d$.$ Identify and explain one ethical hacking step that is not performed by black hat hackers.The International Information Systems Security Certification Consortium $($ISC$){?}^2$ and ISO defined $8$

security domains and $14$ ISO $27001$ control sets $($Controls$)$ respectively.

CISSP Security Domains and ISO $27001$ Control sets. $[10$ marks$]$

a$.$ What was the motive of $($ISC$){?}^2$ to create security domains?

$[2$ marks$]$

b$.$ Match these ISO$27001$ control sets to the corresponding CISSP security domains.

$[5$ marks$]$

c$.$ Which CISSP security domain covers the control of logical and physical access to assets in

an organization?

$[1$ mark$]$

d$.$ Is it compulsory to implement all security domains or control sets in an organization? Motivate

your answer?

$[2$ marks$]$

$[2$ marks$]$

e$.$ An ethical hacker has been hired to do a penetration test on a company he works for. Name

and explain the type of penetration testing he is doing,

$[2$ marks$]$

f$.$ What is the purpose of the penetration testing type performed in $"e"?$

$[1$ mark$]$