Podcasts about shon gerber

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    Shon will provide CISSP study and training for Domain 4 (Communication and Network Security) of the CISSP Exam.  His knowledge will provide the skills needed to pass the CISSP.  BTW - Get access to all my Free Content and CISSP Training Courses here at:  https://shongerber.com/   Available Courses:    CISSP Training Course - https://www.shongerber.com/offers/zYsL6MCB  CISO Training Course - https://www.shongerber.com/offers/zd2RbL6o  CISSP Exam Questions  Question:  159   Vulnerabilities and risks are evaluated based on their threats against which of the following?  A) One or more of the CIA Triad principles  B) Data usefulness  C) Due care  D) Extent of liability  One or more of the CIA Triad principles  Vulnerabilities and risks are evaluated based on their threats against one or more of the CIA Triad principles.  https://www.brainscape.com/subjects/cissp-domains  ------------------------------------  Question:  160  While performing a risk analysis, you identify a threat of fire and a vulnerability because there are no fire extinguishers. Based on this information, which of the following is a possible risk?  A) Virus infection  B) Damage to equipment  C) System malfunction  D) Unauthorized access to confidential information  Damage to equipment    The threat of a fire and the vulnerability of a lack of fire extinguishers lead to the risk of damage to equipment. https://www.brainscape.com/subjects/cissp-domains  ------------------------------------  Question:  161  What process or event is typically hosted by an organization and is targeted to groups of employees with similar job functions?  A) Education  B) Awareness  C) Training  D) Termination  Training  Training is teaching employees to perform their work tasks and to comply with the security policy. Training is typically hosted by an organization and is targeted to groups of employees with similar job functions.  https://www.brainscape.com/subjects/cissp-domains Want to find Shon elsewhere on the internet?  LinkedIn – www.linkedin.com/in/shongerber  Facebook - https://www.facebook.com/CyberRiskReduced/  LINKS:   ISC2 Training Study Guide  https://www.isc2.org/Training/Self-Study-Resources  Online Article  https://www.cio.com/article/2381021/best-practices-how-to-create-an-effective-business-continuity-plan.html 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    Shon will provide CISSP training and study around the tools you need to better understand what you need to know to be better prepared for the CISSP Exam Questions.  His knowledge will provide the skills needed to pass the CISSP Exam.   BTW - Get access to all my Free Content and CISSP Training Courses here at:  https://shongerber.com/   Available Courses:    CISSP Training Course - https://www.shongerber.com/offers/zYsL6MCB  CISO Training Course - https://www.shongerber.com/offers/zd2RbL6o  CISSP Exam Questions  Question:  156  If a security mechanism offers availability, then it offers a high level of assurance that authorized subjects can _________ the data, objects, and resources.  A) Control  B) Audit  C) Access  D) Repudiate    Access    Accessibility of data, objects, and resources is the goal of availability. If a security mechanism offers availability, then it is highly likely that the data, objects, and resources are accessible to authorized subjects.  https://www.brainscape.com/subjects/cissp-domains  ------------------------------------  Question:  157  All but which of the following items require awareness for all individuals affected?  A) Restricting personal email  B) Recording phone conversations  C) Gathering information about surfing habits  D) The backup mechanism used to retain email messages    The backup mechanism used to retain email messages    Users should be aware that email messages are retained, but the backup mechanism used to perform this operation does not need to be disclosed to them.  https://www.brainscape.com/subjects/cissp-domains  ------------------------------------  Question:  158  Which of the following statements is not true?  A) IT security can provide protection only against logical or technical attacks.  B) The process by which the goals of risk management are achieved is known as risk analysis.  C) Risks to an IT infrastructure are all computer based.  D) An asset is anything used in a business process or task.    Risks to an IT infrastructure are all computer based.    Risks to an IT infrastructure are not all computer based. In fact, many risks come from noncomputer sources. It is important to consider all possible risks when performing risk evaluation for an organization. Failing to properly evaluate and respond to all forms of risk, a company remains vulnerable.  https://www.brainscape.com/subjects/cissp-domains    Want to find Shon elsewhere on the internet?  LinkedIn – www.linkedin.com/in/shongerber  Facebook - https://www.facebook.com/CyberRiskReduced/  LINKS:   ISC2 Training Study Guide  https://www.isc2.org/Training/Self-Study-Resources 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    BTW - Get access to all my Free Content and CISSP Training Courses here at:  https://shongerber.com/   Available Courses:    CISSP Training Course - https://www.shongerber.com/offers/zYsL6MCB  CISO Training Course - https://www.shongerber.com/offers/zd2RbL6o  CISSP Exam Questions  Question:  153   Which commercial business/private sector data classification is used to control information about individuals within an organization?  A) Confidential  B) Private  C) Sensitive  D) Proprietary    Private    The commercial business/private sector data classification of private is used to protect information about individuals.    https://www.brainscape.com/subjects/cissp-domains  ------------------------------------     Question:  154  Which of the following is not an element of the risk analysis process?  A) Analyzing an environment for risks  B) Creating a cost/benefit report for safeguards to present to upper management  C) Selecting appropriate safeguards and implementing them  D) Evaluating each threat event as to its likelihood of occurring and cost of the resulting damage    Selecting appropriate safeguards and implementing them  Risk analysis includes analyzing an environment for risks, evaluating each threat event as to its likelihood of occurring and the cost of the damage it would cause, assessing the cost of various countermeasures for each risk, and creating a cost/benefit report for safeguards to present to upper management. Selecting safeguards is a task of upper management based on the results of risk analysis. It is a task that falls under risk management, but it is not part of the risk analysis process.  https://www.brainscape.com/subjects/cissp-domains  ------------------------------------     Question:  155  Which of the following is not a defense against collusion?  A) Separation of duties  B) Restricted job responsibilities  C) Group user accounts  D) Job rotation    Group user accounts    Group user accounts allow for multiple people to log in under a single user account. This allows collusion because it prevents individual accountability.  https://www.brainscape.com/subjects/cissp-domains    Want to find Shon elsewhere on the internet?  LinkedIn – www.linkedin.com/in/shongerber  Facebook - https://www.facebook.com/CyberRiskReduced/     LINKS:   ISC2 Training Study Guide  https://www.isc2.org/Training/Self-Study-Resources 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    Shon will provide CISSP study and training for Domain 3 (Engineering Secure Design) of the CISSP Exam.  His knowledge will provide the skills needed to pass the CISSP. BTW - Get access to all my Free Content and CISSP Training Courses here at:  https://shongerber.com/   Available Courses:    CISSP Training Course - https://www.shongerber.com/offers/zYsL6MCB  CISO Training Course - https://www.shongerber.com/offers/zd2RbL6o  CISSP Exam Questions  Question:  150   How is the value of a safeguard to a company calculated?  A) ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard  B) ALE before safeguard * ARO of safeguard  C) ALE after implementing safeguard - annual cost of safeguard - controls gap  D) Total risk - controls gap    [A] ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard  The value of a safeguard to an organization is calculated by ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard [(ALE1 -- ALE2) - ACS].  https://www.brainscape.com/subjects/cissp-domains  ------------------------------------  Question:  151  What is the primary objective of data classification schemes?  A) To control access to objects for authorized subjects  B) To formalize and stratify the process of securing data based on assigned labels of importance and sensitivity  C) To establish a transaction trail for auditing accountability  D) To manipulate access controls to provide for the most efficient means to grant or restrict functionality  [B] To formalize and stratify the process of securing data based on assigned labels of importance and sensitivity  The primary objective of data classification schemes is to formalize and stratify the process of securing data based on assigned labels of importance and sensitivity.  https://www.brainscape.com/subjects/cissp-domains  ------------------------------------  Question:  152  What is the primary goal of change management?  A) Maintaining documentation  B) Keeping users informed of changes  C) Allowing rollback of failed changes  D) Preventing security compromises    Preventing security compromises  The prevention of security compromises is the primary goal of change management.  https://www.brainscape.com/subjects/cissp-domains  Want to find Shon elsewhere on the internet?  LinkedIn – www.linkedin.com/in/shongerber  Facebook - https://www.facebook.com/CyberRiskReduced/    LINKS:   ISC2 Training Study Guide  https://www.isc2.org/Training/Self-Study-Resources 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will talk about the following items that are included within Domain 2 (Asset Security) of the CISSP Exam.  BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/  CISSP Exam Questions  Question:  144  To get proper management support and approval of the plan, a business case must be made. Which of the following is least important to this business case?  A. Regulatory and legal requirements  B. Company vulnerabilities to disasters and disruptions  C. How other companies are dealing with these issues  D. The impact the company can endure if a disaster hits  C. The other three answers are key components when building a business case. Although it is a good idea to investigate and learn about how other companies are dealing with similar issues, it is the least important of the four items listed.  https://www.brainscape.com/flashcards/business-continuity-planning-4303634/packs/6456925  ------------------------------------  Question:  145  Which of the following describes a parallel test?  A. It is performed to ensure that operations performed at the alternate site also give the same results as at the primary site.  B. All departments receive a copy of the disaster recovery plan and walk through it.  C. Representatives from each department come together and go through the test collectively.  D. Normal operations are shut down.  A. In a parallel test, some systems are run at the alternate site, and the results are compared with how processing takes place at the primary site. This is to ensure that the systems work in that area and productivity is not affected. This also extends the previous test and allows the team to walk through the steps of setting up and configuring systems at the offsite facility.  https://www.brainscape.com/flashcards/business-continuity-planning-4303634/packs/6456925  ------------------------------------  Question:  146  Which of the following describes a structured walk-through test?  A. It is performed to ensure that critical systems will run at the alternate site.  B. All departments receive a copy of the disaster recovery plan and walk through it.  C. Representatives from each department come together and review the steps of the test collectively without actually performing those steps.  D. Normal operations are shut down.  C. During a structured walk-through test, functional representatives review the plan to ensure its accuracy and that it correctly and accurately reflects the company’s recovery strategy.  https://www.brainscape.com/flashcards/business-continuity-planning-4303634/packs/6456925  Question:  147  When is the emergency actually over for a company?  A. When all people are safe and accounted for  B. When all operations and people are moved back into the  primary site  C. When operations are safely moved to the offsite facility  D. When a civil official declares that all is safe  B. The emergency is not actually over until the company moves back into its primary site. The company is still vulnerable and at risk while it is operating in an altered or crippled state. This state of vulnerability is not over until the company is operating in the way it was prior to the disaster. Of course, this may mean that the primary site has to be totally rebuilt if it was destroyed  https://www.brainscape.com/flashcards/business-continuity-planning-4303634/packs/6456925  ------------------------------------  Want to find Shon elsewhere on the internet?  LinkedIn – www.linkedin.com/in/shongerber  Facebook - https://www.facebook.com/CyberRiskReduced/  LINKS:   ISC2 Training Study Guide  https://www.isc2.org/Training/Self-Study-Resources 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will talk about the following items that are included within Domain 2 (Asset Security) of the CISSP Exam.  BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/  CISSP Exam Questions  Question:  141  Who has the final approval of the business continuity plan?  A. The planning committee  B. Each representative of each department  C. Management  D. External authority  C. Management really has the final approval over everything within a company, including these plans.  https://www.brainscape.com/flashcards/business-continuity-planning-4303634/packs/6456925  ------------------------------------  Question:  142  What is the most crucial requirement in developing a business continuity plan?  A. Business impact analysis  B. Implementation, testing, and following through  C. Participation from each and every department  D. Management support  D. Management’s support is the first thing to obtain before putting any real effort into developing these plans. Without management’s support, the effort will not receive the necessary attention, resources, funds, or enforcement.  https://www.brainscape.com/flashcards/business-continuity-planning-4303634/packs/6456925  ------------------------------------  Question:  143  During development, testing, and maintenance of the continuity plan, a high degree of interaction and communications is crucial to the process. Why?  A. This is a regulatory requirement of the process.  B. The more people who talk about it and are involved, the more awareness will increase.  C. This is not crucial to the plan and should not be interactive because it will most likely affect operations.  D. Management will more likely support it.  B. Communication not only spreads awareness of these plans and their contents, but also allows more people to discuss the possible threats and solutions, which may lead to ideas that the original team did not consider.  https://www.brainscape.com/flashcards/business-continuity-planning-4303634/packs/6456925  ------------------------------------  Want to find Shon elsewhere on the internet?  LinkedIn – www.linkedin.com/in/shongerber  Facebook - https://www.facebook.com/CyberRiskReduced/  LINKS:   ISC2 Training Study Guide  https://www.isc2.org/Training/Self-Study-Resources 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will talk about the following items that are included within Domain 2 (Asset Security) of the CISSP Exam.  BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/  CISSP Exam Questions  Question:  138  Which of the following is something that should be required of an offsite backup facility that stores backed-up media for companies?  A. The facility should be within 10 to 15 minutes of the original facility to ensure easy access.  B. The facility should contain all necessary PCs and servers and should have raised flooring.  C. The facility should be protected by an armed guard.  D. The facility should protect against unauthorized access and entry. D. This question addresses a facility that is used to store backed-up data; it is not talking about an offsite facility used for disaster recovery purposes. The facility should not be only 10 to 15 minutes away, because some types of disasters could destroy both the company’s main facility and this facility if they are that close together, in which case the company would lose all of its information. The facility should have the same security standards as the company’s security, including protection against unauthorized access.  