CISSP Questions and Answers

Transport

Data link

Network

Application

Property book

Chain of custody form

Search warrant return

Evidence tag

Operating system and version, patch level, applications running, and versions.

List of system changes, test reports, and change approvals

Last vulnerability assessment report and initial risk assessment report

Date of last update, test report, and accreditation certificate

Notification tool

Message queuing tool

Security token tool

Synchronization tool

Tactical, strategic, and financial

Management, operational, and technical

Documentation, observation, and manual

Standards, policies, and procedures

Point-to-Point Tunneling Protocol (PPTP)

Routing Information Protocol (RIP)

Password Authentication Protocol (PAP)

Challenge Handshake Authentication Protocol (CHAP)

Calculate the value of assets being accredited.

Create a list to include in the Security Assessment and Authorization package.

Identify obsolete hardware and software.

Define the boundaries of the information system.

Application authentication

Input validation

Digital signing

Device encryption

The network administrators have no knowledge of ICS

The ICS is now accessible from the office network

The ICS does not support the office password policy

RS422 is more reliable than Ethernet

Password requirements are simplified.

Risk associated with orphan accounts is reduced.

Segregation of duties is automatically enforced.

Data confidentiality is increased.

undergo a security assessment as part of authorization process

establish a risk management strategy

harden the hosting server, and perform hosting and application vulnerability scans

establish policies and procedures on system and services acquisition

Implementation

Initiation

Review

Development

Increased console lockout times for failed logon attempts

Reduce the group in size

A credential check-out process for a per-use basis

Full logging on affected systems

Denial of Service (DoS) attacks and outdated hardware

Unauthorized transactions and outdated hardware

Fire and accidental changes to data

Unauthorized transactions and denial of service attacks

Transport layer handshake compression

Application layer negotiation

Peer identity authentication

Digital certificate revocation

Enumeration

Reporting

Detection

Discovery

Connect the device to another network jack

Apply remediation’s according to security requirements

Apply Operating System (OS) patches

Change the Message Authentication Code (MAC) address of the network interface

Erase

Sanitize

Encrypt

Degauss

Use concurrent access for shared variables and resources

Use checksums to verify the integrity of libraries

Use new code for common tasks

Use dynamic execution functions to pass user supplied data

Remove the anonymity from the proxy

Analyze Internet Protocol (IP) traffic for proxy requests

Disable the proxy server on the firewall

Block the Internet Protocol (IP) address of known anonymous proxies

Log timestamp

Live session traffic

Session state variables

Test scripts

Diffie-Hellman algorithm

Secure Sockets Layer (SSL)

Advanced Encryption Standard (AES)

Message Digest 5 (MD5)

Hashing the data before encryption

Hashing the data after encryption

Compressing the data after encryption

Compressing the data before encryption

Implementation Phase

Initialization Phase

Cancellation Phase

Issued Phase

Confidentiality

Integrity

Identification

Availability

Code signing

Class authentication

Sandboxing

Type safety

It is not necessary to protect PII as long as it is in the hands of the provider.

A security agreement with a Cloud Service Provider (CSP) was required so there is no concern.

The personal information should be maintained separately connected with a one-way reference.

The personal information can be hashed and then the data can be sent to an outside processor.

Data availability

Data sensitivity

Data ownership

Data integrity

Test

Assessment

Review

Peer review

Induces less risk than over testing

Tests staff knowledge and Implementation of the organization's security policy

Focuses an Identifying vulnerabilities

Tests and validates all security controls in the organization

Watering hole

Brute force

Spear phishing

Address Resolution Protocol (ARP) poisoning

Provision

Approve

Request

Review

Check electronic storage media to ensure records are not retained past their destruction date.

Ensure authorized personnel are in possession of paper copies containing Personally Identifiable Information….

Check that hard disks containing backup data that are still within a retention cycle are being destroyed….

Ensure that data shared with outside organizations is no longer on a retention schedule.

User awareness

Two-factor authentication

Anti-phishing software

Periodic vulnerability scan

Send the log file co-workers for peer review

Include the full network traffic logs in the incident report

Follow organizational processes to alert the proper teams to address the issue.

Ignore data as it is outside the scope of the investigation and the analyst’s role.

