Free Practice Questions for ISC CISSP Exam

Temporal Key Integrity Protocol (TKIP) supports multicast and broadcast messages by using a group temporal key that is shared by all the devices in the same wireless network. This key is used to encrypt and decrypt the messages that are sent to multiple recipients at once. TKIP also supports unicast messages by using a pairwise temporal key that is unique for each device and session. TKIP does not support coordination of IEEE 802.11 protocols, as it is a protocol itself that was designed to replace WEP. TKIP is compatible with WEP systems, but it does not support them, as it provides more security features than WEP. TKIP does not support synchronization of multiple devices, as it does not provide any clock or time synchronization mechanism . References: 1: Temporal Key Integrity Protocol - Wikipedia 2: Wi-Fi Security: Should You Use WPA2-AES, WPA2-TKIP, or Both? - How-To Geek

 The first step to take when implementing a patch management program is to create a system inventory. A system inventory is a comprehensive list of all the hardware and software assets in the organization, such as servers, workstations, laptops, mobile devices, routers, switches, firewalls, operating systems, applications, firmware, etc. A system inventory helps to identify the scope and complexity of the patch management program, as well as the current patch status and vulnerabilities of each asset. A system inventory also helps to prioritize and schedule patch deployment, monitor patch compliance, and report patch performance56. References: 5: Patch Management Best Practices76: Patch Management Process8

 Data validation is a method used to prevent Structured Query Language (SQL) injection attacks, which are a type of web application attack that exploit the input fields of a web form to inject malicious SQL commands into the underlying database. Data validation involves checking the input data for any illegal or unexpected characters, such as quotes, semicolons, or keywords, and rejecting or sanitizing them before passing them to the database34. References: 3: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 6, page 6604: CISSP For Dummies, 7th Edition, Chapter 6, page 199.

 The primary concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system is the availability of the network connection. An ATM system relies on a network connection to communicate with the bank’s servers and process the transactions of the customers. If the network connection is disrupted, degraded, or compromised, the ATM system may not be able to function properly, or may expose the customers’ data or money to unauthorized access or theft. Therefore, a security assessment for an ATM system should focus on ensuring that the network connection is reliable, resilient, and secure, and that there are backup or alternative solutions in case of network failure12. References: 1: ATM Security: Best Practices for Automated Teller Machines32: ATM Security: A Comprehensive Guide4

 The Transport layer of the Open Systems Interconnection (OSI) model implementation adds information concerning the logical connection between the sender and receiver. The Transport layer is responsible for establishing, maintaining, and terminating the end-to-end communication between two hosts, as well as ensuring the reliability, integrity, and flow control of the data. The Transport layer uses protocols such as TCP and UDP to provide connection-oriented or connectionless services, and adds headers that contain information such as source and destination ports, sequence and acknowledgment numbers, and checksums . References: : CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5, page 499. : CISSP For Dummies, 7th Edition, Chapter 5, page 145.

