:C
解析:道德(或负责任)披露规范包括通知供应商并为他们提供合理的时间来修补问题。在大多数情况下,在通知供应商之前或在短时间内公开披露被认为是不道德的。虽然这个时间框架各不相同,但由于软件和其他技术的复杂性,90到120天在整个行业中是常见的。
Ethical (or responsible) disclosure norms include notifying the vendor and providing them with a reasonable amount of time to remediate the issue. Public disclosures before notifying the vendor or in a short period of time are considered unethical in most circum- stances. While this time frame varies, 90 to 120 days is not uncommon across the industry due to the complexity of software and other technologies.