Common Vulnerabilities and Exposures (CVE)

Common Vulnerability Scoring System (CVSS)

Asset Reporting Format (ARF)

Open Vulnerability and Assessment Language (OVAL)

Data owner

Data architect

Chief Information Security Officer (CISO)

Chief Information Officer (CIO)

Assigned security label

Multilevel Security (MLS) architecture

Minimum query size

Passage of time

Identify the contractual security obligations that apply to the organizations

Understand the value of the information assets

Identify the level of residual risk that is tolerable to management

Identify relevant legislative and regulatory compliance requirements

Platform as a Service (PaaS)

Identity as a Service (IDaaS)

Desktop as a Service (DaaS)

Software as a Service (SaaS)

Personal Identity Verification (PIV)

Cardholder Unique Identifier (CHUID) authentication

Physical Access Control System (PACS) repeated attempt detection

Asymmetric Card Authentication Key (CAK) challenge-response

The department should report to the business owner

Ownership of the asset should be periodically reviewed

Individual accountability should be ensured

All members should be trained on their responsibilities

system security managers

business managers

Information Technology (IT) managers

end users

Ensuring quality and validation through periodic audits for ongoing data integrity

Maintaining fundamental data availability, including data storage and archiving

Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

Determining the impact the information has on the mission of the organization

The process will require too many resources

It will be difficult to apply to both hardware and software

It will be difficult to assign ownership to the data

The process will be perceived as having value

Challenge Handshake Authentication Protocol (CHAP)

Point-to-Point Protocol (PPP)

Extensible Authentication Protocol (EAP)

Password Authentication Protocol (PAP)

encrypt the contents of the repository and document any exceptions to that requirement.

utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.

keep individuals with access to high security areas from saving those documents into lower security areas.

require individuals with access to the system to sign Non-Disclosure Agreements (NDA).

Determine the cause of the incident

Disconnect the system involved from the network

Isolate and contain the system involved

Investigate all symptoms to confirm the incident

Take the computer to a forensic lab

Make a copy of the hard drive

Start documenting

Turn off the computer

When it has been validated by the Business Continuity (BC) manager

When it has been validated by the board of directors

When it has been validated by all threat scenarios

When it has been validated by realistic exercises

Walkthrough

Simulation

Parallel

White box

Continuously without exception for all security controls

Before and after each change of the control

At a rate concurrent with the volatility of the security control

Only during system implementation and decommissioning

Certify and approve releases to the environment

Provide version rollbacks for system changes

Ensure that all applications are approved

Ensure accountability for changes to the environment

Guaranteed recovery of all business functions

Minimization of the need decision making during a crisis

Insurance against litigation following a disaster

Protection from loss of organization resources

Absence of a Business Intelligence (BI) solution

Inadequate cost modeling

Improper deployment of the Service-Oriented Architecture (SOA)

Insufficient Service Level Agreement (SLA)

Disable all unnecessary services

Ensure chain of custody

Prepare another backup of the system

Isolate the system from the network

Consolidation of multiple providers

Directory synchronization

Web based logon

Automated account management

Collecting security events and correlating them to identify anomalies

Facilitating system-wide visibility into the activities of critical user accounts

Encompassing people, process, and technology

Logging both scheduled and unscheduled system changes

Warm site

Hot site

Mirror site

Cold site

Hardware and software compatibility issues

Applications’ critically and downtime tolerance

Budget constraints and requirements

Cost/benefit analysis and business objectives

Transport layer

Application layer

Network layer

Session layer

Add a new rule to the application layer firewall

Block access to the service

Install an Intrusion Detection System (IDS)

Patch the application source code

Implement packet filtering on the network firewalls

Install Host Based Intrusion Detection Systems (HIDS)

Require strong authentication for administrators

Implement logical network segmentation at the switches

Layer 2 Tunneling Protocol (L2TP)

Link Control Protocol (LCP)

Challenge Handshake Authentication Protocol (CHAP)

Packet Transfer Protocol (PTP)

Link layer

Physical layer

Session layer

Application layer

To send excessive amounts of data to a process, making it unpredictable

To intercept network traffic without authorization

To disguise the destination address from a target’s IP filtering devices

To convince a system that it is communicating with a known entity

Intrusion Prevention Systems (IPS)

Intrusion Detection Systems (IDS)

Stateful firewalls

Network Behavior Analysis (NBA) tools

Packet filtering

Port services filtering

Content filtering

Application access control

Least privilege

Privilege escalation

Defense in depth

Privilege bracketing

Debug the security issues

Migrate to newer, supported applications where possible

Conduct a security assessment

Protect the legacy application with a web application firewall

System acquisition and development

System operations and maintenance

System initiation

System implementation

Purchase software from a limited list of retailers

Verify the hash key or certificate key of all updates

Do not permit programs, patches, or updates from the Internet

Test all new software in a segregated environment

Check arguments in function calls

Test for the security patch level of the environment

Include logging functions

Digitally sign each application module

Lack of software documentation

License agreements requiring release of modified code

Expiration of the license agreement

Costs associated with support of the software

After the system preliminary design has been developed and the data security categorization has been performed

After the vulnerability analysis has been performed and before the system detailed design begins

After the system preliminary design has been developed and before the data security categorization begins

After the business functional analysis and the data security categorization have been performed

Logs may be unavailable when required

Timely review of the data is potentially difficult

Most systems and applications do not support logging

Logs do not provide sufficient details of system and individual activities

Failure to perform interface testing

Failure to perform negative testing

Inadequate performance testing

Inadequate application level testing

Testing and Evaluation (TE) personnel changes

Changes to core missions or business processes

Increased Cross-Site Request Forgery (CSRF) attacks

Changes in Service Organization Control (SOC) 2 reporting requirements

Prevent information about browsing activities from being stored in the cloud.