From a security perspective, the assumption that must be made about input to an application is that it is untrusted. Untrusted input is any data or information that is provided by an external or an unknown source, such as a user, a client, a network, or a file, and that is not validated or verified by the application before being processed or used by the application. Untrusted input can pose a serious security risk for the application, as it can contain or introduce malicious or harmful content or commands, such as malware, viruses, worms, trojans, or SQL injection, that can compromise or damage the confidentiality, the integrity, or the availability of the application, or the data or the systems that are connected to the application. Therefore, from a security perspective, the assumption that must be made about input to an application is that it is untrusted, and that it should be treated with caution and suspicion, and that it should be subjected to various security controls or mechanisms, such as input validation, input sanitization, input filtering, or input encoding, before being processed or used by the application. Input validation is the process or the technique of checking or verifying that the input meets the expected or the required format, type, length, range, or value, and that it does not contain or introduce any invalid or illegal characters, symbols, or commands. Input sanitization is the process or the technique of removing or modifying any invalid or illegal characters, symbols, or commands from the input, or replacing them with valid or legal ones, to prevent or mitigate any potential attacks or vulnerabilities. Input filtering is the process or the technique of allowing or blocking the input based on a predefined or a configurable set of rules or criteria, such as a whitelist or a blacklist, to prevent or mitigate any unwanted or unauthorized input. Input encoding is the process or the technique of transforming or converting the input into a different or a standard format or representation, such as HTML, URL, or Base64, to prevent or mitigate any interpretation or execution of the input by the application or the system. It is tested, it is logged, and it is verified are not the assumptions that must be made about input to an application from a security perspective, although they may be related or possible aspects or outcomes of input to an application. It is tested is an aspect or an outcome of input to an application, as it implies that the input has been subjected to various tests or evaluations, such as unit testing, integration testing, or penetration testing, to verify or validate the functionality and the quality of the input, as well as to detect or report any errors, bugs, or vulnerabilities in the input. However, it is tested is not an assumption that must be made about input to an application from a security perspective, as it is not a precautionary or a preventive measure to protect the application from untrusted input, and it may not be true or applicable for all input to an application. It is logged is an aspect or an outcome of input to an application, as it implies that the input has been recorded or stored in a log file or a database, along with other relevant information or metadata, such as the source, the destination, the timestamp, or the status of the input, to provide a trace or a history of the input, as well as to support the audit and the compliance activities. However, it is logged is not an assumption that must be made about input to an application from a security perspective, as it is not a precautionary or a preventive measure to protect the application from untrusted input, and it may not be true or applicable for all input to an application. It is verified is an aspect or an outcome of input to an application, as it implies that the input has been confirmed or authenticated by the application or the system, using various security controls or mechanisms, such as digital signatures, certificates, or tokens, to ensure the integrity and the authenticity of the input, as well as to prevent or mitigate any tampering or spoofing of the input. However, it is verified is not an assumption that must be made about input to an application from a security perspective, as it is not a precautionary or a preventive measure to protect the application from untrusted input, and it may not be true or applicable for all input to an application. 

The best technique to address the threat of an imminent DDoS attack targeting a web application is to coordinate with and utilize the capabilities within the ISP. A DDoS attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. A DDoS attack can cause severe damage to the availability, performance, and reputation of the web application, as well as incur financial losses and legal liabilities. Therefore, it is important to have a DDoS mitigation strategy in place to prevent or minimize the impact of such attacks. One of the most effective ways to mitigate DDoS attacks is to leverage the capabilities of the ISP, as they have more resources, bandwidth, and expertise to handle large volumes of traffic and filter out malicious packets. The ISP can also provide additional services such as traffic monitoring, alerting, reporting, and analysis, as well as assist with the investigation and prosecution of the attackers. The ISP can also work with other ISPs and network operators to coordinate the response and share information about the attack. The other options are not the best techniques to address the threat of an imminent DDoS attack, as they may not be sufficient, timely, or scalable to handle the attack. Deploying load balancers, setting up web application firewalls, and implementing reverse web-proxies are some of the measures that can be taken at the application level to improve the resilience and security of the web application, but they may not be able to cope with the magnitude and complexity of a DDoS attack, especially if the attack targets the network layer or the infrastructure layer. Moreover, these measures may require more time, cost, and effort to implement and maintain, and may not be feasible to deploy in a short notice. References: What is a distributed denial-of-service (DDoS) attack?; What is a DDoS Attack? DDoS Meaning, Definition & Types | Fortinet; Denial-of-service attack - Wikipedia.

In a change-controlled environment, the activity that is most likely to lead to unauthorized changes to production programs is promoting programs to production without approval. A change-controlled environment is an environment that follows a specific process or a procedure for managing and tracking the changes to the hardware and software components of a system or a network, such as the configuration, the functionality, or the security of the system or the network. A change-controlled environment can provide some benefits for security, such as enhancing the performance and the functionality of the system or the network, preventing or mitigating some types of attacks or vulnerabilities, and supporting the audit and the compliance activities. A change-controlled environment can involve various steps and roles, such as:

Change request, which is the initiation or the proposal of a change to the system or the network, by a user, a developer, a manager, or another stakeholder. A change request should include the details and the justification of the change, such as the scope, the purpose, the impact, the cost, or the risk of the change.

