Explanation:
This question may be especially challenging since it contains distractors. The best approach with questions like this is to
analyze each option carefully, rule out certain options based on key words, and give the available options a rating to see
which one is CLOSEST to being the right answer.
Knowledge needed:
This question combines a few cross-domain concepts but ultimately tests your knowledge about the different control categories,
such as technical, detective, and compensating. The audit logs themselves are not any type of control (more of an output), but the
mechanism that creates them is a technical control. In this case it’s important to pay attention to wording, as “The mechanism that
creates audit logs” would definitely be a system drive process, therefore a technical control. Notice how the various responses try
to entice you with distractors.
Explanation:
Of these options, the best choice would be an updated version of LDAP to support TLS since (without knowing other factors)
the other options are simply listing components of LDAP without applicability to security. TLS addresses security and would be
the best choice in this scenario. If you have work-related experience in a certain area such as LDAP, try not to let it influence your
answer selection. The Common Body of Knowledge talks about the better version of LDAP having support for TLS.
Explanation:
This question tries to trick you by crossing concepts over domains. The question is really asking where is the baseline established?
Most likely this is in the Secure phase.
Explanation:
This question may be challenging since it contains irrelevant information. The best approach with questions like this is to take
your time in reading the question and available responses a few times to identify the irrelevant information. This will help you
to understand what the question is really asking.
Knowledge needed:
Domain 5 teaches about the various factors of authentication: something you know, something you have, and something you are.
If you require one, it’s single-factor (such as a password). If you require two or more, it’s considered multifactor.
Explanation:
This question may be especially challenging since it has multiple correct answers. The best approach with questions
like this is to rate each response according to which one would be better than the other. Whichever response has the
better rating should be the answer you select.
Knowledge needed:
If you struggled with this question, be sure to review the chapter(s) on contingency planning, steps, and RTO in your
book(s). Notice how two sites are mentioned specifically in the question, a primary site and mirror site. There is no mention
of a hot site, warm site, or cold site, so we can’t assume that any of these are being used. The best choice in this scenario is
to select the “higher level” option of “alternate” site, and we should be looking for recovery steps within the RTO. The terms
recovery and reconstitution may be interchangeable in questions like this, but in this case the answer is made obvious due to
its relationship to the RTO.
Explanation:
This question may be especially challenging since it asks the question in roundabout way. These questions are presented
with statements like “which of the following is NOT”, which is misleading for those of us who are quick readers. The best
approach with questions like this is to rephrase the question in your mind, and turn it into something like “all of these are
good options EXCEPT” and then find the choice that doesn’t fit.
Knowledge needed:
Negative tests demonstrate application behavior when there is unexpected or invalid data.
Explanation:
This question may be especially challenging since it does not have enough information to make a good choice with the
available options (the question is vague or ambiguous). The best approach with questions like this is to either think through
the process to what the eventual outcome or missing component might be, or to give the available options a rating to see
which one is CLOSEST to being the right answer.
Knowledge needed:
One of the key words in this question is ‘process’. If it were asking about a ‘system’ the nature of the question would change
entirely. This process describes a digital signature. The strength or weakness of the hashing function is irrelevant in this question.
Explanation:
This question may be challenging since it contains distractors in the available responses. The best approach with questions
like this is to analyze each option carefully, rule out certain options based on key words, and give the available options a
rating to see which one is CLOSEST to being the right answer.
Knowledge needed:
Masquerading is the correct answer, and while the audit logs may not seem useful, if the incident is detected and reported,
they may still prove to be useful.
Spoofing without repudiation or recourse would not be the right choice because an authorized account was used. Repudiation
and recourse are distractors.
Escalation of privilege with non-repudiation would not be the right choice because no escalation occurred (the account already
had elevated privileges).
Tampering, one of the damaging steps within the STRIDE model would not be the right choice because the data was not tampered
with; it was stolen/exfiltrated.
Explanation:
This question may be especially challenging since it asks the question in an overly complicated way. The best approach
with questions like this when the question is overly large is to skip to the answer options and read through each one
carefully (even ISC2 recommends reading the options before the question), and then re-read the question and try to
understand what it’s asking. Once you’ve read everything a second or third time, rate each response in terms of what’s
closest to being the right answer.
Knowledge needed:
If you got this question wrong, be sure to review the chapter on intellectual property. A digital rights management solution
would suitable to protect intellectual property.
Explanation:
This question may be especially challenging since it asks the question in roundabout way. These questions are presented
with statements like “which of the following is NOT”, which is misleading for those of us who are quick readers. The best
approach with questions like this is to rephrase the question in your mind, and turn it into something like “all of these are
good options EXCEPT” and then find the choice that doesn’t fit.
Knowledge needed:
An employee handbook that is not published is not current, and not in effect, thus it cannot be part of personnel security
despite it potentially being published in the future (note: the question doesn’t indicate that it’ll be published ever).
Explanation:
Trusted Recovery is necessary for high-security systems and allows a system to terminate its processes in a secure
manner. If a system crashes, it must restart in a secure mode in which no further compromise of system policy can
occur. The principle of open design states that the security of a mechanism should not depend on the secrecy of its
design or implementation. In object-oriented programming, the open–closed principle states “software entities
(classes, modules, functions, etc.) should be open for extension, but closed for modification”; that is, such an entity
can allow its behavior to be extended without modifying its source code. The least privilege is the concept and practice
of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to
perform routine, legitimate activities.
