Domain 3 CISSP Exam: Security Architecture and Engineering

Explanation: Fault injection attacks involve deliberately injecting faulty or erroneous inputs and observing the errors and outputs. This is a type of side-channel attack, and it can be used to compromise a systems security by taking advantage of vulnerabilities in the system.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 367 in PDF)

Explanation: According to the text, the cloud service provider is exclusively responsible for physical security in a cloud deployment, along with environmental security, hardware, and networking components. Therefore, option A is the correct answer.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 298 in PDF)

Explanation: The Data Encryption Standard (DES) uses a 56-bit key length, which is relatively short compared to modern encryption standards. This length ultimately led to it being deemed insecure in the 1990s and later superseded by the AES algorithm.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 340 in PDF)

Explanation: Rapid elasticity and scalability refers to the ability of cloud services to easily and quickly adjust to changes in demand, allowing resources to be added or removed as necessary. This characteristic allows users to significantly reduce the need for on-premises infrastructure and provides cost savings when resources are no longer needed.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 297 in PDF)

Explanation: When developing an IoT device, it is important to conduct threat modeling to determine likely vulnerabilities and ensure that appropriate mitigations are deployed. Reviewing security architecture and implementing secure software development guidelines such as those from OWASP and SANS can help prevent common IoT vulnerabilities. Additionally, performing active white- and black-box penetration testing can help identify potential issues. Therefore, option A is the correct answer.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 305 in PDF)

Explanation: Shield layers prevent eavesdropping on internal signals using ion probes or other microscopic devices, thus enhancing the security of a cryptoprocessor. The other options are incorrect because having multiple attack surfaces increases the risk of a cyber attack, hardware-based cryptographic accelerator enhances the performance of the cryptoprocessor, and vulnerability to hardware tampering reduces the security of the processor.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 274 in PDF)

Explanation: RC2 is a block cipher, developed in 1987, that uses a 64-bit block size and a variable-length key. RC2 is vulnerable to chosen-plaintext attacks and should not be used.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 341 in PDF)

Explanation: Privacy Embedded into Design is the PbD principle that seeks to build privacy directly into the design, operation, and management of a system or process, rather than considering privacy after the fact. Privacy measures should be fully integrated components of the system and associated processes, rather than added on after the fact; privacy should be treated as a core functionality of the system.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 252 in PDF)

Explanation: Encryption is the process of converting a message from its plaintext to ciphertext, making it unreadable for anyone except the intended recipient.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 323 in PDF)

Explanation: The Advanced Encryption Standard (AES) algorithm uses three different key lengths: 128, 192, and 256 bits. This makes it versatile for different security requirements, where the longer key lengths provide stronger security.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 341 in PDF)

Explanation: The correct answer is A. ECB, or Electronic CodeBook, is a block cipher mode of operation in which each block of plaintext is processed independently by the cipher. While this may be adequate for messages that are no greater than the block size, it has serious weaknesses for longer messages, as identical blocks of plaintext will produce identical blocks of ciphertext. This can compromise confidentiality if revealing that different rows of the table have the same value might compromise confidentiality.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 336 in PDF)

Explanation: The text explicitly states that systems must be designed to always remain in a secure state, even when errors occur. This is an important consideration in error and exception handling to ensure the confidentiality, integrity, and availability of the system.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 243 in PDF)

Explanation: ElGamal is an asymmetric-key algorithm derived from the Diffie-Hellman-Merkle algorithm and used for transmitting digital signatures and key exchanges. It is based on discrete logarithmic problem solving.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 343 in PDF)

Explanation: The key is the input that controls the operation of the cryptographic algorithm and determines its behavior, which then permits reliable encryption and decryption of the message. In other words, the key is used to determine how the message will be encrypted and decrypted, and without the correct key, it is nearly impossible to decipher encrypted message.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 323 in PDF)

Explanation: As stated in the text, the primary goal of security architecture and engineering is to reduce security risks to an acceptable level and protect the confidentiality, integrity, and availability of systems or business, as well as ensuring compliance and other important principles.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 232 in PDF)

Explanation: White-box testing is done with detailed knowledge of the systems design and implementation, while black-box testing is done with no knowledge of the systems internals. Gray-box testing is a combination of both, with some knowledge of the system, but not all.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 278 in PDF)

Explanation: Side-channel attacks exploit artifacts of the cryptographic process, like timing, cache access, power consumption or electromagnetic emanations, to deduce information about the key or plaintext being processed. These attacks are generally an attack on the implementation of the cryptographic algorithm, rather than the algorithm itself. Common types of side-channel attacks include timing attacks, power analysis attacks, and electromagnetic analysis attacks.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 365 in PDF)

Explanation: In the cloud shared responsibility model, physical security is exclusively the responsibility of the cloud service provider. They are responsible for the security of the cloud infrastructure including the servers, storage devices, cables, switches, routers, firewalls, and internet connectivity. The customer is responsible for security in the cloud. This includes vulnerability and patch management, configuration management, and network configuration and security.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 300 in PDF)

Explanation: CTR mode addresses the problem of encryption parallelization by not using previous blocks of the CBC or CFB in producing the ciphertext. By using an IV combined with a counter value, one can both parallelize the encryption process and decrypt a single block of the ciphertext. This mode also uses a nonce to prevent replay attacks.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 338 in PDF)

Explanation: The Star Property, also referred to as no write down, prevents a subject from writing to an object at a lower security level. This is to prevent an authorized subject from breaching security by writing sensitive information to an object at a lower security level.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 258 in PDF)

Explanation: The Remove rule in the Take-Grant model allows a subject to revoke (or remove) rights it has on an object.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 263 in PDF)

Explanation: The concept behind a security kernel is to create a small separate subsystem with the security-critical components that the rest of the system can rely upon. By doing this, the risk associated with security vulnerabilities can be significantly reduced.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 248 in PDF)