Change review, which is the evaluation or the assessment of the change request, by a group of experts or advisors, such as the change manager, the change review board, or the change advisory board. A change review should include the decision and the feedback of the change request, such as the approval, the rejection, the modification, or the postponement of the change request.

Change development, which is the implementation or the execution of the change request, by a group of developers or programmers, who are responsible for creating or modifying the code or the program of the system or the network, according to the specifications and the requirements of the change request.

Change testing, which is the verification or the validation of the change request, by a group of testers or analysts, who are responsible for checking or confirming the functionality and the quality of the code or the program of the system or the network, according to the standards and the criteria of the change request.

Change deployment, which is the installation or the integration of the change request, by a group of administrators or operators, who are responsible for moving or transferring the code or the program of the system or the network, from the development or the testing environment to the production or the operational environment, according to the schedule and the plan of the change request.

Promoting programs to production without approval is the activity that is most likely to lead to unauthorized changes to production programs, as it violates the change-controlled environment process and procedure, and it introduces potential risks or issues to the system or the network. Promoting programs to production without approval means that the code or the program of the system or the network is moved or transferred from the development or the testing environment to the production or the operational environment, without obtaining the necessary or the sufficient authorization or consent from the relevant or the responsible parties, such as the change manager, the change review board, or the change advisory board. Promoting programs to production without approval can lead to unauthorized changes to production programs, as it can result in the following consequences:

The code or the program of the system or the network may not be fully or properly tested or verified, and it may contain errors, bugs, or vulnerabilities that may affect the functionality or the quality of the system or the network, or that may compromise the security or the integrity of the system or the network.

The code or the program of the system or the network may not be compatible or interoperable with the existing or the expected components or features of the system or the network, and it may cause conflicts, disruptions, or failures to the system or the network, or to the users or the customers of the system or the network.

The code or the program of the system or the network may not be documented or recorded, and it may not be traceable or accountable, and it may not be aligned or compliant with the policies or the standards of the system or the network, or of the organization or the industry.

Network Access Control (NAC) is a technology that enforces security policies and controls on the devices that attempt to access a network. NAC can verify the identity and compliance of the devices, and grant or deny access based on predefined rules and criteria. NAC can also place the devices into different domains or segments, depending on their security posture and role. One of the domains that NAC can create is the isolated domain, which is a restricted network segment that isolates the devices that do not meet the security requirements or pose a potential threat to the network. The devices in the isolated domain have limited or no access to the network resources, and are subject to remediation actions. Remediation is the process of fixing or improving the security status of the devices, by applying the necessary updates, patches, configurations, or software. Remediation can be performed automatically by the NAC system, or manually by the device owner or administrator. Therefore, the best thing that can be done on a device that is placed into an isolated domain by NAC is to apply remediation’s according to the security requirements, which can restore the device’s compliance and enable it to access the network normally. 

The primary goal of fault tolerance is to eliminate single point of failure, which is any component or resource that is essential for the operation or the functionality of a system or a network, and that can cause the entire system or network to fail or malfunction if it fails or malfunctions itself. Fault tolerance is the ability of a system or a network to suffer a fault but continue to operate, by adding redundant or backup components or resources that can take over or replace the failed or malfunctioning component or resource, without affecting the performance or the quality of the system or network. Fault tolerance can provide some benefits for security, such as enhancing the availability and the reliability of the system or network, preventing or mitigating some types of attacks or vulnerabilities, and supporting the audit and the compliance activities. Fault tolerance can be implemented using various methods or techniques, such as:

Redundant Array of Independent Disks (RAID), which is a method or a technique of storing data on multiple disks or drives, using different levels or schemes of data distribution or replication, such as mirroring, striping, or parity, to improve the performance or the fault tolerance of the disk storage system, and to protect the data from disk failure or corruption.

