ISC2 CISSP Practice Test

The correct answer is False. The 'fail securely' principle states that when a system fails, it should default to a secure state rather than an insecure one. In practice, this means that when authentication mechanisms fail or encounter errors, the system should deny access rather than grant it. This ensures that security is maintained even during failure conditions.

Failing securely is sometimes referred to as 'fail-safe' or 'fail-closed' and is an important security design principle that helps prevent unauthorized access during exceptional conditions or system failures. If a system were to grant access by default when authentication fails, it would create significant security vulnerabilities that could be exploited by attackers.

Availability is the security concept that ensures information systems and data are accessible and usable by authorized users when needed. This is a fundamental component of the CIA triad (Confidentiality, Integrity, and Availability) and one of the five pillars of information security.

Confidentiality ensures that information is not disclosed to unauthorized parties. Integrity ensures data remains accurate and unaltered. Authenticity verifies that data, transactions, or documents are genuine. Nonrepudiation prevents parties from denying their actions.

The CISO is emphasizing the Privacy by Design principle, which was developed by Dr. Ann Cavoukian and is now considered a global standard for protection. It advocates for incorporating data protection measures into the design and architecture of systems from the beginning, rather than adding them later as a reaction to problems.

The correct answer involves conducting a data flow assessment during the requirements phase, which allows the team to systematically analyze how personal information will be collected, used, shared, and maintained before any technical decisions are made. This proactive approach helps identify and mitigate risks early, embedding protection into the system architecture itself.

The other options represent reactive approaches that address concerns after design decisions have been made, focus only on compliance documentation without addressing architectural considerations, or implement technical controls without considering broader implications of data handling throughout the entire system lifecycle.

This statement is false because it does not address the full scope of deprovisioning necessary for security. Merely removing access to email and shared drives overlooks other critical systems and applications the employee may have accessed. Comprehensive deprovisioning involves revoking all access rights and disabling accounts associated with the employee to protect sensitive information and maintain security across the organization.

The correct answer is to apply security configurations and patches or updates that were missing before the incident. This step is crucial in the recovery process because returning systems to production without addressing the original vulnerability would likely result in a recurring breach.

While documenting the recovery actions taken is important, it can be completed after systems are secure and operational. Updating the incident status would be premature without ensuring the vulnerability is addressed. Restoring user access at this stage could potentially re-expose the system to threats if the original vulnerability hasn't been patched. The application of security patches addresses the root cause of the incident and helps prevent similar incidents in the future, making it the most critical next step in the recovery process.

Data cleansing is the BEST answer because it specifically addresses the issues described in the scenario: duplicate records, outdated information, and inconsistent formatting. Data cleansing is the process of detecting and correcting (or removing) corrupt, inaccurate, or irrelevant records from a dataset. This process involves identifying incomplete, incorrect, inaccurate, or irrelevant parts of the data and then replacing, modifying, or deleting this dirty data to improve data quality.

While data normalization (standardizing data formats) would help with the inconsistent formatting issue, it doesn't address the duplicate records or outdated information problems comprehensively. Data compression is about reducing storage requirements, not fixing data quality issues. Data encryption focuses on protecting the confidentiality of data, but doesn't address the data quality problems described in the scenario.

The correct answer is implementing resource isolation through containerization. High-Performance Computing (HPC) systems face unique security challenges due to their multi-tenant nature and shared resource architecture. When multiple processes or users share computing resources, there is a risk of data leakage between workloads or unauthorized access to sensitive information.

Containerization provides strong isolation between workloads while maintaining the performance advantages of HPC systems. It creates logical boundaries between different processing tasks, ensuring that fraud detection algorithms and sensitive financial data remain segregated from other workloads. This approach aligns with the principle of defense in depth by adding another layer of protection.

Perimeter-based network monitoring is insufficient for HPC environments as many threats can originate from within the cluster. Allowing elevated root access would violate the principle of least privilege and create unnecessary security risks. While hardware-level encryption is beneficial, it addresses data protection rather than the resource isolation needs specific to multi-tenant HPC environments.

The primary purpose of establishing information and asset handling requirements is to ensure consistent protection of information assets throughout their lifecycle. These requirements define how information should be handled, stored, processed, and transmitted based on its classification and sensitivity. Without established handling requirements, organizations risk inconsistent security practices, potential data breaches, and compliance violations. Proper handling requirements ensure that everyone in the organization understands how to work with information assets according to their sensitivity level and relevant regulations.