Explanation: Application-level encryption is a high-level approach that provides protection even if access to the database system is compromised. In this case, the business-logic or application layer is responsible for encrypting the data to be protected before it is passed to the database and for decrypting it once it has been retrieved. The database itself sees only binary data and does not have any access to the encryption keys. The cryptographic component ought to be called from the business-logic layer, not the storage management layer. Handle the encryption/decryption as close to the point of use as possible.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 282 in PDF)

Explanation: The question asks for a security capability that is not considered foundational, and firewalls are not part of the list of foundational ISS capabilities defined in the text. The other options mentioned, memory protection, TPMs, cryptographic modules, and HSMs are commonly used as security capabilities, making them foundational.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 269 in PDF)

Explanation: Placing network switches and other intermediate distribution equipment in any convenient out-of-the-way location, sharing space with other building infrastructure poses a risk of electrical interference from other building infrastructure which can cause random resets, errors, and even total failure in the worst case. This is because the equipment is not properly ventilated and is prone to overheating due to the presence of other sources of heat.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 371 in PDF)

Explanation: The Full Functionality – Positive-Sum, not Zero-Sum principle of Privacy by Design (PbD) encourages a win-win approach to all legitimate system design goals, and discourages unnecessary trade-offs being made. Both privacy and security can and should be achieved, and internet cookies are an example of a necessary web functionality that can be implemented securely and privately, without sacrificing privacy. Therefore, option C is the correct answer.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 253 in PDF)

Explanation: According to the cloud shared responsibility model, the cloud service provider is responsible for patching the software below the responsibility dividing line, whereas the customer is responsible for everything above the line. Therefore, the correct answer is A. The cloud service provider is responsible for vulnerability and patch management for a cloud-based system.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 300 in PDF)

Explanation: The Chosen Ciphertext attack involves an attacker being able to submit any ciphertext and obtain the corresponding plaintext. An example of this was the attack on SSL 3.0 developed by Bleichenbacher of Bell Labs, which could obtain the RSA private key of a website after trying between 300,000 and 2 million chosen ciphertexts.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 365 in PDF)

Explanation: Information security governance is not covered in DOMAIN 3: Security Architecture and Engineering. Instead, it is covered in DOMAIN 1: Security Governance and Risk Management.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 389 in PDF)

Explanation: The Star Integrity Property or * integrity property in the Biba integrity model is a rule that prevents lower privilege subjects from corrupting more secure information. This integrity property ensures that the integrity of data is maintained at its highest level of protection.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 260 in PDF)

Explanation: Encapsulation is an architectural concept where objects are accessed only through functions that logically separate functions that are abstracted from their underlying object by inclusion or information hiding within higher level objects. It defines the security policy for that object and mediate all operations on that object. Proper encapsulation requires that all access or manipulation of the encapsulated object must go through the encapsulation functions, and that it is not possible to tamper with the encapsulation of the object or the security attributes (e.g., permissions) of the encapsulation functions.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 239 in PDF)

Explanation: The text states that redundant network routes and hardware that can stay online through a local or regional disaster are necessary parts of cloud hosting availability designs that can take full advantage of highly available remote infrastructures. This is because although cloud providers may claim 99.99 percent or higher availability, organizations must also ensure that they will be able to access those providers that are highly available.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 381 in PDF)

Explanation: The advantage of asymmetric or public key cryptography over symmetric encryption is that it allows for the encryption of data using a public key that can only be decrypted by its corresponding private key. This means that parties can communicate securely without needing to share a secret key, which can become complex and impractical when there are more than just a few people involved. With public key cryptography, each party can have their own private key and a public key that they share and use to encrypt data.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 341 in PDF)

Explanation: Encryption is the process of converting a message from its plaintext to ciphertext. This is done using a mathematical function called a cryptographic algorithm and an appropriate key to control the process. The ciphertext is then sent to the intended recipient to be decrypted back into plaintext using the same key and algorithm.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 323 in PDF)

Explanation: A lattice is a finite set with a partial ordering. This means that the security levels are arranged in a particular order, which cannot be changed. A partial ordering is reflexive, anti-symmetric, and transitive. This means that each security level is comparable to itself, two different security levels cannot precede each other, and if a security level yields another security level, and the second security level yields a third security level, then the first security level must yield the third security level.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 257 in PDF)

Explanation: The best method for generating high-quality random numbers is to use hardware-based true random number generators that rely on physical phenomena known to be truly random. Software-based random number generators are hard to get right and can lead to weak keys, as demonstrated in the OpenSSL bug in Debian and Ubuntu Linux distributions.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 350 in PDF)

Explanation: The Integrity Verification Procedures (IVPs) enforce the policy that governs how changes to CDIs must be made. IVPs ensure that only authorized subjects make changes to CDIs and that subjects cannot make unauthorized changes to CDIs. Therefore, option C is correct.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 262 in PDF)

Explanation: Separation of duties requires two or more actions, actors or components to operate independently during a security-sensitive operation, and not operate in a coordinated manner. Breaking up a process into multiple steps performed by different individuals or requiring two individuals to perform a single operation together forces the malicious insider to collude with multiple insiders to compromise the system. The redundancy that comes from separation of duties makes security less likely to be compromised by a single mistake or rogue actor.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 248 in PDF)

Explanation: The Constrained data item (CDI) is the key data type in the Clark-Wilson model and refers to data whose integrity must be preserved. It is a component of the model that is worth being familiar with, alongside other components like Unconstrained data item (UDI), Well-formed transaction, Integrity verification procedures (IVPs), and Transformation procedures (TPs). This is because well-formed transactions, separation of duties, and the concept of constrained data items are crucial elements of the Clark-Wilson model for maintaining data integrity.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 261 in PDF)

Explanation: The advantage of a wet-pipe sprinkler system is that they release water only through those sprinkler heads closest to the fire, thus limiting water damage. They are also relatively low cost and have high reliability.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 385 in PDF)