https://www.brainscape.com/flashcards/cissp-chapter-8-business-continuity-and-d-1538409/packs/2943708  ------------------------------------  Question:  139  Which item will a business impact analysis not identify?  A. Whether the company is best suited for a parallel or full-interrupt test  B. What areas would suffer the greatest operational and financial loss in the event of a particular disaster or disruption  C. What systems are critical for the company and must be highly protected  D. What amount of outage time a company can endure before it is permanently crippled  A. All the other answers address the main components of a business impact analysis. Determining the best type of exercise or drill to carry out is not covered under this type of analysis  https://www.brainscape.com/flashcards/cissp-chapter-8-business-continuity-and-d-1538409/packs/2943708  ------------------------------------  Question:  140  Which areas of a company are recovery plans recommended for?  A. The most important operational and financial areas  B. The areas that house the critical systems  C. All areas  D. The areas that the company cannot survive without  C. It is best if every department within the company has its own contingency plan and procedures in place. These individual plans would “roll up” into the overall enterprise BCP.  https://www.brainscape.com/flashcards/cissp-chapter-8-business-continuity-and-d-1538409/packs/2943708  ------------------------------------  Want to find Shon elsewhere on the internet?  LinkedIn – www.linkedin.com/in/shongerber  Facebook - https://www.facebook.com/CyberRiskReduced/     LINKS:   ISC2 Training Study Guide  https://www.isc2.org/Training/Self-Study-Resources 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will talk about the following items that are included within Domain 1 (Security and Risk Management) of the CISSP Exam.  BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/  CISSP Exam Questions  Question:  135  Which of the following contains references to expected business continuity planning (BCP) practices that organizations must implement  A. ISO 17799:2008, Section 1  B. ISO 27005:2008, Section 8  C. ISO 27002:2005, Section 10  D. ISO 27001:2005, Annex A  Answer: D  https://www.brainscape.com/flashcards/business-continuity-planning-4303634/packs/6456925  ------------------------------------  Question:  136  What process identifies the business continuity requirements for the organization's assets?  A. risk analysis  B. business impact analysis  C. threat analysis  D. asset classification  Answer: B  https://www.brainscape.com/flashcards/business-continuity-planning-4303634/packs/6456925  ------------------------------------  Question:  137  A contingency plans should be written to  A. address all possible risk scenarios  B. address all likely risk scenarios  C. remediate all vulnerabilities  D. recover all operations  Answer: B  https://www.brainscape.com/flashcards/business-continuity-planning-4303634/packs/6456925  ------------------------------------  Want to find Shon elsewhere on the internet?  LinkedIn – www.linkedin.com/in/shongerber  Facebook - https://www.facebook.com/CyberRiskReduced/  LINKS:   ISC2 Training Study Guide  https://www.isc2.org/Training/Self-Study-Resources 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will talk about the following items that are included within Domain 1 (Security and Risk Management) of the CISSP Exam.  BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/  CISSP Exam Questions  Question:  132  Which of the following is less likely to accompany a contingency plan, either within the plan itself or in the form of an appendix?    A. Contact information for all personnel   B. Vendor contract information, including offsite storage and alternate site   C. Equipment ad system requirements lists of hardware, software, firmware, and other resources required to support system operations   D. The Business Impact Analysis  Answer: D Explanation: You use the BIA as a guideline to create the contingency plan.  https://www.brainscape.com/flashcards/business-continuity-planning-4303634/packs/6456925  ------------------------------------  Question:  133  The first step in contingency planning is to perform:  A. A hardware backup  B. A data backup  C. An operating system software backup  D. An application software backup  Answer: B  https://www.brainscape.com/flashcards/business-continuity-planning-4303634/packs/6456925  ------------------------------------  Question:  134  Which of the following teams should not be included in an organization’s contingency plan?  A. Damage assessment team  B. Hardware salvage team  C. Tiger team  D. Legal affairs team  Answer: C  Explanation: Tiger is an algorithm Excerpt is from CISSP / Shon Harris / 5th edition. https://www.brainscape.com/flashcards/business-continuity-planning-4303634/packs/6456925  ------------------------------------ Want to find Shon elsewhere on the internet?  LinkedIn – www.linkedin.com/in/shongerber  Facebook - https://www.facebook.com/CyberRiskReduced/  LINKS:   ISC2 Training Study Guide  https://www.isc2.org/Training/Self-Study-Resources 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will talk about the following items that are included within Domain 1 (Security and Risk Management) of the CISSP Exam.  BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/  CISSP Exam Questions  Question:  129   Which of the following could lead to the conclusion that a disaster recovery plan may not be operational within the timeframe the business needs to recover?  A. )The alternate site is a warm site  B. Critical recovery priority levels are not defined  C. Offsite backups are located away from the alternate site  D. The alternate site is located 70 miles away from the primary site  Answer: B  Explanation:  From    ------------------------------------  Question:  130  What are the four domains of communication in the disaster planning and recovery process?  A. Plan manual, plan communication, primer for survival, warning and alarms  B. Plan communication, primer for survival, escalation, declaration  C. Plan manual, warning and alarm, declaration, primer for survival  D. Primer for survival, escalation, plan communication, warning and alarm  Answer: C  Explanation: From   ------------------------------------  Question:  131  The underlying reason for creating a disaster planning and recover strategy is to  A. Mitigate risks associated with disaster.  B. Enable a business to continue functioning without impact.  C. Protect the organization’s people, place and processes.  D. Minimize financial profile. Answer: A  Explanation: “Disaster recovery has the goal of minimizing the effects of a disaster and taking the necessary steps to ensure that the resources, personnel, and business processes are able to resume operation in a timely manner.” Pg 550 Shon Harris: All-in-One CISSP Certification From   ------------------------------------  Want to find Shon elsewhere on the internet?  LinkedIn – www.linkedin.com/in/shongerber  Facebook - https://www.facebook.com/CyberRiskReduced/  LINKS:   ISC2 Training Study Guide  https://www.isc2.org/Training/Self-Study-Resources  Online Article  https://www.cio.com/article/2381021/best-practices-how-to-create-an-effective-business-continuity-plan.html 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for Domain 8 (Software Development Security) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  128 In what type of software testing does the tester have access to the underlying source code? A) Static testing B) Dynamic testing C) Cross-site scripting testing D) Black box testing Static testing In order to conduct a static test, the tester must have access to the underlying source code. From https://www.brainscape.com/flashcards/software-development-security-976024/packs/1774328 ------------------------------------ Question:  129 What portion of the change management process allows developers to prioritize tasks? A) Release control B) Configuration control C) Request control D) Change audit Request control The request control provides users with a framework to request changes and developers with the opportunity to prioritize those requests. From https://www.brainscape.com/flashcards/software-development-security-976024/packs/1774328 ------------------------------------ Question:  130 Which one of the following key types is used to enforce referential integrity between database tables? A) Candidate key B) Primary key C) Foreign key D) Super key Foreign key Foreign keys are used to enforce referential integrity constraints between tables that participate in a relationship. From https://www.brainscape.com/flashcards/software-development-security-976024/packs/1774328 ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for Domain 8 (Software Development Security) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  125 What type of virus utilizes more than one propagation technique to maximize the number of penetrated systems? A) Stealth virus B) Companion virus C) Polymorphic virus D) Multipartite virus Multipartite virus Multipartite viruses use two or more propagation techniques (for example, file infection and boot sector infection) to maximize their reach. From https://www.brainscape.com/flashcards/software-development-security-976024/packs/1774328 ------------------------------------ Question:  126 What programming language(s) can be used to develop ActiveX controls for use on an Internet site? A) Visual Basic B) C C) Java D) All of these are correct. All of these are correct Microsoft's ActiveX technology supports a number of programming languages, including Visual Basic, C, C++, and Java. On the other hand, only the Java language can be used to write Java applets. From https://www.brainscape.com/flashcards/software-development-security-976024/packs/1774328 ------------------------------------ Question:  127 What transaction management principle ensures that two transactions do not interfere with each other as they operate on the same data? A) Atomicity B) Consistency C) Isolation D) Durability Isolation The isolation principle states that two transactions operating on the same data must be temporarily separated from each other such that one does not interfere with the other. From https://www.brainscape.com/flashcards/software-development-security-976024/packs/1774328 ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for Domain 8 (Software Development Security) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/  CISSP Exam Questions Question:  122 What type of reconnaissance attack provides attackers with useful information about the services running on a system? A) Session hijacking B) Port scan C) Dumpster diving D) IP sweep Port scan Port scans reveal the ports associated with services running on a machine and available to the public. From https://www.brainscape.com/flashcards/software-development-security-976024/packs/1774328 ------------------------------------ Question:  123 What technology does the Java language use to minimize the threat posed by applets? A) Confidentiality B) Encryption C) Stealth D) Sandbox   Sandbox The Java sandbox isolates applets and allows them to run within a protected environment, limiting the effect they may have on the rest of the system. From https://www.brainscape.com/flashcards/software-development-security-976024/packs/1774328 ------------------------------------ Question:  124 What is the most effective defense against cross-site scripting attacks? A) Limiting account privileges B) Input validation C) User authentication D) Encryption Input validation Input validation prevents cross-site scripting attacks by limiting user input to a predefined range. This prevents the attacker from including the HTML From https://www.brainscape.com/flashcards/software-development-security-976024/packs/1774328 ------------------------------------   Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for Domain 7 (Security Operations) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  119 What is considered a Computer Security Incident? Earthquake hits your data center rendering it unusable A patch was implemented resulting in a loss of a critical system Local construction workers cut the fiber line that provides a network feed for your building An employee violated the company's acceptable use policy by downloading pirated software Explanation: [d] A violation of a company's acceptable use policy is considered a Computer Security Incident.   The other options fit within the broad concept of an incident. ------------------------------------ Question:  120 What is the primary goal of a Change Management Process within an organization? Provide good structure for making changes within a network Avoid outages within your network Provide documentation on all changes within a network All the above Explanation: [b] The primary goal of a Change Management Process is to avoid outages within your network environment.  All of the above are important, but the primary goal is to avoid outages.  ------------------------------------ Question:  121 Which of the following is are considered a strategic strategy for backups within a business environment? Full Backup Incremental Backup Differential Backup All the above Explanation: [d] All of the above are considered a strategic solution for you backups within a business environment.  ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for Domain 7 (Security Operations) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  116 What is the highest potential risk for keeping log files from computer and network devices within your environment? Subject to legal discovery Consume large amounts of storage Continuously increasing storage costs None of the above Explanation: [a] All of the above are reasons not to keep log files too long on your environment, but the highest risk to your organization is the opportunity for legal discovery. ----------------------------------- Question:  117 Organizations focused on the concept of "least privilege" focus on which of the following? Only a few have the most network access within a company Only decision makers have the necessary access needed within the company Each person only needs access based on role/requirements Most senior individuals within the company have the majority of the access Explanation: [c] Each person should only have the access needed for their role/position.  Typically, employees’ access will increase over time as access is granted, but rarely removed. ------------------------------------ Question:  118 Compact Disks (CD) and Data Video Disks (DVD) do not degrade over time and are considered safe for long term storage of data? True False Explanation: [b] CDs / DVDs will degrade over time and should not be considered good storage media for data for long periods of time.   ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for Domain 7 (Security Operations) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/  CISSP Exam Questions Question:  113 When conducting an incident investigation within an organization what are some keep items to keep in mind before starting? Assemble a team with best skillsets to meet objectives Operate under your Incident Response Process Define specific Rules of Engagement (ROEs) around Law Enforcement, Interviewing Employees, etc. All of the above Explanation: [d] All of the above should be considered when conducting an investigation of an incident within your organization.  ------------------------------------ Question:  114 What are the three options used for gathering evidence for an investigation? Voluntary Surrender, Subpoena, Search Warrant Involuntary Surrender, Subpoena, Search Warrant Voluntary Surrender, Search and Seizure, Warrant Involuntary Surrender, Search and Seizure, Warrant Explanation: [a] When gathering evidence there are three legal options available to gain access to evidence:  Voluntary Surrender, Subpoena, and a Search Warrant.   ------------------------------------ Question:  115 What of the following steps will not be included within the change management process? Immediate change, if leadership wants the change to occur A change request Rollback plan for the change Documenting the change Explanation: [a] There are situations where emergency changes need to occur, but it should be an emergency and not the desire of an individual to just make the change.  ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide o    https://www.isc2.org/Training/Self-Study-Resources Online Article o    https://www.dflabs.com/blog/9-key-components-of-incident-and-forensics-management/

