Pass the ISC ISC 2 Credentials CISSP Questions and answers with CertsForce

The best destruction method that provides the assurance that the data has been removed from a malfunctioning PDA device is shredding. Shredding is a method of physically destroying the media, such as flash memory cards, by cutting or tearing them into small pieces that make the data unrecoverable. Shredding can be effective in removing the data from a PDA device that cannot be deleted by software or firmware methods, as it does not depend on the functionality of the device or the media. Shredding can also prevent the reuse or the recycling of the media or the device, as it renders them unusable. Knurling, grinding, and degaussing are not the best destruction methods that provide the assurance that the data has been removed from a malfunctioning PDA device, as they are related to the methods of altering the surface, the shape, or the magnetic field of the media, not the methods of cutting or tearing the media into small pieces. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7, Security Operations, page 889. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 7, Security Operations, page 905.

 The most likely cause of the inconsistent application of server security controls resulting in vulnerabilities on critical systems is a lack of baseline standards. Baseline standards are the minimum level of security controls and measures that must be applied to the servers or other assets to ensure their protection and compliance. Baseline standards help to establish a consistent and uniform security posture across the organization, and to prevent or reduce the exposure to threats and risks. If there is a lack of baseline standards, the server security controls may vary in quality, effectiveness, or completeness, resulting in vulnerabilities on critical systems. Improper documentation of security guidelines, a poorly designed security policy communication program, and ineffective Host-based Intrusion Prevention System (HIPS) policies are not the most likely causes of this issue, as they do not directly affect the application of server security controls or the existence of baseline standards. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1, Security and Risk Management, page 35. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 1, Security and Risk Management, page 48.

A synchronous token is a hardware device that generates and displays a one-time password (OTP) that changes at fixed intervals, usually based on a clock or a counter. The OTP is synchronized with the authentication server, and the user must enter the OTP within a certain time window to log in. This is an example of single factor authentication based on something the user has (the token). The other options are not correct, as they either do not match the description of the token (A and B), or do not specify the type of token ©. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 6, page 331; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 6, page 387.

The amount of data that will be collected during an audit is primarily determined by the audit scope. The audit scope is the extent and boundaries of the audit, such as the subject matter, the time period, the locations, the departments, the functions, the systems, or the processes to be audited. The audit scope defines what will be included or excluded from the audit, and it helps to ensure that the audit objectives are met and the audit resources are used efficiently and effectively. The auditor’s experience level, the availability of the data, and the integrity of the data are not the primary factors that determine the amount of data that will be collected during an audit, as they depend on the audit scope to be defined first. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1, Security and Risk Management, page 54. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 1, Security and Risk Management, page 69.

Single Sign-On (SSO) is a technology that allows users to securely access multiple applications and services using just one set of credentials, such as a username and a password56

With SSO, users do not have to remember and enter multiple passwords for different applications and services, which can improve their convenience and productivity. SSO also enhances security, as users can use stronger passwords, avoid reusing passwords, and comply with password policies more easily. Moreover, SSO reduces the risk of phishing, credential theft, and password fatigue56

SSO is based on the concept of federated identity, which means that the identity of a user is shared and trusted across different systems that have established a trust relationship. SSO uses various protocols and standards, such as SAML, OAuth, OIDC, and Kerberos, to enable the exchange of identity information and authentication tokens between the systems56

 A valid reason for keeping a customer transaction beyond the retention schedule is a pending legal hold. A legal hold is a requirement or an order to preserve certain records or data that are relevant or potentially relevant to a legal matter, such as a lawsuit, an investigation, or an audit. A legal hold can override the normal record retention schedule or policy of an organization, and can mandate the organization to retain the records or data until the legal matter is resolved or the legal hold is lifted. A pending legal hold can be a valid reason for keeping a customer transaction beyond the retention schedule, as it can ensure the compliance, evidence, or liability of the organization or the customer. Long term data mining needs, customer makes request to retain, and useful for future business initiatives are not valid reasons for keeping a customer transaction beyond the retention schedule, as they are related to the business value, preference, or strategy of the organization or the customer, not the legal obligation or necessity of the organization or the customer. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1, Security and Risk Management, page 49. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 1, Security and Risk Management, page 64.

Encrypting the entire disk and deleting the contents after a set number of failed access attempts provides the most protection against data theft of sensitive information when a laptop is stolen. This method ensures that the data is unreadable without the correct decryption key, and that the data is erased if someone tries to guess the key or bypass the encryption. Setting up a BIOS and operating system password, encrypting the virtual drive, or implementing a policy are less effective methods, as they can be circumvented by physical access, booting from another device, or copying the data to another location. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5: Identity and Access Management, p. 269; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 5: Identity and Access Management (IAM), p. 521.

The best solution to detect the use of P2P programs when the computer was connected to the office network is an Intrusion Prevention System (IPS). An IPS is a device or a software that monitors, analyzes, and blocks the network traffic based on the predefined rules or policies, and that can prevent or stop any unauthorized or malicious access or activity on the network, such as P2P programs. An IPS can detect the use of P2P programs by inspecting the network packets, identifying the P2P protocols or signatures, and blocking or dropping the P2P traffic. Anti-virus software, anti-spyware software, and integrity checking software are not the best solutions to detect the use of P2P programs when the computer was connected to the office network, as they are related to the protection, removal, or verification of the software or files on the computer, not the monitoring, analysis, or blocking of the network traffic. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 4, Communication and Network Security, page 512. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 4, Communication and Network Security, page 528.

