CISSP Exam Questions Tutorials

 If an identification process using a biometric system detects a 100% match between a presented template and a stored template, the interpretation of this result is suspected tampering. A biometric system is a system that uses physical or behavioral characteristics of a person to verify their identity, such as fingerprint, iris, voice, or face. A biometric system compares the presented template, which is the biometric data captured from the person at the time of identification, with the stored template, which is the biometric data enrolled and stored in the system database. A biometric system usually does not produce a 100% match, as there are always some variations or errors in the biometric data due to environmental, physiological, or technical factors. A biometric system uses a threshold or a tolerance level to determine whether the match is acceptable or not. A 100% match is very unlikely and suspicious, as it may indicate that someone has tampered with the biometric system or the biometric data, such as by copying, modifying, or spoofing the stored template or the presented template12 References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5: Identity and Access Management, p. 267; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 5: Identity and Access Management, p. 647.

When planning a penetration test, the tester will be most interested in the exploits that can attack the weaknesses of the target system or network. Exploits are the techniques or tools that take advantage of the vulnerabilities to compromise the security or functionality of the system or network. The tester will use the exploits to simulate a real attack and test the effectiveness of the security controls and defenses.

• A. Places to install back doors is not the information that the tester will be most interested in when planning a penetration test, but rather the possible outcome or objective of the test. Back doors are the hidden or unauthorized access points that allow the attacker to bypass the security mechanisms and gain persistent access to the system or network.
• B. The main network access points is not the information that the tester will be most interested in when planning a penetration test, but rather the preliminary information that the tester will need to obtain during the reconnaissance phase of the test. The main network access points are the devices or interfaces that connect the network to other networks or the internet, such as routers, switches, firewalls, or gateways.
• C. Job application handouts and tours is not the information that the tester will be most interested in when planning a penetration test, but rather the potential source of information that the tester could use for social engineering or physical penetration. Job application handouts and tours are the materials or activities that the organization provides to the prospective employees or visitors, which could reveal some details about the organization’s structure, culture, or operations.

References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7, page 424; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 7, page 378

According to the CISSP CBK Official Study Guide, the countermeasure that is the most effective in defending against a social engineering attack is changing individual behavior. A social engineering attack is an attack that exploits or manipulates the human or the psychological aspects of the system or the network, such as the trust, curiosity, or greed of the users or the employees, rather than the technical or the logical aspects of the system or the network, such as the hardware, software, or firmware of the system or the network. A social engineering attack may use various techniques or methods, such as the phishing, the baiting, or the pretexting of the users or the employees, to persuade or deceive them into performing or disclosing something that may compromise or harm the security or the integrity of the system or the network, such as the passwords, usernames, or data of the system or the network. The countermeasure that is the most effective in defending against a social engineering attack is changing individual behavior, as it addresses or targets the root cause or the source of the social engineering attack, which is the human or the psychological aspect of the system or the network, such as the trust, curiosity, or greed of the users or the employees. Changing individual behavior is the process of modifying or altering the actions or the reactions of the users or the employees, by using or applying the appropriate methods or mechanisms, such as the education, training, or awareness of the users or the employees. Changing individual behavior helps to prevent or mitigate the social engineering attack, as it reduces or eliminates the vulnerability or the susceptibility of the users or the employees to the social engineering attack, by increasing or enhancing their knowledge, skills, or awareness of the social engineering attack, as well as their ability, confidence, or readiness to resist or respond to the social engineering attack. Mandating security policy acceptance is not the countermeasure that is the most effective in defending against a social engineering attack, although it may be a benefit or a consequence of changing individual behavior.

The best configuration management practice is to create and maintain a baseline configuration for all relevant systems. A baseline configuration is a documented and approved set of specifications and settings for a system or component that serves as a standard for comparison and evaluation. A baseline configuration can help ensure the consistency, security, and performance of the system or component, as well as facilitate the identification and resolution of any deviations or issues. A baseline configuration should be updated and reviewed regularly to reflect the changes and improvements made to the system or component12 References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7: Security Operations, p. 456; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 7: Security Operations, p. 869.