Exactprep CISSP Questions

The thing that should exist in order to perform a security audit is an industry framework to audit against. A security audit is a systematic and independent examination of the security policies, procedures, controls, and practices of an organization, system, or network, to verify their compliance, effectiveness, and efficiency. A security audit requires an industry framework to audit against, which is a set of standards, guidelines, or best practices that define the security requirements, objectives, and criteria for the audit. An industry framework to audit against can help to establish the scope, methodology, and expectations of the security audit, as well as to measure and report the performance, gaps, and recommendations of the security audit. An industry framework to audit against can also help to ensure the consistency, reliability, and validity of the security audit, as well as to facilitate the comparison, benchmarking, and improvement of the security audit. Some examples of industry frameworks to audit against are ISO/IEC 27001, NIST SP 800-53, COBIT, or CIS Controls. An external (third-party) auditor, an internal certified auditor, and the neutrality of the auditor are not things that should exist in order to perform a security audit. These are some of the factors or attributes that may affect the quality, credibility, and independence of the security audit, but they are not prerequisites or conditions for the security audit. A security audit can be performed by an external or internal auditor, depending on the purpose, scope, and resources of the audit. A security audit can be performed by a certified or non-certified auditor, depending on the qualifications, skills, and experience of the auditor. A security audit should be performed by a neutral or unbiased auditor, to avoid any conflict of interest, influence, or pressure from the auditee or other parties. References: Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 1, Security and Risk Management, page 28. CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1, Security Governance Through Principles and Policies, page 29.

The most important rule for digital investigations is to ensure that the original data is never modified. Digital investigations are the processes of collecting, preserving, analyzing, and presenting digital evidence from various sources, such as computers, mobile devices, networks, or cloud services. Digital evidence is any data that can support or refute a hypothesis or claim related to a criminal or civil case. Digital evidence is often fragile, volatile, and easily altered or destroyed, either intentionally or unintentionally. Therefore, it is crucial to ensure that the original data is never modified during the digital investigation, to maintain its integrity and authenticity, and to avoid compromising its validity and admissibility in court. To ensure that the original data is never modified, the following steps should be followed:

• Use write blockers or read-only mode to prevent any changes to the data source.
• Make a bit-by-bit copy or image of the data source and verify its accuracy using hashing or checksum techniques.
• Store the original data source and the copy or image in a secure and tamper-evident location or container.
• Perform the analysis and examination on the copy or image, not on the original data source.
• Document and justify any changes or modifications made to the copy or image during the analysis and examination. References: CISSP All-in-One Exam Guide, Chapter 10: Legal, Regulations, Investigations, and Compliance, Section: Forensics, pp. 1326-1327.

The Content-Security-Policy (CSP) HTTP response header allows web server administrators to control the sources and types of content that can be loaded and executed by web browsers. By specifying a CSP policy, the web server can prevent the execution of inline JavaScript and the execution of eval()-type functions, which are often used by attackers to inject malicious code into web pages. This can help mitigate cross-site scripting (XSS) attacks, which are a common web application security threat. The other options are not relevant to this question. Strict-Transport-Security is a header that enforces the use of HTTPS connections. X-XSS-Protection is a header that enables the browser’s built-in XSS filter. X-Frame-Options is a header that prevents the web page from being loaded in a frame or iframe, which can help prevent clickjacking attacks. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8: Security Operations, page 1019. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 4: Security Architecture and Engineering, page 1020.

Email spoofing is a technique used to forge the origin of an email by altering the header fields, such as the sender’s address, name, or reply-to address. Email spoofing can be used for malicious purposes, such as phishing, spamming, or impersonating someone else. One technique used for spoofing the origin of an email that can successfully conceal the sender’s Internet Protocol (IP) address is onion routing. Onion routing is a method of anonymous communication that encrypts and routes the messages through multiple layers of intermediate nodes, called onion routers, before reaching the final destination. Each onion router only knows the previous and next hop of the message, but not the entire route or the origin and destination of the message. This way, the sender’s IP address is hidden from the recipient and any eavesdroppers. Therefore, the correct answer is C. The other options are incorrect because they are not techniques used for spoofing the origin of an email or concealing the sender’s IP address. Changing the In-Reply-To data can alter the email thread, but not the sender’s address. Web crawling is a process of collecting and indexing information from the web, not from emails. Virtual Private Network (VPN) is a technology that creates a secure and encrypted connection over a public network, but it does not spoof the origin of an email. References: Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 4: Communication and Network Security, Section: Secure Network Components, Subsection: Email Security; CISSP All-in-One Exam Guide, Eighth Edition, Chapter 4: Communication and Network Security, Section: Email Security.