ISC2 CISSP Practice Test

Discretionary Access Control (DAC) is the correct model because it allows the owner of a resource to have the discretion to grant or deny access to other subjects. In the given scenario, the data analysts are the owners of the documents they create and need to manage permissions themselves, which is the defining characteristic of DAC. Mandatory Access Control (MAC) is incorrect because access is determined by a central authority based on security labels, not the owner's choice. Role-Based Access Control (RBAC) is also incorrect as permissions are assigned based on a user's role within the organization, which may not align with the specific sharing needs for a given project.

Network Access Control (NAC) is the correct solution because it specifically addresses the requirement to verify endpoint security posture before allowing network access. NAC solutions perform health checks on connecting devices to ensure they meet security requirements such as having up-to-date antivirus, proper patch levels, and enabled host firewalls. Once verified, NAC systems can dynamically assign appropriate access policies.

VPN would provide secure remote access but lacks the endpoint health verification capabilities described in the requirement. While IDS/IPS can detect and prevent attacks, they don't typically verify endpoint security posture before granting network access. Network segmentation is a valuable security strategy but doesn't inherently include the capability to check endpoint security status before allowing network connections.

The correct answer is increased attack surface due to multiple processing nodes. Distributed systems by definition spread processing and data across multiple physical or virtual nodes, which inherently increases the attack surface compared to centralized systems. Each node in a distributed system represents a potential entry point for attackers, and securing all communication paths between nodes becomes more complex. This expanded perimeter requires additional security controls and coordination across the system. The other answers represent security concerns that may exist in both distributed and centralized systems, but they are not uniquely characteristic of distributed systems.

The correct answer is to notify the vendor privately with technical details and allow them time to develop a patch before public disclosure. This follows responsible disclosure principles that balance the need to protect users while giving vendors an opportunity to address the vulnerability. The ethical disclosure process typically includes privately notifying the vendor with technical details, giving them time to develop and test a fix (often 30-90 days depending on severity), and coordinating public disclosure after a patch is available. This approach minimizes risk to all users of the affected software while ensuring the vulnerability gets addressed.

The other options are problematic: Publishing technical details immediately before a patch exists puts all users at risk. Keeping the vulnerability secret and only applying your mitigation leaves other organizations vulnerable. Reporting to regulatory authorities and then contacting the vendor may delay remediation and does not follow standard coordinated disclosure workflows.

The best practice when traveling internationally with sensitive data is to use clean or loaner devices that contain minimal data required for the trip. This approach minimizes the risk exposure if the device is lost, stolen, or compromised through customs inspection or other means. It's a fundamental travel security practice that protects both the sensitive data and the organization's network. Using loaner devices means that even if the device is compromised, the impact is limited since it doesn't contain unnecessary sensitive information and isn't the employee's primary work device that regularly connects to the corporate network.

The correct answer is creating a bit-by-bit image using write blockers. When performing digital forensics, maintaining evidence integrity is paramount. A bit-by-bit image (also called a forensic image or bitstream copy) creates an exact duplicate of the original media at the binary level, including deleted files, slack space, and unallocated space. Write blockers are hardware or software tools that prevent any modifications to the original evidence during the imaging process, ensuring that the original data remains unchanged and maintaining the chain of custody. This approach preserves the integrity of the evidence and follows proper forensic procedures.

Hashing the original and the copy ensures that they are identical, which is part of the verification process but not the primary imaging method. Taking screenshots provides only visual evidence of visible data but doesn't capture hidden or deleted data. Running a virus scan on the original drive would potentially modify file access times and could destroy evidence, violating a fundamental principle of digital forensics: do not alter the original evidence.

The correct answer is Security mechanisms should be transparent enough that they don't unnecessarily impede legitimate users. The principle of balancing security with usability recognizes that security controls that are overly burdensome to legitimate users will likely be circumvented, potentially creating new vulnerabilities. Effective security should maintain protection while being as transparent as possible to authorized users. This aligns with the concept of economy of mechanism in security design, which emphasizes simplicity and usability.