Explanation: Stage 4, Threat Analysis, is intended to identify and analyze threat information from within the system, such as SIEM feeds, web application firewall (WAF) logs, etc., as well as externally available threat intelligence that is related to the system. Threat-attack scenarios that are relevant to the specific application, environment, and data should be identified and understood. The output of this stage should include a list of the most likely attack vectors for the given application or system.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 246 in PDF)

Explanation: Secure cryptoprocessors have a limited interface (i.e., attack surface), making it easier to verify the integrity and secure operation of the (limited) code running on the cryptoprocessor. This feature enhances their security over standard microprocessors that can access any device and memory location.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 276 in PDF)

Explanation: The purpose of layering in a security architecture is to create the ability to impose specific security policies at each layer and simplify functionality for easier validation. This enables higher-level functions to rely on lower-level services and functions while abstracting details of the underlying implementation from higher levels. It also ensures that higher levels always have the same or less privilege than a lower level, and that it is not possible for a higher level to bypass an intermediate level. This is critical for ensuring the overall security of a system.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 236 in PDF)

Explanation: Pass the ticket is a common exploit in Kerberos where an attacker forges a ticket and passes it along to authenticate to a resource without proper authentication. This exploit takes advantage of weaknesses in Kerberos implementations, and logging and monitoring of Active Directory domains should be enabled to detect such activities.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 368 in PDF)

Explanation: As a security architect, it is important to understand how cryptography can be attacked to identify vulnerabilities and ensure your design avoids or mitigates those risks. Your focus is on the architectural weaknesses that can be exploited by attackers and understanding how cryptography can be compromised. Cryptographers are responsible for developing new cryptographic algorithms and testing existing ciphers. Additionally, agencies such as ENISA and NIST make recommendations on which algorithms to use (and how) to address new attack vectors found by cryptanalysts.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 362 in PDF)

Explanation: The Grant operation of the Take-Grant model allows a subject to give or grant rights to an object.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 264 in PDF)

Explanation: The concept of Trust, but Verify plays a large role in how we assess and monitor our security architecture to ensure ongoing compliance and secure functionality, especially when working with third parties. Auditing is needed periodically to validate these relationships and ensure they continue operating as agreed upon and expected.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 249 in PDF)

Explanation: The most important factor when designing a fire safety system is to protect the lives and health of those who work in the facility. Enabling occupants to safely exit the building and ensuring that fire suppression systems are unlikely to compromise health or safety are more important than protecting systems and buildings.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 384 in PDF)

Explanation: One of the core principles of zero trust architecture is that every access request should be fully authenticated, authorized, and encrypted before granting access. This follows the never trust, always verify mindset of zero trust architecture, which is a drastic departure from the previously mentioned trust, but verify model.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 250 in PDF)

Explanation: The Remove operation in the Take-Grant protection model allows a subject to revoke (or remove) rights it has on an object.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 264 in PDF)

Explanation: Virtualization is the provision of an environment that functions like a single dedicated computer environment but supports multiple such environments on the same physical hardware.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 241 in PDF)

Explanation: An HSM is specifically designed to securely generate and store KEKs and is among the more secure methods of protecting keys. HSMs also provide for secure replication of keys and for enforcing controls so that no one individual can use the KEK to decrypt a data encryption key.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 350 in PDF)

Explanation: Cryptography can provide authentication services and nonrepudiation through the use of digital signatures and certificates. While cryptography can also support confidentiality and integrity (two other principles of the CIA Triad), authenticity and nonrepudiation are directly related to cryptographys use of digital signatures and certificates.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 322 in PDF)

Explanation: The split-brain problem refers to the situation where the communication between connected subsystems is disrupted or delayed, leading to inconsistent data or decisions being made. This can occur in a distributed system where partial communication failures can cause differences in system states among subsystems, leading to challenges in maintaining consistency, and leading to confusion and potentially incorrect or harmful decisions being made.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 302 in PDF)

Explanation: The primary risk to the nonrepudiation property is the disclosure of the originators private key. If the private key can be obtained or guessed, an attacker can sign any message and have it accepted as if the owner of the private key sent the message.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 355 in PDF)

Explanation: The primary reason why security should be incorporated into the design process is to save cost and prevent the need for redesigning components of the system. Incorporating security during the design phase is less expensive than adding it on later, which often requires redesign or reengineering of already developed components.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 234 in PDF)

Explanation: A cryptographic algorithm is a mathematical function that is used in the encryption and decryption process to transform plaintext into ciphertext and ciphertext into plaintext.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 323 in PDF)

Explanation: According to the text, the controls for server rooms and data centers should cover, at a minimum, the following: Personnel (e.g., background checks, training, or access procedures), maintenance, logging, monitoring, and alerting, and control testing and auditing. These controls should be put in place to ensure the data center continues to operate properly and securely.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 372 in PDF)

Explanation: The purpose of creating security zones with different security levels within a facility is to ensure that employees and visitors only have access to the areas they need to do their job and reduce unauthorized access to sensitive or high-risk assets or work. The different types of security controls implemented in the zone depend on the security level of the area being protected, and the appropriate rigor and tolerable rate of false positives.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 376 in PDF)

Explanation: Elliptic Curve Cryptography (ECC) is a public key algorithm that is based on the algebraic structure of elliptic curves and allows smaller keys to be used for equivalent security. It allows for faster computations and is more efficient than other public key algorithms, making it useful for applications with resource constraints.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 343 in PDF)

Explanation: RC2 is a block cipher that uses a 64-bit block size and a variable-length key. However, it is vulnerable to chosen-plaintext attacks and should not be used.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 341 in PDF)

Explanation: Stream ciphers are divided into two types: synchronous and self-synchronizing. Synchronous ciphers require the sender and receiver to remain in perfect synchronization in order to decrypt the stream. Self-synchronizing stream ciphers, as the name implies, have the property that after at most N characters (N being a property of the particular selfsynchronizing stream cipher), the receiver will automatically recover from dropped or added characters in the ciphertext stream.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 330 in PDF)

Explanation: To defend against MITM attacks, it is important to verify the origin of incoming messages. In the case of encrypted HTTPS web traffic, this is done by relying upon public key certificates attested to by a Certificate Authority (CA). This ensures that the message actually originated from the intended sender and not an attacker who may be intercepting and tampering with the communication.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 367 in PDF)

Explanation: One of the main uses of cryptography in information security is to protect the confidentiality of information, both at rest and in transit. This offers the critical feature of “privacy” when applied to personally identifiable information (PII) and protected health information (PHI).

