CISSP CBK: Tough Nuts :)

TheProfezzor

Hello,

Since I have seen many people here, who have successfully completed their CISSP. I would like to start a thread, for questions I and others think are tough nuts to crack. The thread would consist of contradicting concepts and arguing answers. I've found a couple of them while I am working through my CISSP. Lets see if we can crack them. Others can join me and post questions, you they might think would value our study.

Regards

TheProfezzor

1 - What fence would a data company deploy, in order to deter determined intruders?

a- 4 Feet High
b- 8 Feet High
c- 6 Feet High, with barbed wires
d- They cannot deter a determined intruder

Dilemma:
I've read that fences 8 feet high can deter determined intruders. But, one of the McGrawHill quiz tells me that a determined intruder cannot be deterred. Both the answers seem logical.

CyberfiSecurity

According to CISSP source materials state that 4 feet high to deter, and 8 feet with barbed wires to prevent. Frankly, I see physical security can deter an intruder, but cannot prevent an intruder. This it comes down to risk cannot be 100% mitigation unless there is no threat agent (intruder). If an intruder plans to attack your house, regardless of fence, lock, doors, camera, windows and etc...he or she will attack.

Here is an example of deterrence: If there are two data centers in the area, one has 4 feet high fence and the other does not have a fence. The intruder is more like to attack the one without fence.

MSP-IT

The keyword here is "determined". If you have an intent to break into a data center, a fence would be the least of your worries.

From McGraw-Hill:

Which of the following gives an accurate picture of biometrics?

a. Relvatively inexpensive, well received by society, and highly accurate
b. Very expensive, moderately received by society, and moderately accurate
c. Very expensive, very well received by society, and highly accurate
d. Very expensive, not well received by society, and highly accurate

I could see how this could be the case in retinal scanning, but as for other biometric authentication modes, I don't agree with this answer. I would say that B would be the better answer.

TheProfezzor

MSP-IT wrote: »

The keyword here is "determined". If you have an intent to break into a data center, a fence would be the least of your worries.From McGraw-Hill:Which of the following gives an accurate picture of biometrics?a. Relvatively inexpensive, well received by society, and highly accurateb. Very expensive, moderately received by society, and moderately accuratec. Very expensive, very well received by society, and highly accurated. Very expensive, not well received by society, and highly accurateI could see how this could be the case in retinal scanning, but as for other biometric authentication modes, I don't agree with this answer. I would say that B would be the better answer.

I doubt it. Biometrics are highly accurate and what they teach and tell you in the CBK's is just the options you have for the BioMetrics. I've read in the Sybex book that InfoSec people are considering incorporating individual "Heart Beat Signature" into the BioMetric's somehow but it also told me that the technology hasn't yet been developed but, this could be an option. But, obviously, one would opt for the most accurate Biometric system, i.e. Iris or Retina (If User's Accept).Both are known to be highly accurate, very expensive and society has problems accepting it. In my opinion, the answer is 'D'.

Note: What you think is correct, does not count. Correct is what ISC2 says is correct

5ekurity

The whole biometrics question is subjective, especially as new phones have the 'finger print unlock' and people think it's the greatest thing - hello people, that's biometrics!! How can you be against biometrics but be in favor of your finger print unlock feature? lol...

teancum144

TheProfezzor wrote: »

I doubt it. Biometrics are highly accurate and what they teach and tell you in the CBK's is just the options you have for the BioMetrics. I've read in the Sybex book that InfoSec people are considering incorporating individual "Heart Beat Signature" into the BioMetric's somehow but it also told me that the technology hasn't yet been developed but, this could be an option. But, obviously, one would opt for the most accurate Biometric system, i.e. Iris or Retina (If User's Accept).Both are known to be highly accurate, very expensive and society has problems accepting it. In my opinion, the answer is 'D'.

My personal experience with a fingerprint scanner on the IBM ThinkPad is that they are only moderately accurate (lots of false negatives). As a result, I don't uses it, but I know other people that do. Seems that answer 'b' fits my scenario.

