Selected CISSP ISC 2 Credentials Questions Answers

The correct order of steps in an information security assessment is:

• Step 1: Define the perimeter
• Step 2: Identify the vulnerability
• Step 3: Assess the risk
• Step 4: Determine the actions

Comprehensive Explanation: An information security assessment is a process of evaluating the security posture of a system, network, or organization. It involves four main steps:

• Define the perimeter: This step involves defining the scope, objectives, and criteria of the assessment, as well as identifying the assets, boundaries, and stakeholders of the system.
• Identify the vulnerability: This step involves collecting and analyzing data from various sources, such as interviews, documents, scans, tests, and audits, to identify the weaknesses and gaps in the system’s security controls.
• Assess the risk: This step involves estimating the likelihood and impact of the threats exploiting the vulnerabilities, and calculating the level of risk for each scenario.
• Determine the actions: This step involves prioritizing the risks and recommending the appropriate actions to mitigate or eliminate them, such as applying patches, implementing policies, or changing configurations.

References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7: Security Assessment and Testing, page 853; Official (ISC)2 Guide to the CISSP CBK, Fifth Edition, Chapter 6: Security Assessment and Testing, page 791.

A benefit in implementing an enterprise Identity and Access Management (IAM) solution is that the risk associated with orphan accounts is reduced. An orphan account is an account that belongs to a user who has left the organization or changed roles, but the account has not been deactivated or deleted. An orphan account poses a security risk, as it can be exploited by unauthorized users or attackers to gain access to the system or data. An enterprise IAM solution is a system that manages the identification, authentication, authorization, and provisioning of users and devices across the organization. An enterprise IAM solution can help to reduce the risk associated with orphan accounts by automating the account lifecycle management, such as creating, updating, suspending, or deleting accounts based on the user status, role, or policy. An enterprise IAM solution can also help to monitor and audit the account activity, and to detect and remediate any orphan accounts. Password requirements are simplified, segregation of duties is automatically enforced, and data confidentiality is increased are all possible benefits or features of an enterprise IAM solution, but they are not the best answer to the question. Password requirements are simplified by an enterprise IAM solution that supports single sign-on (SSO) or federated identity management (FIM), which allow the user to access multiple systems or applications with one set of credentials. Segregation of duties is automatically enforced by an enterprise IAM solution that implements role-based access control (RBAC) or attribute-based access control (ABAC), which grant or deny access to resources based on the user role or attributes. Data confidentiality is increased by an enterprise IAM solution that encrypts or masks the sensitive data, or applies data loss prevention (DLP) or digital rights management (DRM) policies to the data. 

The best technique to address the threat of an imminent DDoS attack targeting a web application is to coordinate with and utilize the capabilities within the ISP. A DDoS attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. A DDoS attack can cause severe damage to the availability, performance, and reputation of the web application, as well as incur financial losses and legal liabilities. Therefore, it is important to have a DDoS mitigation strategy in place to prevent or minimize the impact of such attacks. One of the most effective ways to mitigate DDoS attacks is to leverage the capabilities of the ISP, as they have more resources, bandwidth, and expertise to handle large volumes of traffic and filter out malicious packets. The ISP can also provide additional services such as traffic monitoring, alerting, reporting, and analysis, as well as assist with the investigation and prosecution of the attackers. The ISP can also work with other ISPs and network operators to coordinate the response and share information about the attack. The other options are not the best techniques to address the threat of an imminent DDoS attack, as they may not be sufficient, timely, or scalable to handle the attack. Deploying load balancers, setting up web application firewalls, and implementing reverse web-proxies are some of the measures that can be taken at the application level to improve the resilience and security of the web application, but they may not be able to cope with the magnitude and complexity of a DDoS attack, especially if the attack targets the network layer or the infrastructure layer. Moreover, these measures may require more time, cost, and effort to implement and maintain, and may not be feasible to deploy in a short notice. References: What is a distributed denial-of-service (DDoS) attack?; What is a DDoS Attack? DDoS Meaning, Definition & Types | Fortinet; Denial-of-service attack - Wikipedia.

A shock sensor is a type of alarm system that detects intrusions through windows by sensing the vibrations or impacts caused by breaking glass or forced entry. A shock sensor is recommended for a high-noise, occupied environment, as it is less prone to false alarms caused by ambient noise or movement. A shock sensor can be mounted on the window frame or glass, and can be configured to trigger an alarm or a notification when a certain threshold of vibration or impact is exceeded. A shock sensor can also be combined with other types of sensors, such as magnetic contacts or glass break detectors, to provide a layered defense. An acoustic sensor is a type of alarm system that detects intrusions through windows by listening to the sound of breaking glass or forced entry. An acoustic sensor is not recommended for a high-noise, occupied environment, as it can be easily triggered by other sources of noise, such as music, conversation, or traffic. An acoustic sensor can be placed near the window or in the room, and can be tuned to recognize the frequency and pattern of glass breaking sounds. A motion sensor is a type of alarm system that detects intrusions by sensing the movement or presence of an intruder in a protected area. A motion sensor is not recommended for a high-noise, occupied environment, as it can be triggered by legitimate occupants or authorized visitors. A motion sensor can be installed on the wall, ceiling, or floor, and can use different technologies, such as infrared, ultrasonic, microwave, or video, to detect motion. A photoelectric sensor is a type of alarm system that detects intrusions by sensing the interruption of a beam of light between a transmitter and a receiver. A photoelectric sensor is not recommended for a high-noise, occupied environment, as it can be triggered by objects or animals that cross the beam. A photoelectric sensor can be placed on the window or across the room, and can be configured to trigger an alarm or a notification when the beam is broken.