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 322 in PDF)

Explanation: The principle of always verifying requires that every access request is fully authenticated, authorized, and encrypted before granting access in the zero trust architecture. This is considered one of the core principles of zero trust architecture.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 251 in PDF)

Explanation: The use of hashing algorithms and message digest provides assurance of data integrity, as it detects any changes or alterations made to the data. Therefore, option C is the correct answer.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 322 in PDF)

Explanation: A secure communications protocol such as TLS (Transport Layer Security) using client-side certificates can be used to effectively validate the identity of a client and/or user of the client, and protect the server from eavesdropping and tampering by using encryption and authentication. This helps to prevent a MITM attack.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 280 in PDF)

Explanation: In CFB mode, the IV is encrypted and then XORed with the first block of the plaintext to produce the first block of ciphertext. Then that block of ciphertext is encrypted, and the result is XORed with the next block of plaintext, producing the next block of ciphertext. Because with both CBC and CFB the encryption of block Pn+1 depends on the encryption of block Pn, neither mode is amenable to the parallel encryption of data. Both modes can, however, be decrypted in parallel. (See Figure 3.23.)

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 339 in PDF)

Explanation: The Clark-Wilson Model uses Transformation procedures (TPs) to enforce a systems integrity policy and maintain the integrity of Constrained data items (CDIs). These procedures ensure that all updates to CDIs are valid and maintain their integrity.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 262 in PDF)

Explanation: The Diffie-Hellman-Merkle algorithm is not used for encryption or decryption, but instead is used to enable two parties to securely generate a shared secret key to use for their (symmetric-key) encrypted communications, while RSA is an asymmetric-key algorithm used for encrypting and signing data. Therefore, the main difference between the two is that the former generates shared secret keys, while the latter encrypts and signs data.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 343 in PDF)

Explanation: The purpose of a security model is to simplify the analysis of a system by providing clear rules to follow. Security models help reduce ambiguity and potential misunderstanding as to what a security architecture is trying to accomplish by distilling essential requirements into clear rules and analyzing the design to ensure those rules are adhered to at every step in the process.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 256 in PDF)

Explanation: The PbD principle of Respect for User Privacy — Keep it User-Centric focuses on keeping the users interests as the utmost priority. It requires system architects to provide strong privacy defaults, appropriate notice, and a user-friendly experience. Requiring users to take action to give consent is a practical way to keep privacy user-centric.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 253 in PDF)

Explanation: The shared responsibility model is a cloud security framework that describes the obligations of a cloud service provider (CSP) and its customers in keeping cloud systems and data secure.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 254 in PDF)

Explanation: The three most commonly used approaches to threat modeling are STRIDE, DREAD, and PASTA. STRIDE is an acronym for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. DREAD is an acronym for Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability. PASTA stands for Process for Attack Simulation and Threat Analysis.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 244 in PDF)

Explanation: The text states that client-related vulnerabilities in a traditional client-server system can be grouped into two broad categories: those related to the client application itself and those related to the system on which the client runs. This means vulnerabilities related to hardware is actually one of the categories. Therefore, option C is the correct answer.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 278 in PDF)

Explanation: Side-channel attacks involve measuring artifacts of the cryptographic process, such as timing, cache access, power consumption, electromagnetic emanations, and error information, to deduce information to assist with compromising encrypted information. This includes cache-timing attacks, power analysis attacks, electromagnetic radiation attacks, etc.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 365 in PDF)

Explanation: Frequency analysis is the study of the frequency of characters in ciphertext. It works best against rudimentary cryptographic approaches such as substitution ciphers that map each character in a given set to another character. By understanding the typical distribution of characters in a given language, frequency analysis can help a cryptanalyst deduce plaintext equivalents of commonly occurring ciphertext characters. Most modern cryptographic algorithms are not susceptible to frequency analysis.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 365 in PDF)

Explanation: An information flow model is a type of access control model that defines the flow of information within a system, whether it is from one application to another or even one system to another.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 257 in PDF)

Explanation: Ransomware is a type of malware that encrypts a victims files and demands payment in exchange for the decryption key. The best way to recover from a ransomware attack is to regularly back up data and store it securely. With routine backups, victims can revert to a known good state without paying the ransom.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 369 in PDF)

Explanation: Salting is a defense against stored dictionary or rainbow table attacks because it makes it necessary for attackers to precompute 2n rainbow tables to launch an attack. The salt should be long (at least 16 bytes, and preferably 32 or 64 bytes), random, and unique. The output of HASH (salt + password) is saved in the password file. Other options are not relevant to this specific attack scenario.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 362 in PDF)

Explanation: The zero trust model is based on the core principle of always verify, which means that every access request should be fully authenticated, authorized, and encrypted before granting access. The model preaches a never trust, always verify mindset that requires every access request to be verified based on user identity, location, system health, data classification, and other data points.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 250 in PDF)

Explanation: According to the text, the DREAD model involves rating the severity of security threats by assigning numeric values based on five categories: Damage, Reproducibility, Exploitability, Affected users, and Discoverability.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 245 in PDF)

Explanation: Decryption is the process of converting a ciphertext message back into plaintext through the use of the cryptographic algorithm and the appropriate key that was used to do the original encryption.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 323 in PDF)

Explanation: Known-plaintext attack is an attack where the attacker knows some or all of the plaintext of one or more messages (as well as the ciphertext). The attacker can use this knowledge to decipher other messages that use the same plaintext, making it easier to break the encryption.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 364 in PDF)

