CISSP Exam Dumps - Certified Information Systems Security Professional (CISSP)

Monitoring of a control should occur at a rate concurrent with the volatility of the security control when implementing Information Security Continuous Monitoring (ISCM) solutions. ISCM is a process that involves maintaining the ongoing awareness of the security status, events, and activities of a system or network, by collecting, analyzing, and reporting the security data and information, using various methods and tools. ISCM can provide several benefits, such as:

• Improving the security and risk management of the system or network by identifying and addressing the security weaknesses and gaps
• Enhancing the security and decision making of the system or network by providing the evidence and information for the security analysis, evaluation, and reporting
• Increasing the security and improvement of the system or network by providing the feedback and input for the security response, remediation, and optimization
• Facilitating the compliance and alignment of the system or network with the internal or external requirements and standards

A security control is a measure or mechanism that is implemented to protect the system or network from the security threats or risks, by preventing, detecting, or correcting the security incidents or impacts. A security control can have various types, such as administrative, technical, or physical, and various attributes, such as preventive, detective, or corrective. A security control can also have different levels of volatility, which is the degree or frequency of change or variation of the security control, due to various factors, such as the security requirements, the threat landscape, or the system or network environment.

Monitoring of a control should occur at a rate concurrent with the volatility of the security control when implementing ISCM solutions, because it can ensure that the ISCM solutions can capture and reflect the current and accurate state and performance of the security control, and can identify and report any issues or risks that might affect the security control. Monitoring of a control at a rate concurrent with the volatility of the security control can also help to optimize the ISCM resources and efforts, by allocating them according to the priority and urgency of the security control.

The other options are not the correct frequencies for monitoring of a control when implementing ISCM solutions, but rather incorrect or unrealistic frequencies that might cause problems or inefficiencies for the ISCM solutions. Continuously without exception for all security controls is an incorrect frequency for monitoring of a control when implementing ISCM solutions, because it is not feasible or necessary to monitor all security controls at the same and constant rate, regardless of their volatility or importance. Continuously monitoring all security controls without exception might cause the ISCM solutions to consume excessive or wasteful resources and efforts, and might overwhelm or overload the ISCM solutions with too much or irrelevant data and information. Before and after each change of the control is an incorrect frequency for monitoring of a control when implementing ISCM solutions, because it is not sufficient or timely to monitor the security control only when there is a change of the security control, and not during the normal operation of the security control. Monitoring the security control only before and after each change might cause the ISCM solutions to miss or ignore the security status, events, and activities that occur between the changes of the security control, and might delay or hinder the ISCM solutions from detecting and responding to the security issues or incidents that affect the security control. Only during system implementation and decommissioning is an incorrect frequency for monitoring of a control when implementing ISCM solutions, because it is not appropriate or effective to monitor the security control only during the initial or final stages of the system or network lifecycle, and not during the operational or maintenance stages of the system or network lifecycle. Monitoring the security control only during system implementation and decommissioning might cause the ISCM solutions to neglect or overlook the security status, events, and activities that occur during the regular or ongoing operation of the system or network, and might prevent or limit the ISCM solutions from improving and optimizing the security control.

 Insufficient Service Level Agreement (SLA) would be the most probable cause for an organization to lack the ability to properly establish performance indicators for its Web hosting solution during an audit. A Web hosting solution is a service that provides the infrastructure, resources, and tools for hosting and maintaining a website or a web application on the internet. A Web hosting solution can offer various benefits, such as:

• Improving the availability and accessibility of the website or web application by ensuring that it is online and reachable at all times
• Enhancing the performance and scalability of the website or web application by optimizing the speed, load, and capacity of the web server
• Increasing the security and reliability of the website or web application by providing the backup, recovery, and protection of the web data and content
• Reducing the cost and complexity of the website or web application by outsourcing the web hosting and management to a third-party provider

A Service Level Agreement (SLA) is a contract or an agreement that defines the expectations, responsibilities, and obligations of the parties involved in a service, such as the service provider and the service consumer. An SLA can include various components, such as:

• Service description: a detailed explanation of the scope, purpose, and features of the service
• Service level objectives: a set of measurable and quantifiable goals or targets for the service quality, performance, and availability
• Service level indicators: a set of metrics or parameters that are used to monitor and evaluate the service level objectives
• Service level reporting: a process that involves collecting, analyzing, and communicating the service level indicators and objectives
• Service level penalties: a set of consequences or actions that are applied when the service level objectives are not met or violated

Insufficient SLA would be the most probable cause for an organization to lack the ability to properly establish performance indicators for its Web hosting solution during an audit, because it could mean that the SLA does not include or specify the appropriate service level indicators or objectives for the Web hosting solution, or that the SLA does not provide or enforce the adequate service level reporting or penalties for the Web hosting solution. This could affect the ability of the organization to measure and assess the Web hosting solution quality, performance, and availability, and to identify and address any issues or risks in the Web hosting solution.

