ISC CISSP - Certified Information Systems Security Professional (CISSP)

 An advantage of link encryption in a communications network is that it encrypts all information, including headers and routing information. Link encryption is a type of encryption that is applied at the data link layer of the OSI model, and encrypts the entire packet or frame as it travels from one node to another1. Link encryption can protect the confidentiality and integrity of the data, as well as the identity and location of the nodes. Link encryption does not make key management and distribution easier, as it requires each node to have a separate key for each link. Link encryption does not protect data from start to finish through the entire network, as it only encrypts the data while it is in transit, and decrypts it at each node. Link encryption does not improve the efficiency of the transmission, as it adds overhead and latency to the communication. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7, page 419.

Contingency plan exercises are intended to train personnel in roles and responsibilities. Contingency plan exercises are simulated scenarios that test the preparedness and effectiveness of the contingency plan, which is a document that outlines the actions and procedures to be followed in the event of a disruption or disaster. Contingency plan exercises help to train the personnel involved in the contingency plan, such as the incident response team, the recovery team, and the business continuity team, in their roles and responsibilities, such as communication, coordination, decision making, and execution. Contingency plan exercises also help to identify and resolve any issues or gaps in the contingency plan, and to improve the skills and confidence of the personnel5 . References: 5: Contingency Plan Testing : Contingency Planning Guide for Federal Information Systems

Network bandwidth is the least important consideration when considering transmission security, as it is more related to the performance or efficiency of the network, rather than the security or protection of the data. Network bandwidth is the amount of data that can be transmitted or received over a network in a given time period, and it can affect the speed or quality of the communication1. However, network bandwidth does not directly impact the confidentiality, integrity, or availability of the data, which are the main goals of transmission security. Network availability, data integrity, and node locations are more important considerations when considering transmission security, as they can affect the ability to access, verify, or protect the data from unauthorized or malicious parties. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7, page 402.

Identifying the number of security flaws within the system is the best assessment metric to understand a system’s vulnerability to potential exploits. A security flaw is a weakness or a defect in the system’s design, implementation, or operation that could be exploited by an attacker to compromise the system’s confidentiality, integrity, or availability2. By identifying the number of security flaws within the system, the assessor can measure the system’s vulnerability, which is the degree to which the system is susceptible or exposed to attacks3. Determining the probability that the system functions safely during any time period, quantifying the system’s available services, and measuring the system’s integrity in the presence of failure are not assessment metrics that directly relate to the system’s vulnerability to potential exploits, as they are more concerned with the system’s reliability, availability, and resilience. References: 2: CISSP For Dummies, 7th Edition, Chapter 8, page 2173: Official (ISC)2 CISSP CBK Reference, 5th Edition, Chapter 8, page 461.

Identification of data location is a must-have clause in a contract to support electronic discovery of data stored in a cloud environment. Electronic discovery, or e-discovery, is the process of identifying, preserving, collecting, processing, reviewing, and producing electronically stored information (ESI) that is relevant to a legal case or investigation1. In a cloud environment, where data may be stored in multiple locations, jurisdictions, or servers, it is essential to have a clear and contractual agreement on how and where the data can be accessed, retrieved, and produced for e-discovery purposes. Identification of data location can help ensure the availability, integrity, and admissibility of the data as evidence. Integration with organizational directory services for authentication, tokenization of data, and accommodation of hybrid deployment models are not mandatory clauses for e-discovery support, as they are more related to the security, privacy, and flexibility of the cloud service, rather than the legal aspects of data discovery. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 10, page 647.

The most important thing to do when promoting a security awareness program to senior management is to show the need for security; identify the message and the audience. This means that you should demonstrate how security awareness can benefit the organization, reduce risks, and align with the business goals. You should also tailor your message and your audience according to the specific security issues and challenges that your organization faces. Ensuring that the security presentation is designed to be all-inclusive, notifying them that their compliance is mandatory, or explaining how hackers have enhanced information security are not the most effective ways to promote a security awareness program, as they may not address the specific needs, interests, or concerns of senior management. References: 9: Seven Keys to Success for a More Mature Security Awareness Program1011: 6 Metrics to Track in Your Cybersecurity Awareness Training Campaign

 A Trusted Platform Module (TPM) is a hardware device that wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device. A TPM is a secure cryptoprocessor that generates, stores, and protects cryptographic keys and other sensitive data. A TPM can be used to implement full disk encryption, which is a technique that encrypts the entire contents of a hard disk drive, making it unreadable without the correct decryption key. A TPM can wrap the decryption key, which means that it encrypts the key with another key that is stored in the TPM and can only be accessed by authorized software. A TPM can also tie the hard disk drive to a particular device, which means that it verifies the identity and integrity of the device before allowing the decryption of the hard disk drive. This prevents unauthorized access to the data even if the hard disk drive is physically removed and attached to another device. A Preboot eXecution Environment (PXE), a Key Distribution Center (KDC), and a Simple Key-Management for Internet Protocol (SKIP) are not devices or techniques that wrap the decryption key of a full disk encryption implementation and tie the hard disk drive to a particular device. A PXE is a protocol that enables a device to boot from a network server without a local operating system or storage device. A KDC is a server that issues and manages cryptographic keys and tickets for authentication and encryption in a Kerberos system. A SKIP is a protocol that provides secure key exchange and authentication for IPsec.