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for Domain 6 (Security Assessment and Testing) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  110 Tom would like to test system that lie within his network for vulnerabilities that could be exploited by the most recent set of ransomware variants.  Which one of the following tools would be best suited to accomplish this task? Network discovery scanner Network vulnerability scanner Web vulnerability scanner Ping sweep Explanation [b] A network vulnerability scanner would be the best tool for discovering what vulnerabilities reside within your network. ----------------------------------- Question:  111 When trying to gain the most detailed information about a system from a scan, what is the best scan to meet that objective? Port Scan Authenticated Scan Vulnerability Scan Unauthenticated Scan Explanation: [b] An authenticated scan allows you to use credentials which will provide you the most detailed information.   An unauthenticated scan will only provide you a view that is available from the outside and may not be an adequate or fair assessment of the system.  ------------------------------------ Question:  112 What is the most common port used to communicated encrypted traffic on a web server? 22 143 80 443 Explanation: [d] 443 is the common standard where encrypted communications use for transmitting data.  However, any port can be used for encrypted data, but 443 is considered the common standard.  ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/   LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for Domain 6 (Security Assessment and Testing) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  108 What are the various phases associated with completing a Penetration Test for an organization. Planning, Reporting, Vulnerability Management, Exploiting, Information Gathering Production, Registration, Vulnerability Management, Exploiting, Information Gathering Planning, Reporting, Vulnerability Scanning, Exploiting, Information Gathering Production, Reporting, Vulnerability Management, Exploiting, Information Gathering Explanation: [c] Planning, Reporting, Vulnerability Scanning, Exploiting, and Information Gathering (not in order) are the phases of completing a penetration test for an organization. ------------------------------------ Question:  109 When creating metrics for your leadership, what are first items you should focus first on and what should be your level of complexity for the report? Very complex metrics focused on all systems; Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues Very simple metrics focused on critical systems; Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues Very simple metrics focused on critical systems; Management processes, Closed vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance issues Very simple metrics focused on critical systems; Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues Explanation:  [b] Starting off with simple metrics focused on critical systems with the following metrics:  Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues is the best method to get started.  Obviously, you organization may be different and you will have to modify to meet your needs, but it is good place to get started….keep it simple.   ------------------------------------ Question:  110 When completing a Penetration Test of your organization who needs to be involved in the discussion and decision? No one; informing people that the penetration test will occur will taint the results resulting in waste Everyone; it is important that people don't feel duped that this test was designed to trick them Key personnel; it is important to focus on only telling the decision makers/influencers (CEO/CIO, Legal, Public Affairs, Compliance) as it relates to a penetration test. None of the above Explanation: [c] It is important the right people are involved in the decision making process as a Pen Test can have significant impact on an organization and cause a disruption within a company. ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for Domain 6 (Security Assessment and Testing) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. CISSP Article – RAYGUN - SDLC:  7 phases, popular models, benefits, and more CISSP Training –  Integrate Security in the Software Development Life Cycle (SDLC) CISSP Exam Questions BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/  CISSP Exam Questions Question:  105 What tool is commonly used as scan engine to find vulnerabilities within an environment Nessus NMAP Ping DNS Explanation: [a] Nessus is commonly used to look for vulnerabilities within an network to determine if an exploit can be used against the system. ------------------------------------ Question:  106 What are the typical components that security assessments are typically used within an organization? Tests, Assessments, and Audits Tests, Audits, and Reviews Assessments, Access Reviews, Tests None of the above Explanation: [a] Tests, Assessments, and Audits are the main components of a security assessment for an organization.  ------------------------------------ Question:  107 Which one items below is not normally added as part of a security assessment? Risk assessments Vulnerability mitigation strategies Threat assessments Vulnerability scan Explanation: [c] Vulnerability mitigation strategies are not typically added as a part of the overall security assessment as the mitigation and/or acceptance of risk is highly dependent on the organization. ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for Domain 5 (Identity and Access Management) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  102 If you want to restrict access into or out of a facility, which would you choose? A) Gate B) Turnstile C) Fence D) Mantrap Turnstile A turnstile is a form of gate that prevents more than one person from gaining entry at a time and often restricts movement to one direction. It is used to gain entry but not exit, or vice versa. From   ------------------------------------ Question:  103 Which of the following is not a disadvantage of using security guards? A) Security guards are usually unaware of the scope of the operations within a facility. B) Not all environments and facilities support security guards. C) Not all security guards are themselves reliable. D) Prescreening, bonding, and training does not guarantee effective and reliable security guards. Security guards are usually unaware of the scope of the operations within a facility. Security guards are usually unaware of the scope of the operations within a facility, which supports confidentiality of those operations and thus helps reduce the possibility that a security guard will be involved in the disclosure of confidential information. From ------------------------------------ Question:  104 What type of motion detector senses changes in the electrical or magnetic field surrounding a monitored object?   A) Wave B) Photoelectric C) Heat D) Capacitance Capacitance A capacitance motion detector senses changes in the electrical or magnetic field surrounding a monitored object. From ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for Domain 5 (Identity and Access Management) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  099 What is the ideal humidity range for a computer room? A) 20-40 percent B) 40-60 percent C) 60-75 percent D) 80-95 percent 40-60 percent The humidity in a computer room should ideally be from 40 to 60 percent. From   ------------------------------------ Question:  100 A Type B fire extinguisher may use all except which of the following suppression mediums? A) Water B) CO2 C) Halon or an acceptable halon substitute D) Soda acid Water Water is never the suppression medium in Type B fire extinguishers because they are used on liquid fires. From ------------------------------------ Question:  101 Which of the following is not a disadvantage of using security guards? A) Security guards are usually unaware of the scope of the operations within a facility. B) Not all environments and facilities support security guards. C) Not all security guards are themselves reliable. D) Prescreening, bonding, and training does not guarantee effective and reliable security guards. Security guards are usually unaware of the scope of the operations within a facility. From ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/   LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for Domain 5 (Identity and Access Management) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/  CISSP Exam Questions Question:  096 At what voltage level can static electricity cause destruction of data stored on hard drives? A) 4,000 B) 17,000 C) 40 D) 1,500 1,500 Destruction of data stored on hard drives can be caused by 1,500 volts of static electricity. From https://www.brainscape.com/flashcards/physical-environmental-security-1004067/packs/1774328 ------------------------------------ Question:  097 What type of physical security controls focus on facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures? A) Technical B) Physical C) Administrative D) Logical Administrative Administrative physical security controls include facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures. From https://www.brainscape.com/flashcards/physical-environmental-security-1004067/packs/1774328 ------------------------------------ Question:  098 Which of the following is typically not a culprit in causing damage to computer equipment in the event of a fire and a triggered suppression? A) Heat B) Suppression medium C) Smoke D) Light Light Light is usually not damaging to most computer equipment, but fire, smoke, and the suppression medium (typically water) are very destructive. From https://www.brainscape.com/flashcards/physical-environmental-security-1004067/packs/1774328 ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Online Article https://www.hidglobal.com/blog/multi-factor-authentication-and-single-sign-explained