Store browsing activities in the cloud.

Prevent information about browsing activities farm being stored on the personal device.

Store information about browsing activities on the personal device.

Session hijacking

Cross-site request forgery (CSRF)

Cross-Site Scripting (XSS)

Command injection

A network-based firewall is stateful, while a host-based firewall is stateless.

A network-based firewall controls traffic passing through the device, while a host-based firewall controls traffic destined for the device.

A network-based firewall verifies network traffic, while a host-based firewall verifies processes and applications.

A network-based firewall blocks network intrusions, while a host-based firewall blocks malware.

Payload encryption

Sender confidentiality

Sender non-repudiation

Multi-factor authentication (MFA)

Take photos of the damage

Notify all of the Board of Directors

Communicate with the press following the communications plan

Dispatch personnel to the disaster recovery (DR) site

To provide each manager with precise direction on selecting an appropriate recovery alternative

To demonstrate to the regulatory bodies that the company takes business continuity seriously

To demonstrate to the board of directors that senior management is committed to continuity recovery efforts

To provide a formal declaration from senior management as required by internal audit to demonstrate sound business practices

Full functional drill

Full table top

Full simulation

Full interruption

A database of risks associated with a specific information system.

A table of risk management factors for management to consider.

A two-dimensional picture of risk for organizations, products, projects, or other items of interest.

A tool for determining risk management decisions for an activity or system.

Prevent unauthorized modification of data.

Restore the system after an incident.

Detect security events and incidents.

Protect individual components from exploitation

Data at rest has been compromised when the user has authenticated to the device.

Data on the device cannot be restored from backup.

Data in transit has been compromised when the user has authenticated to the device.

Data on the device cannot be backed up.

Establish an ISCM technical architecture.

Collect the security-related information required for metrics, assessments, and reporting.

Establish an ISCM program determining metrics, status monitoring frequencies, and control assessment frequencies.

Define an ISCM strategy based on risk tolerance.

Review the CISSP guidelines for performing a vulnerability assessment before proceeding to complete it

Review the PCI requirements before performing the vulnerability assessment

Inform the CISO that they are unable to perform the task because they should render only those services for which they are fully competent and qualified

Since they are CISSP certified, they have enough knowledge to assist with the request, but will need assistance in order to complete it in a timely manner

Leave the hard drive in place and use only verified and authenticated Operating Systems (OS) utilities ...

Log into the system and immediately make a copy of all relevant files to a Write Once, Read Many ...

Remove the hard drive from the system and make a copy of the hard drive's contents using imaging hardware.

Use a separate bootable device to make a copy of the hard drive before booting the system and analyzing the hard drive.

An attack which forces an end user to execute unwanted actions on a web application in which they are currently authenticated

An attack that injects a script into a web page to execute a privileged command

An attack that makes an illegal request across security zones and thereby forges itself into the security database of the system

An attack that forges a false Structure Query Language (SQL) command across systems

Enumeration

Detection

Reporting

Discovery

Move ahead with the acpjisition process, and purchase the flagship software

Conduct a security review of the OS

Perform functionality testing

Enter into contract negotiations ensuring Service Level Agreements (SLA) are established to include security patching

Antivirus operations

Reverse engineering

Memory forensics

Logfile analysis

Large Key encryption

Single integrity protection

Embedded sequence numbers

Randomly generated nonces

Media handling procedures

User roles and responsibilities

Acceptable Use Policy (ALP)

Information classification scheme

time sensitive e-communication

Voice communication

Satellite communication

Network Communication for real-time operating systems

Fire

Earthquake

Windstorm

Flood

Ensure the fire prevention and detection systems are sufficient to protect personnel

Review the architectural plans to determine how many emergency exits are present

Conduct a gap analysis of a new facilities against existing security requirements

