Pass the ISC ISC 2 Credentials CISSP Questions and answers with CertsForce

Logical access control programs are most effective when they are made part of the operating system. Logical access control is the process of granting or denying access to information or resources based on the identity, role, or credentials of the user or device3. Logical access control programs, such as authentication, authorization, and auditing mechanisms, can be implemented at different levels of the system, such as the application, the database, or the network. However, the most effective level is the operating system, as it provides the lowest and most comprehensive layer of access control, and can enforce the principle of least privilege and the separation of duties for all users and processes. Approval by external auditors, combination with security token technology, and maintenance by computer security officers are not factors that affect the effectiveness of logical access control programs, as they are more related to the compliance, assurance, and administration of the access control policies. References: 3: Official (ISC)2 CISSP CBK Reference, 5th Edition, Chapter 5, page 247. : CISSP All-in-One Exam Guide, Eighth Edition, Chapter 6, page 353.

 Hashing files during chain of custody handling ensures integrity, which means that the files have not been altered or tampered with during the collection, preservation, or analysis of digital evidence1. Hashing is a process of applying a mathematical function to a file to generate a unique value, called a hash or a digest, that represents the file’s content. By comparing the hash values of the original and the copied files, the integrity of the files can be verified. Availability, accountability, and non-repudiation are not ensured by hashing files during chain of custody handling, as they are related to different aspects of information security. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 10, page 633.

The most relevant reading material for researching an organization’s legal obligations to protect privacy-related information is the privacy-related regulations enforced by governing bodies applicable to the organization. These regulations define the legal requirements, standards, and penalties for collecting, processing, storing, and disclosing personal or sensitive information of individuals or entities. The organization must comply with these regulations to avoid legal liabilities, fines, or sanctions. The other options are not as relevant as privacy-related regulations, as they either do not reflect the legal obligations of the organization (A and C), or do not apply to all types of privacy-related information (D). References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1, page 22; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 1, page 31.

Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol in which a new random number is generated uniquely for each login session. CHAP is used to authenticate a user or a system over a Point-to-Point Protocol (PPP) connection, such as a dial-up or a VPN connection. CHAP works as follows: The server sends a challenge message to the client, which contains a random number. The client calculates a response by applying a one-way hash function to the random number and its own secret key, and sends the response back to the server. The server performs the same calculation using the same random number and the secret key stored in its database, and compares the results. If they match, the authentication is successful. CHAP provides more security than Password Authentication Protocol (PAP), which sends the username and password in clear text over the network . References: : CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5, page 516. : CISSP For Dummies, 7th Edition, Chapter 5, page 151.

Mutual authentication is the process of verifying the identity of both parties in a communication. The computer system authenticates the user by verifying their credentials, such as username and password, biometrics, or tokens. The user authenticates the computer system by verifying its identity, such as a digital certificate, a trusted third party, or a challenge-response mechanism34. References: 3: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5, page 5154: CISSP For Dummies, 7th Edition, Chapter 5, page 151.

A cold site is a backup facility with little or no hardware equipment installed. It is the most cost-effective option among the three disaster recovery sites, but it takes a lot of time to properly set it up and resume business operations. Therefore, testing a cold site is the most difficult and time-consuming task.

Temporal Key Integrity Protocol (TKIP) supports multicast and broadcast messages by using a group temporal key that is shared by all the devices in the same wireless network. This key is used to encrypt and decrypt the messages that are sent to multiple recipients at once. TKIP also supports unicast messages by using a pairwise temporal key that is unique for each device and session. TKIP does not support coordination of IEEE 802.11 protocols, as it is a protocol itself that was designed to replace WEP. TKIP is compatible with WEP systems, but it does not support them, as it provides more security features than WEP. TKIP does not support synchronization of multiple devices, as it does not provide any clock or time synchronization mechanism . References: 1: Temporal Key Integrity Protocol - Wikipedia 2: Wi-Fi Security: Should You Use WPA2-AES, WPA2-TKIP, or Both? - How-To Geek

The least effective process for eliminating data prior to the media being discarded is high-level formatting. High-level formatting is the process of preparing a storage device, such as a hard disk or a flash drive, for data storage by creating a file system and marking the bad sectors. However, high-level formatting does not erase the data that was previously stored on the device. The data can still be recovered using data recovery tools or forensic techniques. To prevent inadvertent disclosure of restricted information, more secure methods of data sanitization should be used, such as multiple-pass overwriting, degaussing, or physical destruction34. References: 3: Delete Sensitive Data before Discarding Your Media94: Best Practices for Media Destruction10