Explanation: Decryption is the process of converting a ciphertext message back into plaintext through the use of the cryptographic algorithm and the appropriate key that was used to do the original encryption.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 323 in PDF)

Explanation: Memory protection is a security control that enables the operating system to load multiple programs into main memory at the same time and prevent one program from referencing memory not specifically assigned to it. If a program attempts to reference a memory address it is not permitted to access, the system blocks the access, suspends the program, and transfers control to the operating system.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 269 in PDF)

Explanation: Defense in depth, also known as layered security, is the concept of applying multiple, distinct layers of security technologies and strategies to achieve greater overall protection. This approach uses combinations of security controls to reduce the impact from the failure of any single control.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 254 in PDF)

Explanation: Pass the hash is an attack where an attacker obtains a password hash and passes it through for authentication. This type of attack targets the authentication protocol, as opposed to the hash or any other cryptographic elements.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 368 in PDF)

Explanation: The * property, also known as the Star Property, is one of the three rules in the Bell-Lapadula Model. It prevents an authorized subject from writing sensitive information to an object at a lower security level. The Simple Security Property (ss property) prevents a subject from reading an object at a higher security level, while the Discretionary-Security Property allows a subject to perform an operation on an object if permitted by the access matrix. Therefore, option B is the correct answer.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 258 in PDF)

Explanation: The End-to-End Security — Full Lifecycle Protection principle is one of the seven foundational principles of Privacy by Design (PbD), which focuses on extending the use of privacy-enhancing technologies and involves building privacy directly into the design, operation, and management of a system or process. This principle aims to ensure security and privacy of personal data from cradle to grave, with encryption and authentication being standard at every stage. The other principles are Proactive not Reactive; Preventative not Remedial, Privacy as the Default Setting, Privacy Embedded into Design, Full Functionality — Positive-Sum, not Zero-Sum, Visibility and Transparency — Keep it Open, and Respect for User Privacy — Keep it User-Centric.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 253 in PDF)

Explanation: Respect for User Privacy — Keep it User-Centric principle encourages system architects, developers, and operators to prioritize the interests of individual users by providing strong privacy defaults, appropriate notice, and a user-friendly experience. This principle recognizes that privacy is ultimately about the user and seeks to keep privacy user-centric.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 253 in PDF)

Explanation: A Type 1 hypervisor is the sole installation, acting as a bridge between hardware components and VMs. For this reason, Type 1 hypervisors are also called baremetal hypervisors. They allow multiple operating systems to run simultaneously on a single piece of hardware, with each operating system viewing the machines resources as its own dedicated resources.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 318 in PDF)

Explanation: The endorsement key (EK) is a fundamental component of a TPMs security. This key is generated by the TPM manufacturer and burned into the TPM hardware during the manufacturing process. Because of this, the user/system owner depends upon the security of the TPM manufacturer to ensure that the PEK remains confidential. If the TPM manufacturers security is compromised, the confidentiality of the EK and thus the security of the system are at risk, making choice C the correct answer.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 275 in PDF)

Explanation: In a cloud-based system, vulnerability and patch management is a shared responsibility between the customer and the cloud service provider. The cloud service provider is responsible for patching the software below the responsibility dividing line, while the customer is responsible for everything above the line. This means that the cloud service provider and the customer must work together to ensure that the system is secure.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 300 in PDF)

Explanation: According to PbD principles, design systems and processes should be proactive, not reactive. In other words, anticipate and prevent invasive privacy events before they happen, rather than relying on detecting and responding to them once they already occur. As you design and develop your systems, you should determine what privacy risks exist and plan for them, rather than putting out privacy fires later.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 252 in PDF)

Explanation: The Create operation in the Take-Grant model allows a subject to generate (or create) a new object. This operation is used to create new objects and assign them initial privileges or permissions. The Take-Grant model helps to specify the rights of entities to obtain rights from another entity and give them to another entity.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 264 in PDF)

Explanation: According to Table 3.4, the key size for AES-192 block cipher is 192.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 331 in PDF)

Explanation: Scoping guidance within a recommended baseline helps identify the acceptable deviation from control and results in a tailored system deployment that meets the organizations risk tolerance. This means that the purpose of scoping guidance is to identify deviations from the minimum set of security controls.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 265 in PDF)

Explanation: The main recommendations for users of IoT devices to mitigate risks related to devices with poor design or support are to change default credentials as soon as possible, and before connecting the device to the internet, and to keep the device updated with the current firmware release, either by enabling auto-update or by periodically checking with the manufacturers website for firmware updates. This is also mentioned in the text under the three dashes.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 306 in PDF)

Explanation: Organizations handling government or military classified data will have to institute such security controls as required to meet the obligations of their facility security clearance. The organization responsible for certifying compliance will provide detailed documentation on the controls that are necessary for the level of security clearance being sought, including requirements for personnel identification, guards, electronic access control, electronic intrusion detection, video monitoring, and interior access controls.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 376 in PDF)

Explanation: All of the above are reasons why it is important to rotate encryption keys. Rotating keys limits the amount of data that can be accessed by an attacker, limits the time available to them to crack the encryption, and ensures that new encryption keys are always in use to provide optimal security.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 352 in PDF)

Explanation: The key data type in the Clark-Wilson model that refers to data whose integrity must be preserved is Constrained data item (CDI). Clark and Wilsons approach to security is based on two concepts: well-formed transactions and separation of duties. In contrast to the Bell LaPadula and Biba models, the Clark-Wilson concept of a well-formed transaction is that subjects are constrained to make only those changes that maintain the integrity of the data. CDI is the data type that plays a key role in implementing this concept.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 262 in PDF)

Explanation: A Stream cipher is an encryption algorithm that works one character or bit at a time (instead of a block) and is typically used to encrypt serial communication links and cell-phone traffic. It is specifically designed to be computationally efficient so that it can be employed in devices with limited CPU power, or in dedicated hardware or field programmable gate arrays (FPGAs).

