CISSP Exam Dumps - Certified Information Systems Security Professional (CISSP)

The Encapsulating Security Payload (ESP) provides integrity and confidentiality for network communications. ESP is a protocol that is part of the IPsec suite, which is a set of protocols and standards that provide security for Internet Protocol (IP) communications. ESP encrypts the payload of an IP packet, which is the data portion of the packet, to provide confidentiality. ESP also adds a trailer and an authentication data field to the packet, to provide integrity. ESP does not provide authorization or availability for network communications. Authorization is the process of granting or denying access to resources based on the identity or role of the requester. Availability is the property of ensuring that resources are accessible and usable by authorized parties when needed. ESP does not perform authorization or availability functions, but it may support or complement them. 

A practice that permits the owner of a data object to grant other users access to that object would usually provide Discretionary Access Control (DAC). DAC is a type of access control that allows the data owner or creator to decide who can access or modify the data object, based on their identity or membership in a group. DAC is implemented using access control lists (ACLs), which specify the permissions or rights of each user or group for each data object. DAC is flexible and easy to implement, but it can also pose a security risk if the data owner grants excessive or inappropriate access to unauthorized or malicious users. Mandatory Access Control (MAC), owner-administered control, and owner-dependent access control are not types of access control that permit the owner of a data object to grant other users access to that object, as they are either based on predefined rules or policies, or not related to access control at all. References: : CISSP All-in-One Exam Guide, Eighth Edition, Chapter 6, page 354.

The EU-US Safe Harbor Privacy Policy is a framework that was established in 2000 to enable the transfer of personal data from the European Union to the United States, while ensuring adequate protection of the data subject’s privacy rights3. The framework was invalidated by the European Court of Justice in 2015, and replaced by the EU-US Privacy Shield in 20164. However, the Safe Harbor Privacy Policy still serves as a reference for the principles and requirements of data protection across the Atlantic. One of the elements that a compliant Safe Harbor Privacy Policy must contain is an explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject. This is part of the principle of access, which states that individuals must have access to their personal information and be able to correct, amend, or delete it where it is inaccurate. References: 3: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5, page 2954: CISSP For Dummies, 7th Edition, Chapter 10, page 284. : Official (ISC)2 CISSP CBK Reference, 5th Edition, Chapter 5, page 293.

Documenting business processes is an important step in Business Continuity Planning (BCP), as it provides an understanding of the organization’s interdependencies, such as the people, resources, systems, and functions that are involved in each process. This helps to identify the critical processes that need to be prioritized and protected, as well as the potential impact of a disruption on the organization’s operations and objectives12. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 10, page 10092: CISSP For Dummies, 7th Edition, Chapter 10, page 339.

Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol in which a new random number is generated uniquely for each login session. CHAP is used to authenticate a user or a system over a Point-to-Point Protocol (PPP) connection, such as a dial-up or a VPN connection. CHAP works as follows: The server sends a challenge message to the client, which contains a random number. The client calculates a response by applying a one-way hash function to the random number and its own secret key, and sends the response back to the server. The server performs the same calculation using the same random number and the secret key stored in its database, and compares the results. If they match, the authentication is successful. CHAP provides more security than Password Authentication Protocol (PAP), which sends the username and password in clear text over the network . References: : CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5, page 516. : CISSP For Dummies, 7th Edition, Chapter 5, page 151.

The next step after completing the organization’s Business Impact Analysis (BIA) is to identify and select recovery strategies. A BIA is a process of analyzing the potential impact and consequences of a disruption or disaster on the organization’s critical business functions and processes. A BIA helps to identify the recovery objectives, priorities, and requirements for the organization. Based on the BIA results, the organization should identify and select the recovery strategies that are suitable and feasible for restoring the critical business functions and processes within the acceptable time frame and cost. The recovery strategies may include technical, operational, organizational, or contractual solutions, such as backup systems, alternate sites, mutual aid agreements, or insurance policies . References: : Business Impact Analysis | Ready.gov : Business Continuity Planning Process Diagram

An attacker is most likely to target programs that write to system resources to gain privileged access to a system. System resources are the hardware and software components that are essential for the operation and functionality of a system, such as the CPU, memory, disk, network, operating system, drivers, libraries, etc. Programs that write to system resources may have higher privileges or permissions than programs that write to user directories or log files. An attacker may exploit vulnerabilities or flaws in these programs to execute malicious code, escalate privileges, or bypass security controls. Programs that write to user directories or log files are less likely to be targeted by an attacker, as they may have lower privileges or permissions, and may not contain sensitive information or system calls. User directories are the folders or locations where users store their personal files or data. Log files are the records of events or activities that occur in a system or application. 

The first step to take when designing a networked Information System (IS) where there will be several different types of individual access is to create a user access matrix. A user access matrix is a table that defines the access rights and permissions of each user or user group to each resource or function in the system. A user access matrix helps to ensure that all access control requirements are addressed, such as the principle of least privilege, the principle of separation of duties, and the principle of need to know. A user access matrix also helps to simplify and standardize the implementation and administration of access control policies and mechanisms910. References: 9: Access Control Matrix1110: Access Control Models and Methods12