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for  Domain 3 (Engineering Secure Design) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  084 What is the most commonly used technique to protect against virus attacks? A) Signature detection B) Heuristic detection C) Data integrity assurance D) Automated reconstruction Signature detection Signature detection mechanisms use known descriptions of viruses to identify malicious code resident on a system. Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328> ------------------------------------ Question:  085 In which of the following security modes can you be assured that all users have access permissions for all information processed by the system but will not necessarily need to know of all that information? A) Dedicated B) System high C) Compartmented D) Multilevel System high In system high mode, all users have appropriate clearances and access permissions for all information processed by the system but need to know only some of the information processed by that system. Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328> ------------------------------------ Question:  086 What is a trusted computing base (TCB)? A) Hosts on your network that support secure transmissions B) The operating system kernel and device drivers C) The combination of hardware, software, and controls that work together to enforce a security policy D) The software and controls that certify a security policy The combination of hardware, software, and controls that work together to enforce a security policy The TCB is the combination of hardware, software, and controls that work together to enforce a security policy. Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328> ------------------------------------   Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/   LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for  Domain 3 (Engineering Secure Design) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  081 Which one of the following storage devices is most likely to require encryption technology in order to maintain data security in a networked environment? A) Hard disk B) Backup tape C) Removable drives D) RAM Removable drives Removable drives are easily taken out of their authorized physical location, and it is often not possible to apply operating system access controls to them. Therefore, encryption is often the only security measure short of physical security that can be afforded to them. Backup tapes are most often well controlled through physical security measures. Hard disks and RAM chips are often secured through operating system access controls. Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328> ------------------------------------ Question:  082 What advanced virus technique modifies the malicious code of a virus on each system it infects? A) Polymorphism B) Stealth C) Encryption D) Multipartitism Polymorphism In an attempt to avoid detection by signature-based antivirus software packages, polymorphic viruses modify their own code each time they infect a system. Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328> ------------------------------------ Question:  083 Which one of the following types of memory might retain information after being removed from a computer and, therefore, represent a security risk? A) Static RAM B) Dynamic RAM C) Secondary memory D) Real memory Secondary memory Secondary memory is a term used to describe magnetic and optical media. These devices will retain their contents after being removed from the computer and may later be read by another user. Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328> ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will provide CISSP training for  Domain 3 (Engineering Secure Design) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/  CISSP Exam Questions Question:  078 Which database security risk occurs when data from a higher classification level is mixed with data from a lower classification level? A) Aggregation B) Inference C) Contamination D) Polyinstantiation Contamination Contamination is the mixing of data from a higher classification level and/or need-to-know requirement with data from a lower classification level and/or need-to-know requirement. Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328> ------------------------------------ Question:  079 How many major categories do the TCSEC criteria define? A) Two B) Three C) Four D) Five Four TCSEC defines four major categories: category A is verified protection, category B is mandatory protection, category C is discretionary protection, and category D is minimal protection. Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328> ------------------------------------ Question:  080 Which Bell-LaPadula property keeps lower-level subjects from accessing objects with a higher security level? A) (star) Security Property B) No write up property C) No read up property D) No read down property No read up property The no read up the property, also called the Simple Security Policy, prohibits subjects from reading a higher security level object. Source:  https://www.brainscape.com/flashcards/security-architecture-and-design-983876/packs/1774328> ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Online Article https://thorteaches.com/what-is-the-best-way-to-study-for-the-cissp-certification/

