Newly Released ISC CISSP Exam PDF

The role that has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization is the data owner. A data owner is a person or an entity that has the authority or the responsibility for the data or the information within an organization, and that determines or defines the classification, the usage, the protection, or the retention of the data or the information. A data owner has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization, as the data owner is ultimately accountable or liable for the security or the quality of the data or the information, regardless of who processes or handles the data or the information. A data owner can ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization, by performing the tasks or the functions such as conducting due diligence, establishing service level agreements, defining security requirements, monitoring performance, or auditing compliance. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 2, page 61; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 2, page 67

 Incorporating business continuity concepts effectively into an organization requires developing training and awareness programs that involve all stakeholders. This ensures that everyone understands their roles, responsibilities, and actions required during a disruption or crisis. References: CISSP Official (ISC)2 Practice Tests, Chapter 9, page 249; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 9, page 440

According to the CISSP CBK Official Study Guide1, an information librarian is responsible for managing, maintaining, and protecting the organization’s knowledge resources, including ensuring that media (such as hard drives, USBs, CDs) are free from corruption or contamination to protect the enterprise’s data integrity. An information librarian is also responsible for cataloging, indexing, and classifying the media, as well as providing access and retrieval services to the authorized users. An information librarian may also perform backup, recovery, and disposal of the media, as well as monitor and audit the usage and security of the media. An information security practitioner is not the operations role that is responsible for protecting the enterprise from corrupt or contaminated media, although they may be involved in defining and enforcing the policies and standards for the media security. An information security practitioner is a general term for a person who performs various functions and tasks related to the information security of the organization, such as planning, designing, implementing, testing, operating, or auditing the information security systems and controls. An information security practitioner may also provide guidance, advice, and training to the other roles and stakeholders on the information security matters. A computer operator is not the operations role that is responsible for protecting the enterprise from corrupt or contaminated media, although they may be involved in using and handling the media. A computer operator is a person who operates and controls the computer systems and devices of the organization, such as the servers, workstations, printers, or scanners. A computer operator may also perform tasks such as loading and unloading the media, running and monitoring the programs and applications, troubleshooting and resolving the errors and problems, and reporting and documenting the activities and incidents. A network administrator is not the operations role that is responsible for protecting the enterprise from corrupt or contaminated media, although they may be involved in configuring and connecting the media. A network administrator is a person who administers and manages the network systems and devices of the organization, such as the routers, switches, firewalls, or wireless access points. A network administrator may also perform tasks such as installing and updating the network software and hardware, setting and maintaining the network parameters and security, optimizing and troubleshooting the network performance and availability, and supporting and assisting the network users and clients. References: 1

Secure Sockets Layer (SSL) is the only option that secures web transactions at the transport layer of the OSI model. SSL is a protocol or a standard that provides security and privacy for the data or the messages exchanged between a web browser and a web server, or between any two applications that use the TCP/IP protocol. SSL uses cryptographic techniques, such as encryption, decryption, hashing, and digital signatures, to protect the confidentiality, integrity, and authenticity of the data or the messages. SSL also uses certificates and public key infrastructure (PKI) to establish the identity and the trustworthiness of the parties involved in the web transactions.

• A. Secure HyperText Transfer Protocol (S-HTTP) is not a protocol or a standard that secures web transactions at the transport layer of the OSI model, but rather a protocol or a standard that secures web transactions at the application layer of the OSI model. S-HTTP is a protocol or a standard that provides security and privacy for the individual messages or requests within a web transaction, such as a web page, a form, or a file, by using cryptographic techniques, such as encryption, decryption, hashing, and digital signatures. S-HTTP is not widely used, and it is not compatible with SSL or its successor, Transport Layer Security (TLS).
• C. Socket Security (SOCKS) is not a protocol or a standard that secures web transactions at the transport layer of the OSI model, but rather a protocol or a standard that enables web transactions across different network protocols or architectures, by using a proxy server. SOCKS is a protocol or a standard that allows applications to communicate with other applications on a different network, without requiring any changes to the applications or the networks. SOCKS can provide some security features, such as authentication or encryption, but it is not designed to secure web transactions.
• D. Secure Shell (SSH) is not a protocol or a standard that secures web transactions at the transport layer of the OSI model, but rather a protocol or a standard that secures remote access or administration of a system or a network, by using a secure channel. SSH is a protocol or a standard that provides security and privacy for the commands or the data exchanged between a client and a server, or between two systems or networks, by using cryptographic techniques, such as encryption, decryption, hashing, and digital signatures. SSH also uses public key authentication and key exchange to establish the identity and the trustworthiness of the parties involved in the remote access or administration.

References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 4, page 215; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 4, page 182