CISSP Questions Bank

The term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source is spoofing. Spoofing is a type of attack that involves impersonating or masquerading as a legitimate entity, such as a user, a device, or a network, by altering or falsifying the source or destination address of a packet3. Spoofing can be used to bypass authentication, gain unauthorized access, or launch other attacks, such as denial-of-service or man-in-the-middle. Man-in-the-middle, smurfing, and session redirect are not terms that refer to a technique of authenticating one machine to another by forging packets from a trusted source, as they are related to different types of attacks or techniques. Man-in-the-middle is an attack that involves intercepting and modifying the communication between two parties. Smurfing is an attack that involves sending a large number of ICMP echo requests to a network broadcast address, using a spoofed source address of the intended victim. Session redirect is a technique that involves changing the destination address of a packet to redirect it to a different location. References: 3: Official (ISC)2 CISSP CBK Reference, 5th Edition, Chapter 4, page 199. : CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7, page 423.

The most important consideration when storing and processing PII is to adhere to the collection limitation laws and regulations that apply to the jurisdiction and context of the data processing. Collection limitation is a principle that states that PII should be collected only for a specific, legitimate, and lawful purpose, and only to the extent that is necessary for that purpose1. By following this principle, the data processor can minimize the amount of PII that is stored and processed, and reduce the risk of data breaches, misuse, or unauthorized access. Encrypting and hashing all PII, storing PII for no more than one year, and avoiding storing PII in a cloud service provider are also good practices for protecting PII, but they are not as important as adhering to the collection limitation laws and regulations. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5, page 290.

When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include proximity to high crime areas of the city. This factor increases the risk of theft, vandalism, sabotage, or other malicious acts that could damage or disrupt the data center operations. The other options are factors that decrease the level of vulnerability to physical threats, as they provide protection or deterrence against natural or human-made hazards. Hardened building construction with consideration of seismic factors (A) reduces the impact of earthquakes or other natural disasters. Adequate distance from and lack of access to adjacent buildings (B) prevents unauthorized entry or fire spread from neighboring structures. Curved roads approaching the data center © slow down the speed of vehicles and make it harder for attackers to ram or bomb the data center. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 10, page 637; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 10, page 699.

The main reason that system re-certification and re-accreditation are needed is to verify that the security protection of the system remains acceptable to the organizational security policy, especially after significant changes or updates to the system. Re-certification is the process of reviewing and testing the security controls of the system to ensure that they are still effective and compliant with the security policy. Re-accreditation is the process of authorizing the system to operate based on the results of the re-certification. The other options are not the main reason for system re-certification and re-accreditation, as they either do not relate to the security protection of the system (A and D), or do not involve re-certification and re-accreditation (B). References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 10, page 633; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 10, page 695.