Failover clustering, which is a method or a technique of grouping two or more servers or nodes, using a shared storage device and a network connection, to provide high availability or fault tolerance for a service or an application, by allowing one server or node to take over or replace another server or node that fails or malfunctions, without affecting the service or the application.

Load balancing, which is a method or a technique of distributing the workload or the traffic among multiple servers or nodes, using a device or a software that acts as a mediator or a coordinator, to improve the performance or the fault tolerance of the system or network, by preventing or mitigating the overload or the congestion of any server or node, and by allowing the replacement or the addition of any server or node, without affecting the system or network.

Isolation using a sandbox, single point of repair, and containment to prevent propagation are not the primary goals of fault tolerance, although they may be related or possible outcomes or benefits of fault tolerance. Isolation using a sandbox is a security concept or technique that involves executing or testing a program or a code in a separate or a restricted environment, such as a virtual machine or a container, to protect the system or the network from any potential harm or damage that the program or the code may cause, such as malware, viruses, worms, or trojans. Isolation using a sandbox can provide some benefits for security, such as enhancing the confidentiality and the integrity of the system or the network, preventing or mitigating some types of attacks or vulnerabilities, and supporting the audit and the compliance activities. However, isolation using a sandbox is not the primary goal of fault tolerance, as it is not a method or a technique of adding redundant or backup components or resources to the system or the network, and it does not address the availability or the reliability of the system or the network. Single point of repair is a security concept or technique that involves identifying or locating the component or the resource that is responsible for the failure or the malfunction of the system or the network, and that can restore or recover the system or the network if it is repaired or replaced, such as a disk, a server, or a router. Single point of repair can provide some benefits for security, such as enhancing the availability and the reliability of the system or the network, preventing or mitigating some types of attacks or vulnerabilities, and supporting the audit and the compliance activities. However, single point of repair is not the primary goal of fault tolerance, as it is not a method or a technique of adding redundant or backup components or resources to the system or the network, and it does not prevent or eliminate the failure or the malfunction of the system or the network. Containment to prevent propagation is a security concept or technique that involves isolating or restricting the component or the resource that is affected or infected by a fault or an attack, such as a malware, a virus, a worm, or a trojan, to prevent or mitigate the spread or the transmission of the fault or the attack to other components or resources of the system or the network, such as by disconnecting, disabling, or quarantining the component or the resource. Containment to prevent propagation can provide some benefits for security, such as enhancing the confidentiality and the integrity of the system or the network, preventing or mitigating some types of attacks or vulnerabilities, and supporting the audit and the compliance activities. However, containment to prevent propagation is not the primary goal of fault tolerance, as it is not a method or a technique of adding redundant or backup components or resources to the system or the network, and it does not ensure or improve the performance or the quality of the system or the network.

The data owner is the person who has the authority and responsibility for the data stored, processed, or transmitted by an Information System (IS). The data owner is responsible for the monetary losses if there was a data breach, as the data owner is accountable for the security, quality, and integrity of the data, as well as for defining the classification, sensitivity, retention, and disposal of the data. The Data Protection Authority (DPA) is not responsible for the monetary losses, but for the enforcement of the data protection laws and regulations. The Cloud Service Provider (CSP) is not responsible for the monetary losses, but for the provision of the cloud services and the protection of the cloud infrastructure. The application developers are not responsible for the monetary losses, but for the development and maintenance of the software applications. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1: Security and Risk Management, page 48; Official (ISC)2 Guide to the CISSP CBK, Fifth Edition, Chapter 1: Security and Risk Management, page 40.

