Which of the following topics is covered under the business continuity and disaster recovery planning CBK domain?

Nội dung chính Show

CISSP CBK domains
How to study for the CISSP certification
Which of the following of the CIA Triad ensures that the information is correct and no unauthorized person has altered it?
Which of the following are not part of the CIA triad?
Which of the following is an example of technical controls that can be used for physical security?
What is CIA in terms of information security?

Casey Clark,
Madelyn Bacon, Associate Site Editor

In security, Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices. CBK is organized by domain and it is annually gathered and updated by the International Information Systems Security Certification Consortium, otherwise known as (ISC)2.

(ISC)2 uses the various domains of the CBK to test a certificate candidate's levels of expertise in the most critical aspects of InfoSec. The Certified Information Systems Security Professional (CISSP) certification exam covers the CBK domains: security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, and software development security.

CISSP CBK domains

The eight different CISSP domains that the (ISC) 2's CISSP Exam covers are compiled from various topics in the (ISC)2 CBK and are annually updated to reflect the most relevant topics within the profession. The CISSP CBK domains further include:

Security and Risk Management -- this domain deals with risk management concepts, threat modeling, the security model, security governance principles, business continuity requirements, and policies and procedures.
Asset Security -- this domain contains topics that involve data management and standards, longevity and use, how to ensure appropriate retention and how data security controls are determined.
Security Engineering -- this domain tests a candidate on security engineering processes, models and design principles that also include database security, cryptography systems, clouds and vulnerabilities.
Communications and Network Security -- this domain includes network security and the creation of secure communication channels, such as secure network architecture design and components including access control, transmission media and communication hardware.
Identity and Access Management -- this domain focuses on system access, authorization, identification and authentication including access control and multifactor authentication.
Security Assessment and Testing -- this domain covers the tools needed to find vulnerabilities, bugs and errors in code and system security, as well as vulnerability assessment, penetration testing and disaster recovery.
Security Operations -- this domain deals with digital forensic and investigations, detection tools, firewalls and sandboxing as well as incident management.
Software Development Security -- this domain contains information on how to implement security controls on software into an environment that the infosec expert manages.

How to study for the CISSP certification

The CISSP certification covers all eight CISSP domains, and CISSP CBK test takers are expected to be familiar with each one. The use of learning materials is encouraged; textbooks and practice exams can be found online. The official test website contains a list of CISSP resources available for purchase.

This was last updated in April 2018

Continue Reading About Common Body of Knowledge (CBK)

Prepare for the CISSP certification

Determine the best career path to get CISSP certified

Review the updated CISSP certification domains

Are security certifications important for new hires?

The path to becoming a CISSP (ISC)2

Dig Deeper on Careers and certifications

10 cybersecurity certifications to boost your career in 2022
By: Steve Zurier
CISSP practice exam questions and answers
By: Sharon Shea
How to pass the CISSP exam on your first try: Tips to get a good score
Certified Information Systems Security Professional (CISSP)

By: Peter Loshin

Which of the following of the CIA Triad ensures that the information is correct and no unauthorized person has altered it?

Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality).

Which of the following are not part of the CIA triad?

Explanation: CIA refers to Confidentiality, Integrity, and Availability that are also considered as the CIA triad. However, the CIA triad does not involve Authenticity.

Which of the following is an example of technical controls that can be used for physical security?

Examples include physical controls such as fences, locks, and alarm systems; technical controls such as antivirus software, firewalls, and IPSs; and administrative controls like separation of duties, data classification, and auditing.

What is CIA in terms of information security?

The three letters in "CIA triad" stand for Confidentiality, Integrity, and Availability. The CIA triad is a common model that forms the basis for the development of security systems. They are used for finding vulnerabilities and methods for creating solutions.