 By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the opportunity to sniff network traffic exists. A SAN is a dedicated network that connects storage devices, such as disk arrays, tape libraries, or servers, to provide high-speed data access and transfer. A SAN may use different protocols or technologies to communicate with storage devices, such as Fibre Channel, iSCSI, or NFS. By allowing storage communications to run on top of TCP/IP, a common network protocol that supports internet and intranet communications, a SAN may leverage the existing network infrastructure and reduce costs and complexity. However, this also exposes the storage communications to the same risks and threats that affect the network communications, such as sniffing, spoofing, or denial-of-service attacks. Sniffing is the act of capturing or monitoring network traffic, which may reveal sensitive or confidential information, such as passwords, encryption keys, or data. By allowing storage communications to run on top of TCP/IP with a SAN, the confidentiality of the traffic is not protected, unless encryption or other security measures are applied. The opportunity for device identity spoofing is not eliminated, as an attacker may still impersonate a legitimate storage device or server by using a forged or stolen IP address or MAC address. The storage devices are not protected against availability attacks, as an attacker may still disrupt or overload the network or the storage devices by sending malicious or excessive packets or requests.

 The ultimate objective of information classification is to ensure that information assets receive an appropriate level of protection in accordance with their importance and sensitivity to the organization. Information classification is the process of assigning labels or categories to information based on criteria such as confidentiality, integrity, availability, and value. Information classification helps the organization to identify the risks and threats to the information, and to apply the necessary controls and safeguards to protect it. Information classification also helps the organization to comply with the legal, regulatory, and contractual obligations related to the information12. References: 1: Information Classification - Why it matters?32: ISO 27001 & Information Classification: Free 4-Step Guide4

The first security action that should be taken when computer personnel are terminated from their jobs is to remove their computer access. Computer access is the ability to log in, use, or modify the computer systems, networks, or data of the organization3. Removing computer access can prevent the terminated personnel from accessing or harming the organization’s information assets, or from stealing or leaking sensitive or confidential data. Removing computer access can also reduce the risk of insider threats, such as sabotage, fraud, or espionage. Requiring them to turn in their badge, conducting an exit interview, and reducing their physical access level to the facility are also important security actions that should be taken when computer personnel are terminated from their jobs, but they are not as urgent or critical as removing their computer access. References: 3: Official (ISC)2 CISSP CBK Reference, 5th Edition, Chapter 5, page 249.

A privileged identity lifecycle management is a process of managing the access rights and activities of users who have elevated permissions to access sensitive data or resources in an organization2. An essential element of a privileged identity lifecycle management is to regularly perform account re-validation and approval, which means verifying that the privileged users still need their access rights and have them approved by the appropriate authority. This can help prevent unauthorized or excessive access, reduce the risk of insider threats, and ensure compliance with policies and regulations. Account provisioning based on multi-factor authentication, frequently review performed activities and request justification, and account information to be provided by supervisor or line manager are also important aspects of a privileged identity lifecycle management, but they are not as essential as account re-validation and approval. References: 2: Official (ISC)2 CISSP CBK Reference, 5th Edition, Chapter 5, page 283.

 An Information Protection Policy (IPP) is a document that defines the objectives, scope, roles, responsibilities, and rules for protecting the information assets of an organization. An IPP should be aligned with the business goals and legal requirements, and should be communicated and enforced throughout the organization. When constructing an IPP, it is important that the stated rules are necessary, adequate, and achievable, meaning that they are relevant, sufficient, and realistic for the organization’s context and capabilities34. References: 3: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1, page 234: CISSP For Dummies, 7th Edition, Chapter 1, page 15.

Identifying the number of security flaws within the system is the best assessment metric to understand a system’s vulnerability to potential exploits. A security flaw is a weakness or a defect in the system’s design, implementation, or operation that could be exploited by an attacker to compromise the system’s confidentiality, integrity, or availability2. By identifying the number of security flaws within the system, the assessor can measure the system’s vulnerability, which is the degree to which the system is susceptible or exposed to attacks3. Determining the probability that the system functions safely during any time period, quantifying the system’s available services, and measuring the system’s integrity in the presence of failure are not assessment metrics that directly relate to the system’s vulnerability to potential exploits, as they are more concerned with the system’s reliability, availability, and resilience. References: 2: CISSP For Dummies, 7th Edition, Chapter 8, page 2173: Official (ISC)2 CISSP CBK Reference, 5th Edition, Chapter 8, page 461.

Program change control is the maintenance activity that is responsible for defining, implementing, and testing updates to application systems. Program change control ensures that the changes are authorized, documented, reviewed, tested, and approved before being deployed to the production environment. Program change control also maintains a record of the changes and their impact on the system . References: : CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8, page 823. : CISSP For Dummies, 7th Edition, Chapter 8, page 263.