The best location in a network to place Virtual Private Network (VPN) devices when an internal review reveals network design flaws in remote access is in a dedicated Demilitarized Zone (DMZ). A DMZ is a network segment that is located between the internal network and the external network, such as the internet. A DMZ is used to host the services or devices that need to be accessed by both the internal and external users, such as web servers, email servers, or VPN devices. A VPN device is a device that enables the establishment of a VPN, which is a secure and encrypted connection between two networks or endpoints over a public network, such as the internet. Placing the VPN devices in a dedicated DMZ can help to improve the security and performance of the remote access, as well as to isolate the VPN devices from the internal network and the external network. Placing the VPN devices in its own separate VLAN, at the ISP, or outside the external firewall are not the best locations, as they may expose the VPN devices to more risks, reduce the control over the VPN devices, or create a single point of failure for the remote access. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 6: Communication and Network Security, page 729; Official (ISC)2 Guide to the CISSP CBK, Fifth Edition, Chapter 4: Communication and Network Security, page 509.

Stateful firewalls differ from static packet filtering firewalls by being aware of the difference between a new and an established connection. A stateful firewall is a firewall that keeps track of the state of network connections and transactions, and uses this information to make filtering decisions. A stateful firewall maintains a state table that records the source and destination IP addresses, port numbers, protocols, and sequence numbers of each connection. A stateful firewall can distinguish between a new connection, which requires a three-way handshake to be completed, and an established connection, which has already completed the handshake and is ready to exchange data. A stateful firewall can also detect when a connection is terminated or idle, and remove it from the state table. A stateful firewall can provide more security and efficiency than a static packet filtering firewall, which only examines the header of each packet and compares it to a set of predefined rules. A static packet filtering firewall does not keep track of the state of connections, and cannot differentiate between new and established connections. A static packet filtering firewall may allow or block packets based on the source and destination IP addresses, port numbers, and protocols, but it cannot inspect the payload or the sequence numbers of the packets. A static packet filtering firewall may also be vulnerable to spoofing or flooding attacks, as it cannot verify the authenticity or validity of the packets. The other options are not aspects that stateful firewalls are aware of, but static packet filtering firewalls are not. Both types of firewalls can check the originating network location of the packets, but they cannot check the difference between a malicious and a benign packet payload, or the originating application session of the packets. References: Stateless vs Stateful Packet Filtering Firewalls - GeeksforGeeks; Stateful vs Stateless Firewall: Differences and Examples - Fortinet; Stateful Inspection Firewalls Explained - Palo Alto Networks.

A Trusted Platform Module (TPM) is a secure processor targeted at managing digital keys and accelerating digital signing. A TPM is a cryptoprocessor chip that is embedded on a motherboard or a device, and that provides a secure and trustworthy environment for the execution and the storage of cryptographic operations and keys. A TPM can provide some benefits for security, such as enhancing the confidentiality and integrity of the data and the code, preventing unauthorized modifications or tampering, and enabling remote attestation or verification. A TPM can perform various functions, such as:

Generating and storing digital keys, such as asymmetric keys, symmetric keys, or hash keys, in a non-volatile and tamper-resistant storage. A TPM can also protect the keys from being exported or copied, and can use them for encryption, decryption, signing, or verification purposes.

Accelerating digital signing, which is the process of generating and attaching a digital signature to a message or a document, using a cryptographic algorithm and a private key, to verify the authenticity and the integrity of the sender and the data. A TPM can speed up the digital signing process by using a dedicated hardware module, rather than a software application, and by using a secure and fast algorithm, such as RSA or ECC.

Measuring and reporting the state of a computing platform, which is the process of collecting and verifying the information about the hardware and software components of a system or a device, such as the BIOS, the boot loader, the operating system, or the applications. A TPM can measure the state of a computing platform by using a mechanism called Trusted Boot, which involves creating and storing a hash or a digest of each component as it is loaded, and comparing it with a known and trusted value. A TPM can also report the state of a computing platform by using a mechanism called Remote Attestation, which involves sending the hash or the digest of each component to a remote verifier, who can check the validity and the trustworthiness of the system or the device.

