CISSP Week 4 Architecture and Engineering
What is the principle of least privilege?
Giving users the minimum amount of access necessary to do their job
What is the purpose of separation of duties?
Preventing a single individual from having complete control over a process
What is the goal of defense in depth?
Having multiple layers of security to protect against different types of threats
What is the purpose of secure coding practices?
To prevent vulnerabilities and security breaches
What is the role of a security architect?
Designing and implementing security controls
What is the purpose of a security policy?
Establishing guidelines for protecting information assets
What is the difference between symmetric and asymmetric encryption?
Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses different keys
What is the purpose of risk assessment?
To identify and analyze potential risks to an organization's information assets
What is the role of a security engineer?
Implementing and managing security solutions
What is the purpose of a security audit?
To assess the effectiveness of security controls