Explanation:
Dual Control is a security principle that requires multiple parties to be present for a task that might have severe security
implications. In this instance, it is likely best to have at least two network administrators present before a private key can
be recovered. A subset of dual control is called M of N control. M and N are variables, but this control requires M out of a
total of N administrators to be present to recover a key. Segregation of Duties is the concept of having more than one
person required to complete a sensitive task. The principle of least privilege (PoLP) refers to an information security concept
in which a user is given the minimum levels of access or permissions needed to perform his job functions. The need-to-know
principle is that access to secured data must be necessary for the conduct of the users’ job functions.
Explanation:
Open design is often thought to be better than closed design, as the openness allows for review from others in
the community. The idea is that if others have access to the code, they will help examine and review the code,
and ultimately improve it. That was not the case unfortunately with OpenSSL. If the code is not reviewed, it might
as well be a closed source. Also, ultimately the quality of the code dictates the security, much more so than whether
it is open or closed. Security through obscurity is the opposite of peer review and open design and could also be
referred to as the complexity of the design. The hierarchical trust model is like an upside-down tree structure, the root
is the starting point of trust. All nodes of the model have to trust the root CA and keep a root CA’s public-key certificate.
Explanation:
Project Initiation is traditionally the phase in which senior management pledges its support for the project.
Often in this phase, management provides a project charter, which is a formal written document in which
the project is officially authorized, a project manager is selected and named, and management makes a
commitment to support. Management’s BCP support must continue through the whole development process
and include review and feedback as well as resources for the BCP to be successful.
Explanation:
To significantly mitigate risks on the network, we have to implement security that limits connectivity to our network from
external devices. Additionally, we are concerned with monitoring software being installed on our hosts, so we want to limit
the ability of such software to be installed. Further, we want to ensure that other basic security requirements are satisfied,
such as using strong passwords, lockout policies on systems, physical security, etc.
Remember: Proactive devices PREVENT an attack, as opposed to responding to it. Network scans often detect these devices,
but they rarely prevent them. Policies describe high-level enterprise intentions which can then be implemented. Installing
antispyware is a detective/corrective control, not a proactive/preventative one.
Explanation:
The TCB (Trusted Computer Base) describes the elements of a system that enforce the security policy
and are used to determine the security capabilities of a system. This term was coined by the Orange Book.
Ring 1 elements is a mathematical term. The kernel is a computer program at the core of a computer’s
operating system that has complete control over everything in the system. It is the “portion of the operating
system code that is always resident in memory”, and facilitates interactions between hardware and software
components. (Also known as the Trusted Computer System evaluation criteria).
Some components included in the TCB are the system BIOS, the CPU, Memory, the OS kernel. In computing,
firmware[a] is a specific class of computer software that provides low-level control for a device’s specific hardware.
Firmware can either provide a standardized operating environment for more complex device software (allowing
more hardware-independence) or, for less complex devices, act as the device’s complete operating system, performing
all control, monitoring, and data manipulation functions.
Explanation:
Segregation of Duties is frequently used to limit the amount of information to which anyone individual
has access. E.G. a user cannot likely leak the password for a file server because that information is exclusively
available for those for whom their jobs require access to that information. Segregation of duties frequently
goes hand-in-hand with need-to-know and the principle of least privilege. Formal onboarding would increase
user awareness but would not necessarily be a preventative control. Job rotation would limit the risk of a user
conducting fraud, but not the risk of social engineering. Formal offboarding would not have any effect on social
engineering risk.
Explanation:
There is always a trade-off for security. Sometimes the cost comes in actual dollars spent. Often, other times,
security negatively affects performance, backward compatibility, and ease of use. An organization must look
at the overall objectives of the business considering its primary needs. Sensitive military information must be
designed with much more security than a small home/office environment that has information of little to no
value to an attacker. The level of implemented security should be commensurate with business needs at a
reasonable cost and needs to be crafted to match each enterprise’s individual needs.
Explanation:
Trust is typically defined in terms of the security features, functions, mechanisms, services, procedures, and
architectures implemented within a system. Security assurance is the measure of confidence that the security
functionality is implemented correctly, operating as intended, and producing the desired outcome based on
the reliability of the processes used to develop the system.
Explanation:
For an information system, the potential impact values assigned to the respective security objectives
(confidentiality, integrity, availability) shall be the highest values from among those security categories
that have been determined for each type of information resident on the information system. As the
highest category is “High”, the system is classified as “High”.
Explanation:
Sessions keys are used for a single session and are then discarded, as is the one-time pad. Additionally,
each session key must be statistically unpredictable and unrelated to the previous key, as the one-time
pad requires, as well. Any technology that takes advantage of a short-term password or key can ultimately
be traced back to the one-time pad. Asymmetric Cryptography is often used to provide secure session key
exchange. Digital signatures are used to verify a message sender and content. IPSec handshaking is used
to establish a secure channel.
Explanation:
Non-repudiation is the combination of authenticity and integrity and is implemented through the use of
digital signatures. Privacy is involved in protecting private data from disclosure. Authorization is granting
users access rights to objects.
Explanation:
A digital signature provides non-repudiation (a combination of integrity and authenticity) for a message.
With a digital signature, the message is hashed with a hashing algorithm like SHA-1 or SHA-256. The hash
is then encrypted with the sender’s private key using an algorithm like RSA. The recipient decrypts the signature
with the sender’s public key and recalculates the hash from the message. If the two match then both the sender
and the message’s contents are authenticated.
Explanation:
Hashes are based on one-way math e.g. math that is very easy to perform one way, but exceedingly difficult
to reverse. Passwords are frequently stored as hashes for this reason. If a password is forgotten, a network
administrator can’t view the password, though they can reset it.
Explanation:
A birthday attack is based on the idea that it is easier to find two hashes that just happen to match rather than
trying to produce a specific hash. It is called a birthday attack based on the fact that it is easier to find two people
in a group whose birthdays just happen to match, rather than someone with a specific birthday.