Revise the Disaster Recovery and Business Continuity (DR/BC) plan

Examine the device for physical tampering

Implement more stringent baseline configurations

Purge or re-image the hard disk drive

Change access codes

Application

Storage

Power

Network

Install mantraps at the building entrances

Enclose the personnel entry area with polycarbonate plastic

Supply a duress alarm for personnel exposed to the public

Hire a guard to protect the public area

Development, testing, and deployment

Prevention, detection, and remediation

People, technology, and operations

Certification, accreditation, and monitoring

determine the risk of a business interruption occurring

determine the technological dependence of the business processes

Identify the operational impacts of a business interruption

Identify the financial impacts of a business interruption

Only when assets are clearly defined

Only when standards are defined

Only when controls are put in place

Only procedures are defined

Network redundancies are not implemented

Security awareness training is not completed

Backup tapes are generated unencrypted

Users have administrative privileges

Owner’s ability to realize financial gain

Owner’s ability to maintain copyright

Right of the owner to enjoy their creation

Right of the owner to control delivery method

Host VM monitor audit logs

Guest OS access controls

Host VM access controls

Guest OS audit logs

Change management processes

User administration procedures

Operating System (OS) baselines

System backup documentation

Encryption of audit logs

No archiving of audit logs

Hashing of audit logs

Remote access audit logs

Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

Management teams will understand the testing objectives and reputational risk to the organization

Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Quarterly access reviews

Security continuous monitoring

Business continuity testing

Annual security training

Trusted third-party certification

Lightweight Directory Access Protocol (LDAP)

Security Assertion Markup language (SAML)

Cross-certification

Access is based on rules.

Access is determined by the system.

Access is based on user's role.

Access is based on data sensitivity.

They should be recycled to save energy.

They should be recycled according to NIST SP 800-88.

They should be inspected and sanitized following the organizational policy.

They should be inspected and categorized properly to sell them for reuse.

Improved credential interoperability

Control over system configuration

Lower infrastructure capital costs

Reduced administrative overhead

Level of assurance of the Target of Evaluation (TOE) in intended operational environment

Selection to meet the security objectives stated in test documents

Security behavior expected of a TOE

Definition of the roles and responsibilities

poor governance over security processes and procedures

immature security controls and procedures

variances against regulatory requirements

unanticipated increases in security incidents and threats

Policies are used to enforce violations, and procedures create penalties

Policies point to guidelines, and procedures are more contractual in nature

Policies are included in awareness training, and procedures give guidance

Policies are generic in nature, and procedures contain operational details

enhance the skills required to create, maintain, and execute the plan.

provide for a high level of recovery in case of disaster.

describe the recovery organization to new employees.

provide each recovery team with checklists and procedures.

Qualitative analysis

Quantitative analysis

Remediation

System security categorization

Retention

Reporting

Recovery

Remediation

Application interface entry and endpoints

The likelihood and impact of a vulnerability

Countermeasures and mitigations for vulnerabilities

A data flow diagram for the application and attack surface analysis

Discretionary Access Control (DAC) procedures

Mandatory Access Control (MAC) procedures

Data link encryption

Segregation of duties

data classification labeling.

page views within an application.

authorizations granted to the user.

management accreditation.

Ensure end users are aware of the planning activities

Validate all regulatory requirements are known and fully documented

Develop training and awareness programs that involve all stakeholders

Ensure plans do not violate the organization's cultural objectives and goals

Data Redaction

Data Minimization

Data Encryption

Data Storage

Brute force

Tampering

Information disclosure

Denial of Service (DoS)

Encrypt communications between the servers

Encrypt the web server traffic

Implement server-side filtering

Filter outgoing traffic at the perimeter firewall

Formal acceptance of the security strategy

Disciplinary actions taken against unethical behavior

Development of an awareness program for new employees

Audit of all organization system configurations for faults

Hash functions

Data segregation

File system permissions

Non-repudiation controls

Automatically create exceptions for specific actions or files

Determine which files are unsafe to access and blacklist them

Automatically whitelist actions or files known to the system

Build a baseline of normal or safe system events for review

audit findings.

risk elimination.

audit requirements.

customer satisfaction.

Make changes following principle and design guidelines.

Stop the application until the vulnerability is fixed.

Report the vulnerability to product owner.

Monitor the application and review code.

Experience in the industry

Definition of security profiles

Human resource planning efforts

Procedures in systems development

Executive sponsorship

Information security sponsorship

End-user acceptance

Internal audit acceptance

Text editors, database, and Internet phone applications

Email, presentation, and database applications

Image libraries, presentation and spreadsheet applications

Email, media players, and instant messaging applications

It drives audit processes.

It supports risk assessment.

It reduces asset vulnerabilities.

It minimizes system logging requirements.

Information security

Departmental management

Data custodian

Data owner

least privilege.

rule based access controls.

Mandatory Access Control (MAC).

separation of duties.

Data integrity

Access accountability

Encryption logging format

Segregation of duties

Policies

Frameworks

Metrics

Guidelines