Security mechanisms should be visibly present to discourage attackers is incorrect because while security visibility may have deterrent value in some contexts, it often conflicts with usability goals. Highly visible security mechanisms can create friction for legitimate users and don't necessarily improve actual security protection.

Security mechanisms should be designed primarily to make users feel protected is incorrect because the perception of security is less important than actual security effectiveness. Security mechanisms should provide real protection rather than just creating a feeling of safety, which could give users a false sense of security.

Security mechanisms should be complex enough to demonstrate thorough protection is incorrect because complexity typically contradicts good security design principles like economy of mechanism. Complex security mechanisms are generally less user-friendly, more difficult to implement correctly, and more likely to contain vulnerabilities. Effective security should be as simple as possible while achieving protection goals.

Subnets with associated network ACLs and security groups provide the most comprehensive segmentation solution. Subnets create logically isolated network segments within a VPC, while network ACLs act as stateless firewalls controlling traffic at the subnet level. Security groups function as stateful firewalls at the instance level. Together, they implement defense-in-depth by creating logical boundaries between application tiers.

VPN gateways connect on-premises networks to VPCs but do not address internal segmentation. Transit gateways connect multiple VPCs but lack fine-grained segmentation capabilities. Edge locations are for content distribution, not network segmentation.

The correct answer is to apply security configurations and patches or updates that were missing before the incident. This step is crucial in the recovery process because returning systems to production without addressing the original vulnerability would likely result in a recurring breach.

While documenting the recovery actions taken is important, it can be completed after systems are secure and operational. Updating the incident status would be premature without ensuring the vulnerability is addressed. Restoring user access at this stage could potentially re-expose the system to threats if the original vulnerability hasn't been patched. The application of security patches addresses the root cause of the incident and helps prevent similar incidents in the future, making it the most critical next step in the recovery process.

Chain of custody is the correct answer because it refers to the documented chronological history of the handling, analysis, and preservation of evidence from the time it is obtained until it is presented in court. This documentation ensures that evidence remains authentic and unaltered throughout the investigative process. The chain of custody process is essential for maintaining evidence admissibility in legal proceedings, as it establishes who had possession of evidence at all times and what actions were performed on it. Other investigative techniques like data carving, timeline analysis, and hash verification are important forensic methods but do not specifically refer to documenting the control and handling history of evidence.

Segregation of Duties (SoD) is a security principle that divides critical functions among different individuals to prevent fraud, errors, and abuse by ensuring that no single person has complete control over a transaction or process. By requiring multiple people to be involved in sensitive transactions like initiating, approving, and finalizing a transfer, SoD creates a system of checks and balances, making it significantly more difficult for any single person to commit fraud without collusion.

The other options are incorrect because:

• Defense in depth involves implementing multiple layers of security controls, and while SoD can be one of those layers, it is not the overarching principle of layering itself.
• Least privilege relates to providing the minimum necessary access rights for a user to perform their job functions. While related, it doesn't specifically address the requirement of splitting a single process among multiple people.
• Role-based access control (RBAC) is a method of implementing access control based on job functions. It is a common and effective way to enforce SoD, but SoD is the fundamental principle being applied, not the implementation mechanism.

The most effective and resilient strategy is a defense-in-depth approach that layers multiple, different controls. Combining mantraps, multifactor authentication, and locked server cages creates redundancy and mitigates the risk of a single control's failure. Relying solely on biometric scanners creates a single point of failure and does not protect assets within the data hall. A guard force alone is subject to human error and social engineering. A surveillance system is a detective and deterrent control, but it does not physically prevent access, which is the primary goal.

The correct answer is implementing tiered protection controls based on information sensitivity levels. This approach ensures that security measures are proportional to the value and sensitivity of different types of information. By categorizing information (such as Public, Internal, Confidential, and Restricted) and then applying appropriate controls to each tier, an organization can balance security requirements with operational needs. More sensitive information receives stronger protections while less sensitive information remains accessible with appropriate but less stringent controls.

Applying uniform encryption across corporate assets would create unnecessary overhead for less sensitive information and potentially impact system performance and usability. Requiring management authorization for information retrieval would create significant operational bottlenecks and isn't practical for day-to-day operations. Implementing network segmentation addresses the network architecture but doesn't specifically target the information assets themselves based on their varying sensitivity levels.