The best way to prevent security flaws occurring in outsourced software development is to establish contractual requirements for code quality that specify the security standards, guidelines, and best practices that the outsourced developers must follow. This way, the organization can ensure that the outsourced software meets the expected level of security and quality, and that any security flaws are detected and remediated before delivery. The other options are not as effective as contractual requirements for code quality, as they either do not address the security aspects of the software development (B and D), or do not prevent the security flaws from occurring in the first place ©. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8, page 472; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 8, page 572.

An attacker is most likely to target programs that write to system resources to gain privileged access to a system. System resources are the hardware and software components that are essential for the operation and functionality of a system, such as the CPU, memory, disk, network, operating system, drivers, libraries, etc. Programs that write to system resources may have higher privileges or permissions than programs that write to user directories or log files. An attacker may exploit vulnerabilities or flaws in these programs to execute malicious code, escalate privileges, or bypass security controls. Programs that write to user directories or log files are less likely to be targeted by an attacker, as they may have lower privileges or permissions, and may not contain sensitive information or system calls. User directories are the folders or locations where users store their personal files or data. Log files are the records of events or activities that occur in a system or application. 

A change control board (CCB) is a group of stakeholders who are responsible for reviewing, approving, and monitoring changes to an organization’s production infrastructure configuration. A production infrastructure configuration is the set of hardware, software, network, and environmental components that support the operation of an information system. Changes to the production infrastructure configuration can affect the security, performance, availability, and functionality of the system. Therefore, changes must be carefully planned, tested, documented, and authorized before implementation. A CCB ensures that changes are aligned with the organization’s objectives, policies, and standards, and that changes do not introduce any adverse effects or risks to the system or the organization. A CCB is not the same as technical management, system operations, or system users, who may be involved in the change management process, but do not have the authority to approve changes. 

The best security solution for two companies that wish to share electronic inventory and purchase orders in a supplier and client relationship is to set up a Virtual Private Network (VPN) between the two companies. A VPN is a secure and encrypted connection that allows the two companies to exchange data over a public network, such as the internet, as if they were on a private network. A VPN protects the confidentiality, integrity, and availability of the data, and prevents unauthorized access, interception, or modification by third parties. A VPN also provides authentication, authorization, and accounting of the users and devices that access the data . References: : What is a VPN and how does it work? Your guide to internet privacy and security : What is a VPN?

Black box testing is a method of software testing that does not require any knowledge of the internal structure or code of the software1. The test planner only knows the functional specifications, which describe what the software is supposed to do, and tests the software based on the expected inputs and outputs. Black box testing is useful for finding errors in the functionality, usability, or performance of the software, but it cannot detect errors in the code or design. White box testing, on the other hand, requires the test planner to have access to the source code and the design documents, and tests the software based on the internal logic and structure2. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 21, page 13132: CISSP For Dummies, 7th Edition, Chapter 8, page 215.

Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to establish a secure initial state. A TPM is a hardware device that provides cryptographic functions and secure storage for keys, certificates, passwords, and other sensitive data. A TPM can also measure and verify the integrity of the system components, such as the BIOS, boot loader, operating system, and applications, before they are executed. This process is known as trusted boot or measured boot, and it ensures that the system is in a known and trusted state before allowing access to the user or network. A TPM can also enable features such as disk encryption, remote attestation, and platform authentication12. References: 1: What is a Trusted Platform Module (TPM)?32: Trusted Platform Module (TPM) Fundamentals4

The first security action that should be taken when computer personnel are terminated from their jobs is to remove their computer access. Computer access is the ability to log in, use, or modify the computer systems, networks, or data of the organization3. Removing computer access can prevent the terminated personnel from accessing or harming the organization’s information assets, or from stealing or leaking sensitive or confidential data. Removing computer access can also reduce the risk of insider threats, such as sabotage, fraud, or espionage. Requiring them to turn in their badge, conducting an exit interview, and reducing their physical access level to the facility are also important security actions that should be taken when computer personnel are terminated from their jobs, but they are not as urgent or critical as removing their computer access. References: 3: Official (ISC)2 CISSP CBK Reference, 5th Edition, Chapter 5, page 249.

Header analysis is an example of an anti-spam approach that checks the routing information on e-mail to determine if it is in a valid format and contains valid information. The routing information, or the header, is the part of the e-mail that contains the sender, the recipient, the subject, the date, and the path of the e-mail. Header analysis can detect spam by looking for inconsistencies, anomalies, or falsifications in the header, such as mismatched domains, spoofed addresses, forged timestamps, or invalid characters34. References: 3: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 6, page 6744: CISSP For Dummies, 7th Edition, Chapter 6, page 205.