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 2 (Asset Security) of the CISSP Exam. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  075 As head of sales, Jim is the data owner for the sales department. Which of the following is not Jim’s responsibility as data owner? Assigning information classifications Dictating how data should be protected Verifying the availability of data Determining how long to retain data Answer: C. The responsibility of verifying the availability of data is the only responsibility listed that does not belong to the data (information) owner. Rather, it is the responsibility of the data (information) custodian. The data custodian is also responsible for maintaining and protecting data as dictated by the data owner. This includes performing regular backups of data, restoring data from backup media, retaining records of activity, and fulfilling information security and data protection requirements in the company’s policies, guidelines, and standards. Data owners work at a higher level than the data custodians. The data owners basically state, “This is the level of integrity, availability, and confidentiality that needs to be provided—now go do it.” The data custodian must then carry out these mandates and follow up with the installed controls to make sure they are working properly. From ------------------------------------ Question:  076 Assigning data classification levels can help with all of the following except: The grouping of classified information with hierarchical and restrictive security Ensuring that nonsensitive data is not being protected by unnecessary controls Extracting data from a database Lowering the costs of protecting data Answer: C. Data classification does not involve the extraction of data from a database. However, data classification can be used to dictate who has access to read and write data that is stored in a database. Each classification should have separate handling requirements and procedures pertaining to how that data is accessed, used, and destroyed. For example, in a corporation, confidential information may only be accessed by senior management. Auditing could be very detailed and its results monitored daily, and degaussing or overwriting procedures may be required to erase the data. On the other hand, information classified as public may be accessed by all employees, with no special auditing or destruction methods required. From ------------------------------------ Question:  077 Susan, an attorney, has been hired to fill a new position at Widgets, Inc.: chief privacy officer (CPO). What is the primary function of her new role? Ensuring the protection of partner data Ensuring the accuracy and protection of company financial information Ensuring that security policies are defined and enforced Ensuring the protection of customer, company, and employee data Answer: [Ensuring the protection of customer, company, and employee data] The chief privacy officer (CPO) position is being created by companies in response to the increasing demands on organizations to protect myriad types of data. The CPO is responsible for ensuring the security of customer, company, and employee data, which keeps the company free from legal prosecution and—hopefully—out of the headlines. Thus, the CPO is directly involved with setting policies on how data is collected, protected, and distributed to third parties. The CPO is usually an attorney and reports to the chief security officer (CSO). From ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 2 (Asset Security) of the CISSP Exam. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  072 Jared plays a role in his company’s data classification system. In this role, he must practice due care when accessing data and ensure that the data is used only in accordance with allowed policy while abiding by the rules set for the classification of the data. He does not determine, maintain, or evaluate controls, so what is Jared’s role? Data owner Data custodian Data user Information systems auditor Answer: C. Any individual who uses data for work-related tasks is a data user. Users must have the necessary level of access to the data to perform the duties within their position and are responsible for following operational security procedures to ensure the data’s confidentiality, integrity, and availability to others. This means that users must practice due care and act in accordance with both security policy and data classification rules. From

