ISC CISSP - Certified Information Systems Security Professional (CISSP)

Copyright is a form of intellectual property that grants the author or creator of an original work the exclusive right to reproduce, distribute, perform, display, or license the work. Copyright does not protect ideas, concepts, facts, discoveries, or methods, but only the particular expression of an idea in a tangible medium, such as a book, a song, a painting, or a software program12. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 3, page 2872: CISSP For Dummies, 7th Edition, Chapter 3, page 87.

Permission is the type of authorized interactions a subject can have with an object. Permission is a rule or a setting that defines the specific actions or operations that a subject can perform on an object, such as read, write, execute, or delete1. Permission is usually granted by the owner or the administrator of the object, and can be based on the identity, role, or group membership of the subject. Control, procedure, and protocol are not types of authorized interactions a subject can have with an object, as they are related to different aspects of access control or security. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 6, page 355.

The most effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information is to implement logical network segmentation at the switches. Logical network segmentation is the process of dividing a network into smaller subnetworks or segments based on criteria such as function, role, or access level. This way, the organization can isolate the traffic and data of different segments, and limit the exposure and impact of an attack. If the attacker has installed a sniffer onto an inside computer, logical network segmentation can prevent the sniffer from capturing the traffic and data of other segments, thus reducing the information leakage. The other options are not as effective as logical network segmentation, as they either do not prevent the sniffer from capturing the traffic and data (A and B), or do not detect or stop the attack ©. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 4, page 163; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 4, page 173.

 Statistical anomaly is a network intrusion detection technique that compares the current network activity with a baseline of normal behavior, and detects any deviations that exceed a predefined threshold. Statistical anomaly can identify unknown or novel attacks, but it may also generate false positives if the baseline is not updated or the threshold is not set properly12. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7, page 7702: CISSP For Dummies, 7th Edition, Chapter 7, page 237.

A privileged identity lifecycle management is a process of managing the access rights and activities of users who have elevated permissions to access sensitive data or resources in an organization2. An essential element of a privileged identity lifecycle management is to regularly perform account re-validation and approval, which means verifying that the privileged users still need their access rights and have them approved by the appropriate authority. This can help prevent unauthorized or excessive access, reduce the risk of insider threats, and ensure compliance with policies and regulations. Account provisioning based on multi-factor authentication, frequently review performed activities and request justification, and account information to be provided by supervisor or line manager are also important aspects of a privileged identity lifecycle management, but they are not as essential as account re-validation and approval. References: 2: Official (ISC)2 CISSP CBK Reference, 5th Edition, Chapter 5, page 283.

 A sandbox is a security mechanism that isolates a potentially malicious code or application from the rest of the system, preventing it from accessing or modifying any sensitive data or resources1. A sandbox can be implemented at the operating system, application, or network level, and can provide a safe environment for testing, debugging, or executing untrusted code. A sandbox is the most effective countermeasure to a malicious code attack against a mobile system, as it can prevent the code from spreading, stealing, or destroying any information on the device. Change control, memory management, and PKI are not directly related to preventing or mitigating malicious code attacks on mobile systems. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8, page 507.

 Hashing files during chain of custody handling ensures integrity, which means that the files have not been altered or tampered with during the collection, preservation, or analysis of digital evidence1. Hashing is a process of applying a mathematical function to a file to generate a unique value, called a hash or a digest, that represents the file’s content. By comparing the hash values of the original and the copied files, the integrity of the files can be verified. Availability, accountability, and non-repudiation are not ensured by hashing files during chain of custody handling, as they are related to different aspects of information security. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 10, page 633.

Alternate encoding such as hexadecimal representations is most often observed in cross site scripting (XSS) attacks. XSS is a type of web application attack that involves injecting malicious code or scripts into a web page or a web application, usually through user input fields or parameters. The malicious code or script is then executed by the victim’s browser, and can perform various actions, such as stealing cookies, session tokens, or credentials, redirecting to malicious sites, or displaying fake content. Alternate encoding is a technique that is used by attackers to bypass input validation or filtering mechanisms, and to conceal or obfuscate the malicious code or script. Alternate encoding can use hexadecimal, decimal, octal, binary, or Unicode representations of the characters or symbols in the code or script . References: : What is Cross-Site Scripting (XSS)? : XSS Filter Evasion Cheat Sheet

The Encapsulating Security Payload (ESP) provides integrity and confidentiality for network communications. ESP is a protocol that is part of the IPsec suite, which is a set of protocols and standards that provide security for Internet Protocol (IP) communications. ESP encrypts the payload of an IP packet, which is the data portion of the packet, to provide confidentiality. ESP also adds a trailer and an authentication data field to the packet, to provide integrity. ESP does not provide authorization or availability for network communications. Authorization is the process of granting or denying access to resources based on the identity or role of the requester. Availability is the property of ensuring that resources are accessible and usable by authorized parties when needed. ESP does not perform authorization or availability functions, but it may support or complement them. 

Separation of duties is a security management control that divides a critical or sensitive task into two or more parts, and assigns them to different individuals or groups. This reduces the risk of fraud, error, or abuse of authority, as no single person or group can perform the entire task without the cooperation or oversight of others. Separation of duties is most often broken by collusion, which is a secret or illegal agreement between two or more parties to bypass the control and achieve a common goal12. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1, page 352: CISSP For Dummies, 7th Edition, Chapter 1, page 23.