 The best solution to provide redundancy for telecommunications links is to provide multiple links from multiple telecommunications vendors. Redundancy is the ability to maintain the availability and functionality of a system or network in the event of a failure or disruption. By providing multiple links from multiple telecommunications vendors, the organization can ensure that there is always an alternative path for data transmission, and that the failure or outage of one vendor does not affect the entire network. Providing multiple links from the same telecommunications vendor, ensuring that the telecommunications links connect to the network in one location, and ensuring that the telecommunications links connect to the network in multiple locations are not the best solutions to provide redundancy for telecommunications links, as they do not offer the same level of diversity, resilience, and fault tolerance as providing multiple links from multiple telecommunications vendors. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 4, Communication and Network Security, page 504. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 4, Communication and Network Security, page 520.

 Side channel attacks are a type of attack that exploit the physical characteristics of a system, such as power consumption, electromagnetic radiation, timing, sound, or temperature, to extract sensitive information. Secure startup mechanisms, such as secure boot or trusted boot, are primarily designed to thwart these types of attacks by verifying the integrity and authenticity of the system components before loading them into memory. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 4: Security Architecture and Design, p. 201; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 3: Security Architecture and Engineering, p. 331.

Storage Area Network (SAN): SANs are designed for centralized storage and access control mechanisms can be implemented to track users and their activities.

Backup Media, Backup Server, Database Server, Web Server: These are typically secured components within a system and would likely have user authentication and access logging mechanisms.

Laptop: Laptops are portable and might be used outside the organization's secure network. They may not have the same level of monitoring and logging as the other components, making it more difficult to hold users accountable for their access to information.

 The organization should ensure that the third party’s physical security controls are in place so that they are able to limit access to sensitive information. Physical security controls are the measures or the mechanisms that protect the physical assets, such as the hardware, the software, the media, or the personnel, from the unauthorized or the malicious access, damage, or theft. Physical security controls can include locks, fences, guards, cameras, alarms, or biometrics. The organization should ensure that the third party’s physical security controls are able to limit access to sensitive information, as it can prevent or reduce the risk of the data breach, the data loss, or the data corruption, and it can ensure the confidentiality, the integrity, and the availability of the information. The organization should also ensure that the third party’s physical security controls are compliant with the organization’s policies, standards, and regulations, and that they are audited and monitored regularly. The organization should not ensure that the third party’s physical security controls are more rigorous than the original controls, allow access by the organization staff at any time, or cannot be accessed by subcontractors of the third party, as they are related to the level, the scope, or the restriction of the physical security controls, not the ability to limit access to sensitive information. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7, Security Operations, page 849. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 7, Security Operations, page 865.

The most effective method for gaining unauthorized access to a file protected with a long complex password is social engineering. Social engineering is a type of attack that exploits the human factor or the psychological weaknesses of the target, such as trust, curiosity, greed, or fear, to manipulate them into revealing sensitive information, such as passwords, or performing malicious actions, such as opening malicious attachments or clicking malicious links. Social engineering can bypass the technical security controls, such as encryption or authentication, and can be more efficient and successful than other methods that rely on brute force or guesswork. Brute force attack, frequency analysis, and dictionary attack are not the most effective methods for gaining unauthorized access to a file protected with a long complex password, as they require a lot of time, resources, and computing power, and they can be thwarted by the use of strong passwords, password policies, or password managers. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 6, Security Assessment and Testing, page 813. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 6, Security Assessment and Testing, page 829.

According to the star property (*property) of the Bell-LaPadula model, a subject with a given security clearance may write data to an object if and only if the object’s security level is greater than or equal to the subject’s security level. In other words, a subject can write data to an object with the same or higher sensitivity label, but not to an object with a lower sensitivity label. This rule is also known as the no write-down rule, as it prevents the leakage of information from a higher level to a lower level. In this question, User A has a Restricted clearance, and File 1 has a Restricted security class. Therefore, User A can write to File 1, as they have the same security level. User B, User C, and User D cannot write to File 1, as they have higher clearances than the security class of File 1, and they would violate the star property by writing down information to a lower level. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 4, Communication and Network Security, page 498. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 4, Communication and Network Security, page 514.

When implementing a secure wireless network, the option that supports authentication and authorization for individual client endpoints is Wi-Fi Protected Access 2 (WPA2) Enterprise. WPA2 is a security protocol that provides encryption and authentication for wireless networks, based on the IEEE 802.11i standard. WPA2 has two modes: Personal and Enterprise. WPA2 Personal uses a Pre-Shared Key (PSK) that is shared among all the devices on the network, and does not require a separate authentication server. WPA2 Enterprise uses an Extensible Authentication Protocol (EAP) that authenticates each device individually, using a username and password or a certificate, and requires a Remote Authentication Dial-In User Service (RADIUS) server or another authentication server. WPA2 Enterprise provides more security and granularity than WPA2 Personal, as it can support different levels of access and permissions for different users or groups, and can prevent unauthorized or compromised devices from joining the network. Temporal Key Integrity Protocol (TKIP), Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK), and Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) are not the options that support authentication and authorization for individual client endpoints, as they are related to the encryption or integrity of the wireless data, not the identity or access of the wireless devices. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 4, Communication and Network Security, page 506. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 4, Communication and Network Security, page 522.