| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
CISSP 17.2 - Implementing Detection & Preventive Measures (Part 1 of 5)
This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series begins a tour of the controls and attacks that shape day-to-day defense within Domain 7, Security Operations. It lays the foundation for detecting and preventing incidents, from the split between preventive and detection controls to the basic hygiene, botnets, and denial of service patterns you need to recognize.
What this episode covers
- Preventive vs. detection controls — prevention stops activity before it happens, while detection discovers activity after the fact.
- Basic steps that stop most attacks — patching, trimming services, intrusion detection and prevention, anti-malware, firewalls, and configuration management.
- Why we study attack methods — you cannot prevent, recognize, or respond to what you have never seen, so you learn the shapes and patterns.
- Botnets — herds of infected bots or zombies commanded by a bot herder through command-and-control servers.
- Staying out of a botnet — defense in depth with current anti-malware, patching, user education, and updated browsers.
- Denial of service — a single-source flood or crashing exploit that stops a system from serving legitimate requests.
- Distributed denial of service — many systems, usually a botnet, striking one target at once, including reflective variants.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What is the difference between a preventive and a detection control?
A preventive control tries to stop unwanted activity before it happens, like fences, locks, encryption, firewalls, and intrusion prevention systems. A detection control works after the fact, discovering activity that already occurred, like security guards, audit trails, honeypots, and intrusion detection systems. For the exam, note that preventive and preventative mean the same thing. Picture a locked door as prevention and a camera recording the hallway as detection.
What basic steps stop a huge share of attacks?
No single move blocks everything, but a handful go a long way. Keep systems and applications patched, remove or disable services and protocols you do not need, deploy intrusion detection and prevention systems, use current anti-malware, and enable firewalls on both the network and the host. Finally, run configuration and system management so machines stay secure over their whole lifetime. Think of it as basic hygiene that quietly prevents most infections.
What is a botnet, and how do you keep systems out of one?
A botnet is a collection of infected computers, often called bots or zombies, commanded by a criminal bot herder through command-and-control servers to launch attacks, spam, or phishing. Machines usually join after a malware infection. The best defense is defense in depth: keep anti-malware current and systems patched, educate users against phishing and password tricks, and keep browsers and their plug-ins updated without disabling built-in protections like sandboxing.
What is a denial of service attack?
A denial of service attack stops a system from serving legitimate requests. One common form floods a server with more packets than it can process, and another exploits a known flaw to crash the system or pin its processor. The result is degraded performance, crashes, reboots, or blocked service. A basic denial of service comes from a single source against a single target, and attackers usually spoof the source address to stay anonymous.
What makes a distributed denial of service worse?
In a distributed denial of service attack, many systems strike a single target at the same time. Attackers rarely round up volunteers; they compromise many machines or simply point a botnet at the victim, so the flood arrives from thousands of directions at once. These attacks typically target internet-facing systems, and dedicated mitigation services can filter enough malicious traffic that users barely notice. A reflective variant bounces traffic off other services so it lands from innocent-looking sources.
📚 Master the ISC2 CISSP Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in CISSP 17.2 - Implementing Detection & Preventive Measures (Part 1 of 5).