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 328 in PDF)

Explanation: RC4 is a stream cipher that is commonly used in internet protocols such as TLS and SSH.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 341 in PDF)

Explanation: To protect the confidentiality of data in transit, symmetric cryptography can be used, possibly aided by asymmetric cryptography. Symmetric cryptography involves the use of a single secret key to encrypt and decrypt messages. Asymmetric cryptography involves the use of public and private keys to encrypt and decrypt messages. When used together, symmetric cryptography can encrypt the message, while asymmetric cryptography can be used to securely transmit the secret key. This allows for the benefits of both types of cryptography while mitigating their individual weaknesses.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 327 in PDF)

Explanation: The Simple Security Property (ss property) in the Bell-LaPadula Model prevents a subject from reading an object at a higher security level. This rule is sometimes referred to as no read up and protects against unauthorized subjects accessing sensitive information that they are not permitted to read.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 258 in PDF)

Explanation: The fundamental principle of security architecture is defense in depth which is giving multiple layers of security controls so that if one control fails, the other control can prevent an attack. While physical security controls are important, we must still employ other controls to prevent failure of confidentiality, integrity, or availability. Therefore, the correct answer is C.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 371 in PDF)

Explanation: The Create rule of the Take-Grant model allows a subject to generate (or create) a new object.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 264 in PDF)

Explanation: A hash function is used to verify the integrity of data by detecting any tampering that might have occurred with the data. If the hash value of the original data doesnt match with the hash value of the data at some later point in time, it indicates that the data has been altered or tampered with. Therefore, option B is the correct answer.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 356 in PDF)

Explanation: Attack surface minimization is the process of reducing a systems attack surface by implementing system hardening techniques such as blocking network ports, removing system daemons, and ensuring only necessary services are available. This helps to minimize the number of potential entry points for attackers and reduce the overall risk exposure of the system.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 242 in PDF)

Explanation: Virtual machine escape is the ability of a program to break out of its VM and directly interact with the underlying host operating system. An attacker can use this to pivot into other VMs or cause service outages for tenants of the host system. This is a potential weakness in virtualized systems.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 321 in PDF)

Explanation: WEP, the original security algorithm for WiFi, is vulnerable to a number of ciphertext-only attacks because its RC4 stream cipher uses predictable initialization vectors, weak integrity checks, and insufficient key management. This makes it possible for attackers to derive the encryption key used by intercepting a sufficient number of packets.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 364 in PDF)

Explanation: Repudiation threat occurs when a user claims that they did not perform an action, and there is no evidence to prove otherwise. To provide nonrepudiation, digital signatures and secure logging and auditing are the primary controls.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 244 in PDF)

Explanation: Dual control means that a specific step in a process requires two or more individuals. In the cryptography world, it might require that two or more individuals present their credentials to be able to use the key encryption key to decrypt a data encryption key. For access to a system that supports multifactor authentication, dual control could involve entrusting the password to one individual, and the MFA device to a different individual.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 351 in PDF)

Explanation: A Class C fire extinguisher is designed to combat fires involving energized electrical equipment. It contains a non-conductive extinguishing agent to prevent electrocution to the user. It is important to use the correct extinguisher for the type of fire to avoid making the fire worse or endangering the person using it.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 387 in PDF)

Explanation: One major security concern with using container technology is the compromise of a container image or the entire container repository. Proper management of container images is critical to maintaining integrity and security. Follow careful configuration management practices when adding applications or other variables to your images, adhere to strict vulnerability scanning and patching requirements, and ensure proper access controls are in place.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 310 in PDF)

Explanation: One of the benefits of blockchain technology in business applications such as supply chain management is nonrepudiation, which refers to the ability to prevent a party from denying that they have performed a particular action. Blockchain enables this because it is a form of a decentralized and distributed ledger in which records are recorded and linked together, using cryptographic hashes. Therefore, to change any record in the blockchain, one must change every subsequent block, which makes it infeasible for a party to deny its actions. This feature makes blockchain ideal for supply chain management because it enhances products traceability.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 356 in PDF)

Explanation: The two major categories of container security risks are (1) compromise of a container image or the entire container repository and (2) misuse of a container to attack other containers or the host OS. Careful management of container images is necessary when it comes to container security, especially the base container image. Adhering to strict vulnerability scanning and patching requirements, as well as proper access controls, can also help mitigate these risks.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 310 in PDF)

Explanation: Class F or K fire extinguishers are designed to combat fires caused by cooking oils and greases.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 388 in PDF)

Explanation: Secure key generation is an essential measure for proper cryptographic key management, ensuring that the keys are generated randomly and with sufficient complexity to resist attacks. Allocating the same key to multiple systems, storing the private key along with the encrypted data, and allowing a single entity to perform all key management tasks are all poor key management practices that can compromise the security and confidentiality of the data protected by the key.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 349 in PDF)

Explanation: ElGamal is an asymmetric-key algorithm used for transmitting digital signatures and key exchanges. The ElGamal algorithm is derived from the Diffie–Hellman–Merkle algorithm and is based on discrete logarithmic problem solving.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 343 in PDF)

Explanation: The purpose of centralized parameter validation is to ensure that parameters are valid and proper when dealing with user input. This is important because invalid or malformed data can be inputted either unwittingly or intentionally by malicious attackers, which can cause system vulnerabilities. Using a single library to validate parameters enables the necessary capability to properly review and test that library.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 242 in PDF)

Explanation: 3DES algorithm extends the life of DES algorithm by increasing the 56-bit key length to a theoretical length of 168 bits, but with practical limitations and vulnerabilities, the effective key length is reduced to about 112 bits.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 340 in PDF)

