Important ISC2 CISSP Exam Questions

Answer: D

Explanation:

Remote access audit logs could cause a Denial of Service (DoS) against an authentication system. A DoS attack is a type of attack that aims to disrupt or degrade the availability or performance of a system or a network by overwhelming it with excessive or malicious traffic or requests. An authentication system is a system that verifies the identity and credentials of the users or entities that want to access the system or network resources or services. An authentication system can use various methods or factors to authenticate the users or entities, such as passwords, tokens, certificates, biometrics, or behavioral patterns.

Remote access audit logs are records that capture and store the information about the events and activities that occur when the users or entities access the system or network remotely, such as via the internet, VPN, or dial-up. Remote access audit logs can provide a reactive and detective layer of security by enabling the monitoring and analysis of the remote access behavior, and facilitating the investigation and response of the incidents.

Remote access audit logs could cause a DoS against an authentication system, because they could consume a large amount of disk space, memory, or bandwidth on the authentication system, especially if the remote access is frequent, intensive, or malicious. This could affect the performance or functionality of the authentication system, and prevent or delay the legitimate users or entities from accessing the system or network resources or services. For example, an attacker could launch a DoS attack against an authentication system by sending a large number of fake or invalid remote access requests, and generating a large amount of remote access audit logs that fill up the disk space or memory of the authentication system, and cause it to crash or slow down.

The other options are not the factors that could cause a DoS against an authentication system, but rather the factors that could improve or protect the authentication system. Encryption of audit logs is a technique that involves using a cryptographic algorithm and a key to transform the audit logs into an unreadable or unintelligible format, that can only be reversed or decrypted by authorized parties. Encryption of audit logs can enhance the security and confidentiality of the audit logs by preventing unauthorized access or disclosure of the sensitive information in the audit logs. However, encryption of audit logs could not cause a DoS against an authentication system, because it does not affect the availability or performance of the authentication system, but rather the integrity or privacy of the audit logs. No archiving of audit logs is a practice that involves not storing or transferring the audit logs to a separate or external storage device or location, such as a tape, disk, or cloud. No archiving of audit logs can reduce the security and availability of the audit logs by increasing the risk of loss or damage of the audit logs, and limiting the access or retrieval of the audit logs. However, no archiving of audit logs could not cause a DoS against an authentication system, because it does not affect the availability or performance of the authentication system, but rather the availability or preservation of the audit logs. Hashing of audit logs is a technique that involves using a hash function, such as MD5 or SHA, to generate a fixed-length and unique value, called a hash or a digest, that represents the audit logs. Hashing of audit logs can improve the security and integrity of the audit logs by verifying the authenticity or consistency of the audit logs, and detecting any modification or tampering of the audit logs. However, hashing of audit logs could not cause a DoS against an authentication system, because it does not affect the availability or performance of the authentication system, but rather the integrity or verification of the audit logs.

Topic 7, Security Operations

Answer: A

Explanation:

Secure software development is a process of designing, developing, testing, and maintaining software systems or applications that meet the security requirements and standards of the organization and the stakeholders. The best technique to facilitate secure software development is to adhere to secure coding practices for the software application under development. Secure coding practices are guidelines or principles that help to prevent or mitigate common security vulnerabilities or flaws in the software code, such as buffer overflow, injection, cross-site scripting, or broken authentication. Secure coding practices can help to improve the quality, reliability, and security of the software application, as well as reduce the cost and time of fixing the security issues later. Conducting penetration testing, developing a threat modeling review, or performing a code review process are also good techniques to facilitate secure software development, but they are not as effective or proactive as adhering to secure coding practices.Reference:CISSP All-in-One Exam Guide, Eighth Edition, Chapter 21: Software Development Security, page 1157;CISSP Official (ISC)2 Practice Tests, Third Edition, Domain 8: Software Development Security, Question 8.1, page 302.

Answer: B

Explanation:

A tamper seal is a device or material that is attached to a computer system's case to indicate whether the case has been opened or tampered with. The main purpose of placing a tamper seal on a computer system's case is to detect efforts to open the case, as the seal will be broken or damaged if someone tries to access the internal components of the system. This can help deter unauthorized access, prevent physical damage or theft, and provide evidence for forensic investigation. Raising security awareness is not the main purpose of placing a tamper seal on a computer system's case, although it may have a secondary effect of reminding users of the importance of physical security. Expediting physical auditing is not the main purpose of placing a tamper seal on a computer system's case, although it may have a secondary effect of simplifying the process of checking the integrity of the system. Making it difficult to steal internal components is not the main purpose of placing a tamper seal on a computer system's case, although it may have a secondary effect of increasing the effort and risk of the attacker.Reference:CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5: Security Architecture and Engineering, p. 409.Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 3: Security Architecture and Engineering, p. 298.

Answer: C

Explanation:

Media sanitization is the process of rendering the data on a storage device inaccessible or unrecoverable by a given level of effort. For an organization using public cloud services, the most effective media sanitization technique is cryptographic erasure, which involves encrypting the data on the device with a strong key and then deleting the key, making the data unreadable. Cryptographic erasure is suitable for cloud environments because it does not require physical access to the device, it can be performed remotely and quickly, and it does not affect the performance or lifespan of the device. Low-level formatting, secure-grade overwrite erasure, and drive degaussing are media sanitization techniques that require physical access to the device, which may not be possible or feasible for cloud users. Additionally, these techniques may not be compatible with some cloud storage technologies, such as solid-state drives (SSDs) or flash memory, and they may reduce the performance or lifespan of the device.

Answer: A

Explanation:

Due diligence is the process of gathering and analyzing information about the target organization before a merger or acquisition. The primary purpose of due diligence is to assess the business risks and opportunities associated with the transaction, such as financial, legal, operational, technical, and security aspects. Due diligence helps the acquiring organization to make informed decisions, negotiate better terms, and avoid potential liabilities or pitfalls. Due diligence is not meant to formulate alternative strategies, determine that all parties are equally protected, or provide adequate capability for all parties, although these may be secondary outcomes or objectives of the process.Reference:CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1: Security and Risk Management, page 49.Official (ISC) CISSP CBK Reference, Fifth Edition, Domain 1: Security and Risk Management, page 75.