The correct answer is to implement a secure storage facility with access controls, documentation of evidence handling, and physical protection measures. When storing digital evidence, maintaining the Chain of Custody (CoC) is paramount to ensure admissibility in court proceedings. This means documenting who has handled the evidence, when they accessed it, and for what purpose. Additionally, physical security measures such as controlled access to the storage facility and tamper-evident containers provide protection against unauthorized access or manipulation. Temperature and humidity controls are important for certain types of physical evidence but are secondary to CoC documentation for digital evidence. While integrity checks are valuable, they should be conducted in a manner that doesn't alter the original evidence. Making copies for analysis is a good practice but doesn't replace proper storage procedures. Remote cloud storage introduces potential CoC challenges that could compromise admissibility.

Encrypting the traffic with protocols such as TLS or an IPsec VPN protects confidentiality and integrity by ensuring only authenticated endpoints holding the correct keys can read or modify the data. Network segmentation or just-in-time access reduce the attack surface but do not safeguard packets from interception. Data masking hides values for test or analytics use but offers no cryptographic assurance during transfer. Therefore, encryption in transit is the most effective measure.

Whitelisting provides stronger security by default because it follows a deny-by-default approach where only explicitly approved applications are permitted to run. This creates a more restrictive security posture than blacklisting, which allows all applications to run except those specifically prohibited. With whitelisting, unknown or unauthorized applications cannot execute at all, significantly reducing the attack surface. Blacklisting requires constant updates to catch new malicious applications and is reactive rather than proactive. Application control based on whitelisting is generally considered more secure but requires more administrative overhead to implement and maintain.

The correct action is to execute the file in a sandbox. A sandbox is an isolated, controlled environment where potentially malicious code can be run and analyzed without affecting the production system or network. This allows the analyst to observe the file's behavior, such as network connections, file modifications, or registry changes, to determine if it is malicious. Deleting the email removes the immediate threat but prevents analysis. Running a local AV scan may not detect an unknown or zero-day threat. Forwarding to a vendor is a valid step but not the best initial action for immediate internal analysis.

A Privileged Access Management (PAM) solution provides the most comprehensive set of security controls for managing high-risk privileged accounts. PAM solutions go beyond simple credential storage by offering a suite of features including secure vaulting, automated password rotation to limit the lifespan of a credential, and session monitoring or recording to audit all privileged activities. While an enterprise password vault offers secure storage, it typically lacks the advanced monitoring and automated lifecycle management features of a full PAM system. Enforcing MFA is a critical control for authenticating administrators but does not manage the credential's lifecycle or monitor its use during a session. A strong password policy is a fundamental baseline but does not provide the active management, monitoring, and automated controls necessary to adequately protect privileged access.

The correct answer is to conduct a data classification review, then apply appropriate sanitization methods based on data sensitivity. This approach follows security best practices for system retirement by first understanding what types of data exist on the systems (through classification), and then applying the appropriate data destruction techniques based on that classification. Different types of data require different levels of sanitization - some may require complete physical destruction while others might only need secure wiping. This methodical approach ensures compliance with regulations while protecting sensitive information.

The other options are incorrect because:

• Simply transferring data to new systems before physical destruction doesn't address proper data sanitization and may leave sensitive information vulnerable during transfer.
• Performing backups without classification doesn't address how to properly destroy the data according to its sensitivity level.
• Outsourcing to a vendor without specific security requirements puts the organization at risk of improper disposal practices that could lead to data breaches.

The correct answer is to document the risk, offer remediation recommendations, and have management acknowledge the risk. This approach aligns with the ISC2 Code of Professional Ethics, particularly the Canon of protecting society, the common good, and the infrastructure. While the consultant has an ethical obligation to ensure the client understands the risks, the consultant cannot force the client to implement fixes on a specific timeline. The consultant should document the risks and recommendations, obtain acknowledgment from management, and respect the client's business decisions. The other options either breach confidentiality (by disclosing to third parties or regulatory bodies), exceed the consultant's authority (by implementing patches without permission), or fail to fulfill the consultant's duty to properly inform the client of risks.