Explanation: Isolation is a core principle of microservices, and each microservice must be able to be deployed, modified, maintained, and destroyed without impacting the other microservices around it. The principle of defense in depth, while important in any architecture, is particularly critical when dealing with microservices. Defense in depth is a security strategy that calls for multiple layers of security controls to be implemented throughout an application or system. It is essential in a microservice architecture to independently monitor and protect each microservice and the communications between each microservice in the overall environment.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 308 in PDF)

Explanation: In cryptography, cleartext refers to the message in readable, usable form that is not intended to be obscured by cryptographic means. It is the message in its natural format that has not been turned into a secret through encryption. This is different from plaintext, which is the message in its natural format before it has been encrypted.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 323 in PDF)

Explanation: Since edge devices are located at the edge and not centrally managed, they may not receive the same level of security rigor as their centrally managed peers. Therefore, it is crucial to apply the same security diligence to edge devices as you would to your centrally managed devices.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 317 in PDF)

Explanation: The principle of domain separation involves placing components with similar security attributes in a domain and assigning necessary controls to that domain. Separating domains from each other through well-defined and mediated communication channels is also necessary. Network segmentation might be used to implement domain separation in networks. This principle ensures that a common set of security attributes is assigned to components, data or resources within a domain to enhance security.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 235 in PDF)

Explanation: Guard records or video surveillance can be used as an administrative control to enforce dual control for access to a secure work area. This ensures that more than one authenticated staff member are present to gain access to the area, reducing the risk of unauthorized access or theft.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 376 in PDF)

Explanation: Security information and event management (SIEM) is a real-world example where centralized security services are used. SIEM collects log data from multiple sources and analyzes it for security events and alerts. It is a centralized service that helps to ensure that the security controls have been properly reviewed and tested. SIEM is an important tool for security incident detection and response.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 243 in PDF)

Explanation: The text states that not all standardized algorithms are equally secure, and a security architect should do their research and read literature on standardized algorithms. This includes examining algorithms that have been thoroughly examined by many experts and have stood the test of time, such as those examined during the open public multiyear competitions to select cryptographic algorithms run by organizations such as NIST.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 286 in PDF)

Explanation: The purpose of a noninterference model is to ensure that objects and subjects on a system dont interfere with other objects and subjects on the same system. Any activities that take place at a higher security level must not impact (or interfere) with activities occurring at a lower level. In other words, the actions of subject A (higher classification) should not affect subject B (lower classification), nor should those actions even be noticed by subject B, in a way that might inform subject B of subject As actions. This prevents information leakage and other security risks from occurring.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 258 in PDF)

Explanation: The principle of Privacy Embedded into Design states that privacy measures should be fully integrated components of the system and associated processes, rather than added on after the fact. Examples of this principle include building encryption and authentication mechanisms into your system, rather than finding ways to add these functionalities in afterwards.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 253 in PDF)

Explanation: Class A fire extinguishers are designed to combat ordinary solid combustibles such as paper, wood, and plastic.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 387 in PDF)

Explanation: Work area security must be designed in response to a risk assessment (including threat modeling) and in accordance with security principles and the appropriate controls to mitigate risk. This includes considerations such as least privilege, need-to-know, separation of duties, dual control, defense in depth, and compliance obligations. Only option C aligns with the text provided and is therefore the correct answer.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 375 in PDF)

Explanation: A hardware-based cryptographic accelerator is a feature of cryptoprocessors that enhances their security over standard microprocessors by offloading the main processor from the computational burden of cryptographic operations. This allows for faster and more secure cryptographic operations. The other options are incorrect. Full interface for unlimited access would make the system more vulnerable, lack of tamper detection would reduce security, and no protection against eavesdropping would introduce vulnerabilities.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 272 in PDF)

Explanation: RC2 is a block cipher that uses a 64-bit block size and a variable-length key. RC2 is vulnerable to chosen-plaintext attacks and should not be used as it might compromise the security of the cipher.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 341 in PDF)

Explanation: The * integrity property in the Biba integrity model prevents the corruption of more secure information by a less privileged subject. It ensures that subjects are not granted write access to objects with a higher integrity level. This rule helps prevent unauthorized modifications that may put the integrity of the information at risk.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 260 in PDF)

Explanation: Counter (CTR) mode uses an IV combined with a counter value, allowing for parallelization of the encryption process and decryption of a single block of ciphertext. It doesnt use previous blocks of the CBC or CFB in producing the ciphertext, making it more secure compared to the other modes.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 340 in PDF)

Explanation: Side-channel attacks involve measuring artifacts of the cryptographic process to deduce information to assist with compromising encrypted information, including timing, cache access, power consumption, electromagnetic emanations, and error information. Frequency analysis is the study of the frequency of characters in ciphertext and is used to deduce plaintext equivalents of commonly occurring ciphertext characters. Chosen-plaintext attack allows the attacker to submit any plaintext the attacker chooses and obtain the corresponding ciphertext. Chosen ciphertext allows the attacker to submit any ciphertext and obtain the corresponding plaintext.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 365 in PDF)

Explanation: The certificate authority is an intermediary that verifies Alices identity and signs her public key, attesting that it belongs to her. This allows Bob to trust that the public key he is using to communicate with Alice is genuine.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 345 in PDF)

Explanation: The text states that the best defense to side-channel attacks is using standard cryptographic libraries that have been tested over time for side-channel information leakage. The text also provides a list of steps that one can take to minimize the possibility of leaking information via side channels, but using standard cryptographic libraries is the most effective measure.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 289 in PDF)

Explanation: According to the text, the categories of attack surfaces in an embedded system are user interface, physical attacks, sensor attacks, and output attacks. Code inspection, threat modeling, and white- or black-box penetration testing can help assess the vulnerabilities in the attack surfaces.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 313 in PDF)

Explanation: One common application of cryptography is the use of hashing algorithms and message digest to provide assurance of data integrity or accuracy. These cryptographic applications help ensure that data being accessed is intact and as expected.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 322 in PDF)

Explanation: RC5 is similar to the RC2 block cipher, but with a variable block size (32, 64, or 128 bits) and variable key size (0 to 2040 bits). RC5 is considered secure with sufficient rounds of encryption.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 341 in PDF)