The other options are not the most probable causes for an organization to lack the ability to properly establish performance indicators for its Web hosting solution during an audit, but rather the factors that could affect or improve the Web hosting solution in other ways. Absence of a Business Intelligence (BI) solution is a factor that could affect the ability of the organization to analyze and utilize the data and information from the Web hosting solution, such as the web traffic, behavior, or conversion. A BI solution is a system that involves the collection, integration, processing, and presentation of the data and information from various sources, such as the Web hosting solution, to support the decision making and planning of the organization. However, absence of a BI solution is not the most probable cause for an organization to lack the ability to properly establish performance indicators for its Web hosting solution during an audit, because it does not affect the definition or specification of the performance indicators for the Web hosting solution, but rather the analysis or usage of the performance indicators for the Web hosting solution. Inadequate cost modeling is a factor that could affect the ability of the organization to estimate and optimize the cost and value of the Web hosting solution, such as the web hosting fees, maintenance costs, or return on investment. A cost model is a tool or a method that helps the organization to calculate and compare the cost and value of the Web hosting solution, and to identify and implement the best or most efficient Web hosting solution. However, inadequate cost modeling is not the most probable cause for an organization to lack the ability to properly establish performance indicators for its Web hosting solution during an audit, because it does not affect the definition or specification of the performance indicators for the Web hosting solution, but rather the estimation or optimization of the cost and value of the Web hosting solution. Improper deployment of the Service-Oriented Architecture (SOA) is a factor that could affect the ability of the organization to design and develop the Web hosting solution, such as the web services, components, or interfaces. A SOA is a software architecture that involves the modularization, standardization, and integration of the software components or services that provide the functionality or logic of the Web hosting solution. A SOA can offer various benefits, such as:

• Improving the flexibility and scalability of the Web hosting solution by allowing the addition, modification, or removal of the software components or services without affecting the whole Web hosting solution
• Enhancing the interoperability and compatibility of the Web hosting solution by enabling the communication and interaction of the software components or services across different platforms and technologies
• Increasing the reusability and maintainability of the Web hosting solution by reducing the duplication and complexity of the software components or services

However, improper deployment of the SOA is not the most probable cause for an organization to lack the ability to properly establish performance indicators for its Web hosting solution during an audit, because it does not affect the definition or specification of the performance indicators for the Web hosting solution, but rather the design or development of the Web hosting solution.

 Consolidation of multiple providers is the primary advantage of using a third-party identity service. A third-party identity service is a service that provides identity and access management (IAM) functions, such as authentication, authorization, and federation, for multiple applications or systems, using a single identity provider (IdP). A third-party identity service can offer various benefits, such as:

• Improving the user experience and convenience by allowing the users to access multiple applications or systems with a single sign-on (SSO) or a federated identity
• Enhancing the security and compliance by applying the consistent and standardized IAM policies and controls across multiple applications or systems
• Increasing the scalability and flexibility by enabling the integration and interoperability of multiple applications or systems with different platforms and technologies
• Reducing the cost and complexity by outsourcing the IAM functions to a third-party provider, and avoiding the duplication and maintenance of multiple IAM systems

Consolidation of multiple providers is the primary advantage of using a third-party identity service, because it can simplify and streamline the IAM architecture and processes, by reducing the number of IdPs and IAM systems that are involved in managing the identities and access for multiple applications or systems. Consolidation of multiple providers can also help to avoid the issues or risks that might arise from having multiple IdPs and IAM systems, such as the inconsistency, redundancy, or conflict of the IAM policies and controls, or the inefficiency, vulnerability, or disruption of the IAM functions.

The other options are not the primary advantages of using a third-party identity service, but rather secondary or specific advantages for different aspects or scenarios of using a third-party identity service. Directory synchronization is an advantage of using a third-party identity service, but it is more relevant for the scenario where the organization has an existing directory service, such as LDAP or Active Directory, that stores and manages the user accounts and attributes, and wants to synchronize them with the third-party identity service, to enable the SSO or federation for the users. Web based logon is an advantage of using a third-party identity service, but it is more relevant for the aspect where the third-party identity service uses a web-based protocol, such as SAML or OAuth, to facilitate the SSO or federation for the users, by redirecting them to a web-based logon page, where they can enter their credentials or consent. Automated account management is an advantage of using a third-party identity service, but it is more relevant for the aspect where the third-party identity service provides the IAM functions, such as provisioning, deprovisioning, or updating, for the user accounts and access rights, using an automated or self-service mechanism, such as SCIM or JIT.