A non-volatile tamper-resistant storage for storing both data and signing keys in a secure fashion, a protected Pre-Basic Input/Output System (BIOS) which specifies a method or a metric for “measuring” the state of a computing platform, and a platform-independent software interface for accessing computer functions are not part of a TPM, although they may be related or useful concepts or techniques. A non-volatile tamper-resistant storage for storing both data and signing keys in a secure fashion is a feature or a component of a TPM, but it is not the whole TPM. A non-volatile tamper-resistant storage is a type of memory or device that can retain the data and the keys even when the power is off, and that can resist physical or logical attacks or modifications. A non-volatile tamper-resistant storage can provide some benefits for security, such as enhancing the availability and the integrity of the data and the keys, preventing data loss or corruption, and facilitating the recovery and the restoration process. A protected Pre-Basic Input/Output System (BIOS) which specifies a method or a metric for “measuring” the state of a computing platform is a function or a result of a TPM, but it is not the whole TPM. A protected Pre-Basic Input/Output System (BIOS) is a firmware or a software that is responsible for initializing and testing the hardware and software components of a system or a device, and for loading and executing the operating system. A protected Pre-Basic Input/Output System (BIOS) can provide some benefits for security, such as enhancing the performance and the functionality of the system or the device, preventing or mitigating some types of attacks or vulnerabilities, and supporting the audit and the compliance activities. A platform-independent software interface for accessing computer functions is a concept or a technique that is related to a TPM, but it is not the whole TPM. A platform-independent software interface is a software component or a layer that allows a user or an application to access and use the functions or the features of a computer system or a device, regardless of the type or the nature of the system or the device, such as the hardware, the software, or the operating system. A platform-independent software interface can provide some benefits for security, such as enhancing the usability and the interoperability of the system or the device, supporting the encryption and the authentication mechanisms, and enabling the segmentation and isolation of the system or the device.

The most effective method of mitigating the vulnerability of hard-coded session keys is to use the Diffle-Hellman (DH) algorithm. The DH algorithm is a key exchange protocol that allows two parties to establish a shared secret key over an insecure channel, without revealing the key to anyone else. The DH algorithm uses the mathematical properties of modular arithmetic and discrete logarithms to generate the key. The DH algorithm can be used to create a session key for each communication session, instead of using a hard-coded key that is fixed and static. This can prevent an attacker from extracting the key from the client or server applications, or from intercepting the key during the transmission. The DH algorithm can also provide forward secrecy, which means that the compromise of one session key does not affect the security of the previous or future session keys. Elliptic Curve Cryptography (ECC) algorithm, Digital Signature algorithm (DSA), and Rivest-Shamir-Adleman (RSA) algorithm are not the most effective methods of mitigating the vulnerability of hard-coded session keys, although they may be related or useful cryptographic techniques. ECC algorithm is a type of public key cryptography that uses the mathematical properties of elliptic curves to generate public and private keys. ECC algorithm can provide the same level of security as other public key algorithms, such as RSA, but with smaller key sizes and faster computations. ECC algorithm can be used for key exchange, encryption, or digital signatures, but it does not directly address the issue of hard-coded session keys. DSA algorithm is a type of public key cryptography that is used for digital signatures. DSA algorithm uses the mathematical properties of modular arithmetic and discrete logarithms to generate public and private keys, and to sign and verify messages. DSA algorithm can provide authentication, integrity, and non-repudiation, but it does not provide encryption or key exchange, and it does not directly address the issue of hard-coded session keys. RSA algorithm is a type of public key cryptography that is used for encryption, decryption, or digital signatures. RSA algorithm uses the mathematical properties of prime numbers and modular arithmetic to generate public and private keys, and to encrypt and decrypt messages, or to sign and verify messages. RSA algorithm can provide confidentiality, authentication, integrity, and non-repudiation, but it does not directly address the issue of hard-coded session keys.