Explanation: When selecting an appropriate algorithm for the cryptographic lifecycle, factors to consider include the type of cryptography appropriate for the purpose, the specific algorithm, the key length, and the operating mode. The color of the device it will be used on is not a relevant factor to consider.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 324 in PDF)

Explanation: Fire extinguishers in the server room are primarily there to enable staff in the server room to reach an exit should fire block their path, while they may serve to put out very small fires caught in their early stages. This information is stated in the first sentence of the paragraph.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 387 in PDF)

Explanation: Symmetric keys should be rotated periodically to limit the amount of data encrypted using a single key, and to ensure that the lifetime of data encrypted using a given key is limited. This helps to reduce the risk of a compromise affecting a large amount of data.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 291 in PDF)

Explanation: A timing attack is a side-channel attack that involves the attacker attempting to compromise a cryptosystem by monitoring the time taken to execute algorithmic functions. In this type of attack, the attacker can observe the time it takes for a cryptographic algorithm to execute and extract information that allows them to reduce the search space for the key. By performing this attack repeatedly, the attacker can ultimately recover the key.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 367 in PDF)

Explanation: The purpose of ensuring consistency in replicated data stores is to ensure that the system can continue to operate in spite of errors or excessive load. Redundancy is an architectural principle for addressing possible availability and integrity compromises or issues. State changes to one data store must be reliably replicated across all redundant data stores, or the purpose of redundancy is defeated and potential security vulnerabilities may be created.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 240 in PDF)

Explanation: Privacy by Design (PbD) aims to build privacy directly into the design, operation, and management of a system or process rather than considering privacy after the fact, minimizing personal data use and maximizing data security. The goal of PbD is to ensure privacy of personal data while also giving users more control over their personal information.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 252 in PDF)

Explanation: A Class B fire extinguisher is designed to combat fires caused by flammable liquids and gases such as gasoline, oil and paint. Using a Class A extinguisher (designed for ordinary solid combustibles) on a gasoline fire can spread the fuel, worsening the fire. Using a Class C extinguisher on a gasoline fire (which involves energized electrical equipment) can also be dangerous, as the extinguishing agent may conduct electricity. Using a Class D extinguisher (for combustible metals) on a gasoline fire would be irrelevant as gasoline is not a metal.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 387 in PDF)

Explanation: Fail-secure (or fail-safe or fail-closed) design blocks access by default, prioritizing security over availability. This is the principle behind deny all default firewall rules which deny all traffic by default and only allow traffic that is explicitly permitted.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 248 in PDF)

Explanation: Memory protection is a foundational security control that allows multiple programs to run simultaneously by preventing one program from referencing memory not specifically assigned to it. This feature enables the operating system to load multiple programs into main memory at the same time. If a program attempts to reference a memory address it is not permitted to access, the system blocks the access and suspends the program.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 271 in PDF)

Explanation: The Simple Security Property rule, also known as no read up, prevents a subject from reading an object at a higher security level. It protects against unauthorized subjects accessing sensitive information that they are not permitted to read.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 258 in PDF)

Explanation: Patching firmware to address vulnerabilities discovered after the initial release of the software is an important aspect of security. However, patching can be difficult for ICSs as the production cycle may not allow for a device to be removed from operation to update its firmware. The risk of breaking something while updating firmware can also be too great, especially for systems that rely on nearly 100 percent uptime. The location of the device in the field may also make it difficult to physically reach the device to install a firmware update. As a result, ICS designs must accommodate the need to update components.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 293 in PDF)

Explanation: The principle of least privilege asserts that access to information should only be granted on an as-needed basis, meaning that a subject should only be granted the privileges needed to complete an assigned or authorized task. By doing this, one limits the damage that can be done in case of a mistake or a compromise. Properly configured, authorized users may temporarily elevate their permissions to perform a task that requires additional permissions only for the period of time necessary to perform that task. This principle is also known as need-to-know.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 241 in PDF)

Explanation: The term for having completely redundant UPS systems from separate utility feeds all the way to the rack is referred to as 2N and is characterized by a tier level of 4, which provides no single point of failure and is able to automatically compensate for any single failure.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 377 in PDF)

Explanation: The Mirai distributed denial of service (DDoS) attack involved a worm that searched for vulnerable IoT devices (typically consumer routers and IP-enabled closed circuit television (CCTV) cameras), infected them with a copy of the malware, and then waited for instructions from a command and control (C&C) server as to which target to attack with a DDoS attack. In late 2016, this botnet took the Krebs on Security blog offline and later attacked the Dyn DNS service, which in turn seriously impacted many of their customers including GitHub, Twitter, Reddit, Netflix, and Airbnb.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 303 in PDF)

Explanation: When a key has been retired and it has been determined that there is no data that has been encrypted using that key that will need to be decrypted, then the key must be securely destroyed. This involves locating every copy of the key and deleting it in a manner appropriate for the media on which it was stored to ensure that it cannot be recovered. Depending on the media and the risk of it becoming accessible to unauthorized individuals, this may require overwriting the storage, degaussing of the media, or physical destruction of the media or device containing the media. Records ought to be kept that document the locations of the destroyed keys and the means used to ensure secure destruction.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 353 in PDF)

Explanation: Media storage facilities must implement additional environmental controls to ensure that the stored media do not degrade over time. This includes controlling temperature and humidity, air filtration, and minimizing infiltration by airborne dust and particulate matter or contaminants. These controls are necessary to protect the integrity of the stored media.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 373 in PDF)

Explanation: The North American Electric Reliability Corporation (NERC) provides a series of guides called Critical Infrastructure Protection (CIP) standards for entities involved in power generation/distribution. These standards are mandatory in the United States and Canada for industrial control systems related to power generation/distribution.

Ref: The Official ISC2 CISSP CBK Reference 6th Edition

(Page 292 in PDF)