An application should invoke re-authentication in addition to initial user authentication after a period of inactivity. Re-authentication is a process of verifying the identity or attributes of a user, device, or process that has already been authenticated, but needs to renew or confirm the authentication for a specific reason or purpose. Re-authentication can enhance the security and accountability of the application, by preventing unauthorized access or misuse of the application by someone other than the authenticated user, or by the authenticated user for an unintended or inappropriate purpose. Re-authentication can also help to comply with the security policies or regulations that mandate a certain frequency or duration of authentication. An application should invoke re-authentication after a period of inactivity, meaning that the user has not performed any action or activity on the application for a predefined amount of time, such as 15 minutes or 30 minutes. This can prevent the application from being accessed or manipulated by someone who gains physical or logical access to the user’s device or session, while the user is away or distracted. An application should not invoke re-authentication at the application sign-off, periodically during a session, or for each business process, as these may not be necessary or effective for security, and may cause inconvenience or frustration to the user. References:

• [Re-authentication]
• [Authentication]
• [Re-authentication: The Unsung Hero of SSO Security]

An organization should request a SOC 2 Type 2 report if they require a period of time report covering security and availability for a particular system. A SOC 2 report is a type of System and Organization Controls (SOC) report that evaluates the controls of a service organization based on the Trust Services Criteria (TSC), which are security, availability, processing integrity, confidentiality, and privacy. A SOC 2 report can be either Type 1 or Type 2. A SOC 2 Type 1 report describes the design and implementation of the controls at a point in time, while a SOC 2 Type 2 report tests the operating effectiveness of the controls over a period of time, usually six or twelve months. A SOC 2 Type 2 report provides more assurance and credibility than a SOC 2 Type 1 report, as it demonstrates how well the controls performed over time. A SOC 2 report can be customized to include only the relevant TSC for a particular system or service. If an organization requires a report covering security and availability, they should request a SOC 2 report that includes only those two TSC. References:

• SOC 2 Compliance: What It Is, And Why You Need It
• SOC 2 Type 1 vs. Type 2: Here Is What You Need To Know
• SOC 2 Reports: What Are They and Why Do They Matter?

Asset values for networks are the factors that may be assigned by the administrator using the vulnerability scanners in order to assist in prioritizing remediation activities. Vulnerability scanners are the tools or the software that are used to scan and detect the vulnerabilities that may affect the organization’s information systems and assets. Vulnerabilities are the weaknesses or the flaws in a system or an application that can be exploited by an attacker to compromise the security or the functionality of the system or the application. Remediation activities are the actions or the measures that are taken to mitigate or eliminate the vulnerabilities, and to restore the security and the performance of the system or the application. Asset values for networks are the factors that indicate the importance or the criticality of the networks that are scanned by the vulnerability scanners, and that are affected by the vulnerabilities. Asset values for networks can help the administrator prioritize the remediation activities, as they can help determine the impact and the risk of the vulnerabilities on the networks, and the order and the urgency of the remediation activities. Asset values for networks can also help the administrator allocate the resources and the budget for the remediation activities, and to justify the cost and the benefit of the remediation activities. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7: Security Operations, page 367. CISSP Practice Exam | Boson, Question 16.

The layer that handles packet fragmentation and reassembly in the Open System Interconnection (OSI) reference model is the network layer. The network layer is the third layer of the OSI model, and it is responsible for routing and forwarding packets across different networks. The network layer also performs packet fragmentation and reassembly, which are processes that divide a large packet into smaller fragments to fit the maximum transmission unit (MTU) of the underlying network, and reassemble the fragments back into the original packet at the destination. Packet fragmentation and reassembly can improve the efficiency and reliability of data transmission, as well as avoid congestion and errors. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 4: Communication and Network Security, page 151; [Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 4: Communication and Network Security, page 225]

The most appropriate strategy for the log retention of a cloud service provider that requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for the period of three months, given that the audit logging generates extremely high amount of logs, is to keep last week’s logs in an online storage and the rest in a near-line storage. Online storage is a type of storage that is directly accessible by the system or application, such as hard disk drives, solid state drives, or flash drives. Online storage is fast, convenient, and reliable, but it is also expensive and consumes more power. Near-line storage is a type of storage that is not directly accessible by the system or application, but can be made accessible within a short time, such as tape drives, optical disks, or removable media. Near-line storage is slower, less convenient, and less reliable than online storage, but it is also cheaper and consumes less power. By keeping last week’s logs in an online storage and the rest in a near-line storage, the cloud service provider can balance the trade-offs between performance, cost, and availability of the logs. The logs that are most likely to be accessed or analyzed are kept in the online storage, while the logs that are less likely to be accessed or analyzed are kept in the near-line storage. This way, the cloud service provider can meet the log retention requirement without wasting too much resources or compromising the security of the logs. Keeping all logs in an online storage, keeping all logs in an offline storage, or keeping last week’s logs in an online storage and the rest in an offline storage are not appropriate strategies for the log retention of the cloud service provider. Keeping all logs in an online storage would be too costly and inefficient, as it would consume too much disk space and power for logs that are rarely accessed or analyzed. Keeping all logs in an offline storage or keeping last week’s logs in an online storage and the rest in an offline storage would be too risky and inconvenient, as it would make the logs inaccessible or difficult to access in case of an audit, investigation, or incident response. Offline storage is a type of storage that is not accessible by the system or application, and requires manual intervention to access, such as archived tapes, disks, or media. References: Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 7, Security Operations, page 697. CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7, Security Operations, page 660.