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about the following items that are included within Domain 2 (Asset Security) of the CISSP Exam. CISSP Article – Best Practices for Data Management CISSP Training –  Determine and maintain information and asset ownership CISSP Exam Questions BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/  CISSP Exam Questions Question:  069 You work as an IT professional for a defense contractor that handles classified military information. Which one of the following data classifications applies to information that could be expected to cause serious damage to national security if disclosed in an unauthorized fashion?  SBU Top Secret Secret Confidential - Given Top Secret classification is \"applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security.\" Confidential classification is \"applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.\" Sensitive But Unclassified (SBU) information is protected information that does not reach the threshold for classified information From ------------------------------------ Question:  070 You are using symmetric encryption to protect data stored on a hard drive that will be shipped across the country. What key(s) are involved in the protection of this information?  Shared secret Public key  Public and private keys Private key Public keys are used to encrypt information intended for a specific recipient in asymmetric cryptography. They are not used in symmetric cryptography. Private keys are used to decrypt information in asymmetric cryptography. They are not used in symmetric cryptography. Public and private keypairs are used in asymmetric cryptography. They are not used in symmetric cryptography. From ------------------------------------ Question:  071 Which one of the following is NOT a European Union data handling principle required for participation in the Safe Harbor program?  Onward Transfer Choice  Encryption Notice The Notice principle states that organizations must inform individuals about the purpose and scope of data collection efforts. The Choice principle states that organizations must offer individuals the ability to opt out of information collection and storage programs. The Onward Transfer principle states that organizations must only share information with other organizations that comply with the data privacy directive From ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Online Article https://www.simplilearn.com/asset-security-tutorial-video CISSP Exam Questions https://www.techveze.com/cissp-asset-security/

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 1 (Security and Risk Management) of the CISSP Exam. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  066 Which of the following would generally not be considered an asset in a risk analysis? A) A development process B) An IT infrastructure C) A proprietary system resource D) Users' personal files Answer: [D] Users' personal files - The personal files of users are not usually considered assets of the organization and thus are not considered in a risk analysis. From ------------------------------------ Question:  067 You've performed a basic quantitative risk analysis on a specific threat/vulnerability/risk relation. You select a possible countermeasure. When performing the calculations again, which of the following factors will change? A) Exposure factor B) Single loss expectancy C) Asset value D) Annualized rate of occurrence Answer: [d] Annualized rate of occurrence - A countermeasure directly affects the annualized rate of occurrence, primarily because the countermeasure is designed to prevent the occurrence of the risk, thus reducing its frequency per year. From ------------------------------------ Question:  068 What ensures that the subject of an activity or event cannot deny that the event occurred? A) CIA Triad B) Abstraction C) Nonrepudiation D) Hash totals Answer: [c] Nonrepudiation - Nonrepudiation ensures that the subject of an activity or event cannot deny that the event occurred. From  ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources  

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 1 (Security and Risk Management) of the CISSP Exam. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ CISSP Exam Questions Question:  063 When seeking to hire new employees, what is the first step? A) Create a job description. B) Set position classification. C) Screen candidates. D) Request resumes. Answer: A. Create a job description. The first step in hiring new employees is to create a job description. Without a job description, there is no consensus on what type of individual needs to be found and hired. Source: From ------------------------------------ Question:  064 Which of the following describes the freedom from being observed, monitored, or examined without consent or knowledge? A) Integrity B) Privacy C) Authentication D) Accountability Answer: [b] Privacy - One definition of privacy is freedom from being observed, monitored, or examined without consent or knowledge. Source:  From ------------------------------------ Question:  065 Which of the following is typically not a characteristic considered when classifying data? A) Value B) Size of object C) Useful lifetime D) National security implications Answer: [b] Size of object - Size is not a criterion for establishing data classification. When classifying an object, you should take value, lifetime, and security implications into consideration. From ------------------------------------ Want to find Shon elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 8 (Software Development Security) of the CISSP Exam. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-8-quiz-Law-Investigations-and-Ethics?q0=1&q1=0&q2=2&q3=1&q4=1&q5=1&q6=2&q7=0&q8=2&q9=0&q10=1&q11=3&q12=0&q13=3&q14=2&x=69&y=11

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 8 (Software Development Security) of the CISSP Exam. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-8-quiz-Law-Investigations-and-Ethics?q0=1&q1=0&q2=2&q3=1&q4=1&q5=1&q6=2&q7=0&q8=2&q9=0&q10=1&q11=3&q12=0&q13=3&q14=2&x=69&y=11

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will talk about questions for Domain 8 (Software Development Security) of the CISSP Exam.   BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/   LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-8-quiz-Law-Investigations-and-Ethics?q0=1&q1=0&q2=2&q3=1&q4=1&q5=1&q6=2&q7=0&q8=2&q9=0&q10=1&q11=3&q12=0&q13=3&q14=2&x=69&y=11  

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about the following items that are included within Domain 8 (Software Development Security) of the CISSP Exam. CISSP Articles – RAYGUN - SDLC:  7 phases, popular models, benefits, and more CISSP Training –  Integrate Security in the Software Development Life Cycle (SDLC) CISSP Exam Questions BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Raygun https://raygun.com/blog/software-development-life-cycle/ TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=1&q1=2&q2=2&q3=3&q4=2&q5=2&q6=2&q7=2&q8=2&q9=2&x=70&y=11 Vendors: LastPass.com https://www.lastpass.com/

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 6 (Security Assessment and Testing) of the CISSP Exam: BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources TechTarget https://searchsecurity.techtarget.com/quiz/Get-ready-for-CISSP-Domain-7-Cyberattack-prevention-quiz?q0=0&x=84&y=9>

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 6 (Security Assessment and Testing) of the CISSP Exam:   BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources TechTarget https://searchsecurity.techtarget.com/quiz/Get-ready-for-CISSP-Domain-7-Cyberattack-prevention-quiz?q0=0&x=84&y=9

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about the following items that are included within Domain 7 (Security Operations) of the CISSP Exam. CISSP Articles – Supporting Investigations CISSP Training –  Understanding and Supporting Investigations CISSP Exam Questions   BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources https://www.isc2.org/Training/Self-Study-Resources Infosec Institute https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/identity-and-access-management/access-control-categories/#gref TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-7-quiz-Business-Continuity?q0=1&q1=2&q4=0&q6=1&q7=0&q9=1&q13=3&x=95&y=8 Vendors: LastPass.com https://www.lastpass.com/

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 6 (Security Assessment and Testing) of the CISSP Exam: BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 6 (Security Assessment and Testing) of the CISSP Exam: BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about the following items that are included within Domain 6 (Security Assessment and Testing) of the CISSP Exam. CISSP Articles – Security Assessment and Testing CISSP Training – Security Assessment and Testing CISSP Exam Questions BTW - Get access to all my CISSP Training Courses here at: https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Infosec Institute https://resources.infosecinstitute.com/cissp-domain-6-refresh-security-assessment-and-testing/#gref TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-6-quiz-Vulnerabilities-in-software?q0=1&q1=1&x=78&y=3 Vendors: LastPass.com https://www.lastpass.com/

Description: Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 5 (Identity and Access Management) of the CISSP Exam: BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10