Fuzzing, or fuzz testing, is the most effective approach for identifying authentication bypass vulnerabilities in APIs because it systematically sends unexpected, malformed, or random data inputs to the API endpoints to discover how they handle invalid or unexpected inputs. This technique is particularly effective at finding authentication bypass vulnerabilities as it can reveal edge cases where input validation fails or where error handling might expose sensitive information that could assist in bypassing authentication controls.

While schema validation testing is valuable for ensuring API inputs conform to expected formats, it doesn't specifically target authentication logic flaws. Load testing focuses on performance under stress rather than security vulnerabilities. Port scanning is a network reconnaissance technique that identifies open ports and services but doesn't test application-level authentication mechanisms in APIs.

A sandbox is an isolated environment used to execute suspicious or untrusted code and applications without risking harm to the host device or network. By providing this controlled environment, security professionals can observe the behavior of potentially malicious software and analyze its actions without exposing production systems to risk. Sandboxes are particularly valuable for testing unknown files, suspicious email attachments, or applications from untrusted sources before allowing them into the production environment.

Due care refers to taking reasonable steps that a prudent person would take in a given situation to prevent harm or meet obligations. In this scenario, the company failed to apply a patch for a known vulnerability for an extended period (six months), which represents a failure to exercise due care. This demonstrates a lack of reasonable action to protect systems and data, which a prudent organization would typically address in a more timely manner.

Due diligence, in contrast, refers to the investigation and research process undertaken before making decisions or taking actions, such as assessing risks before implementing systems. The scenario specifically shows a failure to act on known information rather than a failure to investigate.

The other options are incorrect because: code of ethics violations typically involve professional conduct issues, not security maintenance practices; and the business impact analysis is a process for determining critical business functions and is not directly related to patch management failures.

Attribute-based Access Control (ABAC) is the correct answer because it evaluates access requests based on attributes of subjects (users), objects (resources), actions, and environmental conditions. In this healthcare scenario, ABAC can use multiple attributes like the relationship between provider and patient, time of access, location, and data sensitivity level to make dynamic access decisions.

Role-based Access Control (RBAC) would be insufficient as it primarily makes access decisions based on pre-defined roles and doesn't easily accommodate environmental conditions like time and location. Discretionary Access Control (DAC) relies on the resource owner to grant access rights and lacks the fine-grained control needed for multiple attributes. Mandatory Access Control (MAC) uses security labels and clearance levels in a rigid hierarchy, which doesn't allow for the contextual, relationship-based decisions required in this healthcare scenario.

A strategy that involves requiring various forms of identification and verification greatly improves security. This method ensures that even if one credential is compromised, unauthorized users still face additional hurdles before gaining entry to applications. In contrast, relying on a single credential method, such as a username and password, can leave systems vulnerable, while options like device recognition and IP address filtering do not provide comprehensive security on their own.

The statement is false because portable USB storage devices present significant security risks even when endpoint security controls are in place. These devices can:

1. Introduce malware into secure environments through infected media
2. Be used for unauthorized data exfiltration
3. Bypass network monitoring controls
4. Potentially deliver hardware-based attacks (like BadUSB)

Comprehensive access control for devices requires:

• Restricting unauthorized devices through physical means
• Implementing technical controls like device whitelisting
• Enforcing policies on approved device usage
• Possibly disabling USB ports in highly sensitive environments

Endpoint security alone is insufficient, as it may have vulnerabilities or configuration gaps that USB devices could exploit. Defense-in-depth principles require both physical access restrictions and technical controls.

The correct answer is Race condition testing. Time-of-check to time-of-use (TOCTOU) vulnerabilities are a type of race condition where a program checks a condition and then acts on that information assuming it's still valid, which can create a security vulnerability if the condition changes between the check and use. Race condition testing specifically focuses on identifying situations where timing differences can lead to security issues by systematically testing for conditions where operations can be interrupted or reordered in ways that expose vulnerabilities.

Static code analysis is incorrect because while static code analysis can identify some potential race conditions, it often struggles with TOCTOU vulnerabilities because these issues depend on runtime timing and execution order that may not be apparent from static analysis alone.

Fuzzing is incorrect because fuzzing focuses on finding input handling vulnerabilities by providing unexpected or malformed inputs. While fuzzing is valuable for many types of security testing, it's not specifically designed to detect timing-based race conditions like TOCTOU issues.

Dependency scanning is incorrect because dependency scanning focuses on identifying known vulnerabilities in third-party libraries and components rather than application logic vulnerabilities like race conditions. It doesn't test the dynamic behavior of code that could lead to TOCTOU issues.