Description: Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 5 (Identity and Access Management) of the CISSP Exam. BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about the following items that are included within Domain 5 (Identity and Access Management) of the CISSP Exam. CISSP Articles – Access Control Types CISSP Training – Access Control Types CISSP Exam Questions BTW - Get access to all my CISSP Training Courses here at: https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Infosec Institute https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/identity-and-access-management/access-control-categories/#gref TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=1&q1=2&q2=2&q3=3&q4=2&q5=2&q6=2&q7=2&q8=2&q9=2&x=70&y=11 Vendors: LastPass.com https://www.lastpass.com/

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 4 (Communication and Network Security) of the CISSP Exam: BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-4-Test-your-expertise-of-network-security-basics?q0=1&x=61&y=6

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 4 (Communication and Network Security) of the CISSP Exam: BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-4-Test-your-expertise-of-network-security-basics?q0=1&x=61&y=6

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about the following items that are included within Domain 4 (Communication and Network Security) of the CISSP Exam: CISSP Articles – Secure Network Design CISSP Training –  Cybercrime and Data Breaches CISSP Exam Questions BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Peerlyst https://www.secureops.com/networking/effective-network-security-design/ TechTarget https://searchsecurity.techtarget.com/quiz/CISSP-Domain-4-Test-your-expertise-of-network-security-basics?q0=0&q1=1&q2=1&q3=0&x=55&y=5>

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 3 (Engineering Secure Design) of the CISSP Exam:   BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources TechTarget https://searchsecurity.techtarget.com/quiz/Security-Engineering-CISSP-Domain-3-practice-quiz?q0=0&q1=0&q2=0&q3=1&q4=3&q5=0&q6=0&q7=0&q8=0&q9=0&x=61&y=5>

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about questions for Domain 3 (Engineering Secure Design) of the CISSP Exam: BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources TechTarget https://searchsecurity.techtarget.com/quiz/Security-Engineering-CISSP-Domain-3-practice-quiz?q0=0&q1=0&q2=0&q3=1&q4=3&q5=0&q6=0&q7=0&q8=0&q9=0&x=61&y=5>

Description: Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about the following items that are included within Domain 3 (Engineering Secure Design) of the CISSP Exam: CISSP Articles – How to Start Looking for a Infosec Job CISSP Training –  Managing Engineering Processes CISSP Exam Questions BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ Want to find Shon Gerber elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber Facebook - https://www.facebook.com/CyberRiskReduced/   LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Peerlyst https://www.peerlyst.com/posts/how-to-start-looking-for-an-infosec-job-my-list-of-tips-evgeny-belenky-1?utm_source=linkedin&utm_medium=Application_Share&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post TechTarget https://searchsecurity.techtarget.com/quiz/Security-Engineering-CISSP-Domain-3-practice-quiz?q0=0&q1=2&q2=2&q3=1&q4=1&q5=0&q6=0&q7=1&q8=1&q9=1&x=58&y=6

Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will be covering CISSP Exam questions that are associated with Domain 3 (Security Architecture and Engineering) of the ISC2 CISSP Exam.    BTW - Get access to all my CISSP Training Courses here at:  http://reducecyberrisk.com/cissp-training/ Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/

Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will be covering CISSP Exam questions that are associated with Domain 3 (Security Architecture and Engineering) of the ISC2 CISSP Exam.    BTW - Get access to all my CISSP Training Courses here at:  http://reducecyberrisk.com/cissp-training/ Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/

Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will be covering CISSP Exam questions that are associated with Domain 3 (Security Architecture and Engineering) of the ISC2 CISSP Exam.    BTW - Get access to all my CISSP Training Courses here at:  http://reducecyberrisk.com/cissp-training/ Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/

Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will be covering CISSP Exam questions that are associated with Domain 3 (Security Architecture and Engineering) of the ISC2 CISSP Exam.    BTW - Get access to all my CISSP Training Courses here at:  http://reducecyberrisk.com/cissp-training/ Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/

Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will be covering CISSP Exam questions that are associated with Domain 2 (Asset Security) of the ISC2 CISSP Exam.    BTW - Get access to all my CISSP Training Courses here at:  http://reducecyberrisk.com/cissp-training/ Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/

Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will be covering CISSP Exam questions that are associated with Domain 2 (Asset Security) of the ISC2 CISSP Exam.    BTW - Get access to all my CISSP Training Courses here at:  http://reducecyberrisk.com/cissp-training/ Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/  

Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will be covering CISSP Exam questions that are associated with Domain 1 (Security and Risk Management) of the ISC2 CISSP Exam.    BTW - Get access to all my CISSP Training Courses here at:  http://reducecyberrisk.com/cissp-training/ Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/

Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will be covering CISSP Exam questions that are associated with Domain 1 (Security and Risk Management) of the ISC2 CISSP Exam.    BTW - Get access to all my CISSP Training Courses here at:  http://reducecyberrisk.com/cissp-training/ Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/

Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will be covering CISSP Exam questions that are associated with Domain 1 (Security and Risk Management) of the ISC2 CISSP Exam.    BTW - Get access to all my CISSP Training Courses here at:  http://reducecyberrisk.com/cissp-training/ Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/

Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will be covering CISSP Exam questions that are associated with Domain 1 (Security and Risk Management) of the ISC2 CISSP Exam.    BTW - Get access to all my CISSP Training Courses here at:  http://reducecyberrisk.com/cissp-training/ Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/

ription: Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will talk about the following items that are included within Domain 2 (Asset Security) of the CISSP Exam:   CISSP / Cybersecurity Integration – Data Remanence - Rainbow Series CISSP Training –  Protecting Privacy CISSP Exam Question – Sensitive Data / Destroying Hard Drive   BTW - Get access to all my CISSP Training Courses here at:  http://reducecyberrisk.com/cissp-training/ Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/   LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Quizlet https://quizlet.com/87472460/official-isc-cissp-domain-1-security-and-risk-management-flash-cards/ Misc.: https://thorteaches.com/cissp-certification-rules-laws-and-regulations-oecd/ OECD http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm Rainbow Books https://fas.org/irp/nsa/rainbow/tg025-2.htm GXA https://gxait.com/network-security/data-remanence-putting-business-risk/

Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about the following: CISSP / Cybersecurity Integration What is Security Assessment / Testing CISSP Training Conducting or Facilitating Security Audits CISSP Exam Question Conducting a Penetration Test  

Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about the following: ·         CISSP / Cybersecurity Integration – CISSP Recognized ·         CISSP Training – Evidence Collection ·         CISSP Exam Question – Maintaining Files for Extended Periods / Degradation of Digital Media Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet?  

Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.  In this episode, Shon will talk about the following: CISSP / Cybersecurity Integration – 2.5 Million Jobs CISSP Training – Wiring Closets and Intermediate Distribution Facilities CISSP Exam Question – Most important purpose of employee exit interview Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/  

Description:   Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience.   In this episode, Shon will talk about recent Security News: FBI:  BEC Scam Losses – $1.2 Billion WordPress:  Social Share Plugin – Exploited Ransomware:  Stuart, FL still recovering EMP / GMD Events:  Businesses need a plan   Our Cybersecurity Training for the Week is:  Amazon Glacier - Deep Archive Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/   LINKS:  ThreatPost o    https://threatpost.com/fbi-bec-scam-losses-double/144038/ The Hacker News o    https://thehackernews.com/2019/04/wordpress-plugin-hacking.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29&m=1 Dark Reading o    https://www.darkreading.com/endpoint/city-of-stuart-still-recovering-from-ryuk-ransomware-attack-/d/d-id/1334510?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple CSO o    https://www.csoonline.com/article/3390976/why-your-business-continuity-and-disaster-recovery-plans-should-account-for-emp-attacks-and-gmd-eve.html?upd=1556125631099 ISC2 Training Study Guide o    https://www.isc2.org/Training/Self-Study-Resources Amazon Glacier Deep Archive https://aws.amazon.com/blogs/aws/new-amazon-s3-storage-class-glacier-deep-archive/

Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience.   In this episode, Shon will talk about recent Security News: Cyber Fast Track OPM Final Rule – Direct Hire for Cyber Motel 6 – Leaving the Light On For ICE GAO – Identity Theft Protection Not Enough   Our Cybersecurity Training for the Week is: Personal Safety And Security Concerns - Domain 7 - CISSP   Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet?   LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/

Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience.   In this episode, Shon will talk about recent security news: -- 540 Million Facebook Users Exposed -- Ransomware Response – Norsk Hydro -- Verizon Phishing Scam – Mobile First   Our Cybersecurity Training for the Week is:  Global Cybersecurity Alliance Small Business Cybersecurity Toolkit   As always, utilize Shon’s cybersecurity training to help fulfill your Continuing Education credits for your CISSP or other security certification.   Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet -- LinkedIn – www.linkedin.com/in/shongerber -- ReduceCyberRisk.com - https://reducecyberrisk.com/ -- Facebook - https://www.facebook.com/CyberRiskReduced/

Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience. In this episode, Shon will talk about recent security news: Insurance Companies-Cybersecurity Ratings; Microsoft finds "NSA-Style Backdoor" in Huawei Laptops; NDSU - Nations First Ph.D. in Cybersecurity. Our Cybersecurity Training for the Week is:  PCI-DSS Training - Part II As always, utilize Shon’s cybersecurity training to help fulfill your Continuing Education credits for your CISSP or other security certification. Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskRed...

Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience. In this episode, Shon will talk about recent security news: US Chemical Firms Cyber Attack; New Jersey Privacy Bill - PII Breach Notification; Vulnerability Assessments vs. Penetration Testing Our Cybersecurity Training for the Week is:  PCI-DSS Training - Part I As always, utilize Shon’s cybersecurity training to help fulfill your Continuing Education credits for your CISSP or other security certification. Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskRed...

Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience. In this episode, Shon will talk about recent security news: $20 Million Dollar Mexican Bank Heist; Global Cybersecurity Alliance and Mastercard Partnership - FREE Cybersecurity Toolkit; China Won't Ask Chinese Companies to Spy. Our Cybersecurity Training for the Week is:  Data Classification - Part II As always, utilize Shon’s cybersecurity training to help fulfill your Continuing Education credits for your CISSP or other security certification. Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskRed...

Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience. In this episode, Shon will talk about recent security news: Alarm System Vulnerabilities - 3 Million Affected; Equifax revisited by Congressional Investigators; 3 Steps for Cybersecurity Program Our Cybersecurity Training for the Week is:  Data Classification - Part I As always, utilize Shon’s cybersecurity training to help fulfill your Continuing Education credits for your CISSP or other security certification. Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskRed...

Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience. In this episode, Shon will talk about recent security news: PoS Clients Targeted with Colbalt Stirke; Azure Sentinel / Threat Experts; Securing the Cloud – Dark Reading. Our Cybersecurity Training for the Week is:  Business Impact Analysis – Part II As always, utilize Shon’s cybersecurity training to help fulfill your Continuing Education credits for your CISSP or other security certification. Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskRed...

Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience.   In this episode, Shon will talk about recent security news: Sensor panic - Why you should be concerned about Privacy; Malware targeting job seekers - LinkedIn phishing scams targeting job seekers; UK's worries about Huawei; Business Impact Analysis - Part I providing cybersecurity guidance for your Business Continuity program.   As always, utilize Shon’s cybersecurity training to help fulfill your Continuing Education credits for your CISSP or other security certification.   Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet?   LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskRed...

Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk.  Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience.    In this episode, Shon will talk about recent security news: Big Trouble Down Under - Password Resets; Four signs you need a CISO; US Lawmakers looking at foreign VPN usage; PWC corporate director survey.  In addition, Shon will be providing Part I of his training Cyber Awareness Training and what you can do to implement within your organization.  Some of the content will include:  Methods to present training, content reviews, metrics, program evaluations, and the differences between security education, awareness and training...much, much more.     As always, utilize Shon’s cybersecurity training to help fulfill your Continuing Education credits for your CISSP or other security certification.     Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook -

Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk.  Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience.    In this episode, Shon will talk about recent security news: Big Trouble Down Under - Password Resets; Four signs you need a CISO; US Lawmakers looking at foreign VPN usage; PWC corporate director survey.  In addition, Shon will be providing Part I of his training Cyber Awareness Training and what you can do to implement within your organization.  Some of the content will include:  Methods to present training, content reviews, metrics, program evaluations, and the differences between security education, awareness and training...much, much more.     As always, utilize Shon’s cybersecurity training to help fulfill your Continuing Education credits for your CISSP or other security certification.     Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/

Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk.  Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience.      In this episode, Shon will talk about recent security news: NERC (CIP); Execs in Cybersecurity; Webstresers going to Jail.  In addition, Shon will be providing Part II of his training on the understanding of Cybersecurity Frameworks and their importance in protecting your business or for your CISSP certification.   Some of the content will include PCI-DSS, ISO 27001, Cybersecurity Framework, and so much more.    As always, utilize Shon’s cybersecurity training to help fulfill your Continuing Education credits for your CISSP or other security certification.     Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/

Shon Gerber from ReduceCyberRisk.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience. In this episode, Shon will talk about recent security news: Colorado Communication Encryption; DHS DNS Hijacking; 5 Stages of a CISO. In addition, Shon will be providing training on the understanding of Cybersecurity Frameworks and their importance in protecting your business or for your CISSP certification. Some of the content will include PCI-DSS, ISO 27001, Cybersecurity Framework, and so much more. As always, utilize Shon’s cybersecurity training to help fulfill your Continuing Education credits for your CISSP or other security certification. Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/

Shon Gerber from Reduce Cyber Risk.com reveals to you the steps each week the information you need to best protect your business and reduce your company’s cyber risk. Shon provides cybersecurity training for individuals working on their CISSP as well as ways to better secure your business's daily activities. In this show, Shon will go over recent Security News, Security Vendors, and the CISSP training around Confidentiality, Integrity, and Availability. These videos will go over what the hiring professionals should be looking for and what potential candidates should strive to achieve to meet the growing cybersecurity job demand. Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskRed...

On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.   Blue Cross Blue Shield of Alabama sends out USB sticks Security elitists up in arms We've taught people to be suspicious - don't click, don't open docs, and don't use USB -- So how do we get our clients content? To my fellow security professionals- it's reckless to continue to stand with a firm "no" while offering no alternatives So what do we suggest? More important - what threat model vector are we saying that blocking the sending out of USB sticks would defend against? https://www.theregister.co.uk/2017/07/12/blue_cross_usb_card_mailers/ MySpace has a major account password reset flaw, allowing account take-over Wait ... MySpace is still around? But seriously, to exploit this last ditch feature for those who've forgotten everything else all you need is the listed name, date of birth, and username How many of our sites have this problem, or worse? https://www.wired.com/story/myspace-security-account-takeover/   This week we bring Shon Gerber onto the show to talk about defending the SMB and SME. Here are some of our talking points: SMBs/SMEs are uniquely challenged in that they can't afford good security any more than they can accord lack of security -- what's the answer? How do we achieve scale, in an area of industry with razor thing margins and tiny profit margins SMBs/SMEs are more likely to be catastrophically affected by an attack such as ransomware than big companies -- agree or disagree (#DtSR on twitter to talk back) Other challenges - including how to achieve scale   Guest: Shon Gerber Current CISO for multinational chemical company with approximately 10K employees Recent Past Security Operations Supervisor for multi-national company 100K employees  Senior Security Architect with multi-national  Air Force Red Team - Squadron Commander Multi-Disciplinary (Physical / Network Penetration Testing of Critical Systems)