CyberfiSecurity

teancum144 wrote: »

My personal experience with a fingerprint scanner on the IBM ThinkPad is that they are only moderately accurate (lots of false negatives). As a result, I don't uses it, but I know other people that do. Seems that answer 'b' fits my scenario.

The problem is not what you think the answer right. The problem that ISC2 imposes which is the right answer. In my experience, I think ISC2 is looking for "d. Very expensive, not well received by society, and highly accurate"

CyberfiSecurity

In the aftermath of computer crime, it is discovered that the act was carried out by an
employee with privileged access. Of the following, which would be considered the
best method for preventing privileged user misuse?


A. Regular reviews and recertification by management
B. Upgrade IDS software
C. Audit trails should be better utilized
D. Security policy should be updated

TheProfezzor

CyberfiSecurity wrote: »

In the aftermath of computer crime, it is discovered that the act was carried out by an
employee with privileged access. Of the following, which would be considered the
best method for preventing privileged user misuse?


A. Regular reviews and recertification by management
B. Upgrade IDS software
C. Audit trails should be better utilized
D. Security policy should be updated

The answer would be 'A'. Conduct regular account reviews for any access aggregations and authorization creeps and re certify the ACL.

teancum144

TheProfezzor wrote: »

The answer would be 'A'. Conduct regular account reviews for any access aggregations and authorization creeps and re certify the ACL.

What is tricky about this question is the word "preventing". How would reviews and recertification "prevent" privileged user misuse?

TheProfezzor

teancum144 wrote: »

What is tricky about this question is the word "preventing". How would reviews and recertification "prevent" privileged user misuse?

If a subject has unnecessary access to an object, reviews would obviously detect them. If an authorized subject has carried out an unauthorized activity, it must have been due to access aggregation. Reviews would prevent such unauthorized acts from happening.

The only other option that would qualify would be 'D', but updating the policy wont do any good since, this issue isn't regarding policy. It's regarding excessive privileges.

MSP-IT

This one is tricky, as (in my mind) there can be active or passive prevention. The question doesn't state whether the privileged user access is authorized or unauthorized, so my guess would be the only answer that can actively prevent fraud, an IDS. Now, what type of IDS is another question, as a signature-based IDS would be of no help in this situation, yet a properly configured anomaly-based IDS installed on a sensitive system could detect irregular system activity. I would doubt audit trails would be the correct answer, as they (I would assume) would only be used as a record, and would be rarely reviewed for cases of active fraud. Security Policy is too broad of an answer, so I would assume that's a distractor. Review and recertification wouldn't be of any help in detecting fraud, and if the user exists within a large organization, at one point in time this access, if authorized, was certified.

My final answer would be B: Upgrade IDS Software.

CyberfiSecurity

"privileged access" means authorized access...

A. Regular reviews and recertification by management // According to the practice test this is the answer, but reviewing is more for the detection over prevention

B. Upgrade IDS software // Upgrading IDS does not prevent the insiders

C. Audit trails should be better utilized //Detection for sure

D. Security policy should be updated //Security policy can deter one's action, but cannot prevent neither.

Here is the actual explanation from the practice test.

"The best way to prevent privileged user abuse is to conduct regular managementreviews and routine recertification. This will help identify abuse and also provide a
deterrent to the users."

TheProfezzor

RAID-5 This is also called striping with parity. It uses three or more disks with the equivalent of one disk holding parity information. If any single disk fails, the RAID array will continue to operate, though it will be slower.


My question is, is the above statement correct?

bigdummy

TheProfezzor wrote: »

RAID-5 This is also called striping with parity. It uses three or more disks with the equivalent of one disk holding parity information. If any single disk fails, the RAID array will continue to operate, though it will be slower.


My question is, is the above statement correct?

Yes, this is correct.

It's important to clarify that the parity info is the "equivalent of one disk", but that parity info is distributed equally across all disks in the RAID-5 array. This is in contrast to RAID 3 & 4, where the parity info is all stored on a single specific disk.

TheProfezzor

Which of the following should be used, to detect early fire?

A: Rate of Rise of Temperature Fire Detection.
B: Fire Detection Alarm, after a specific temperature has been reached.
C: Smoke detectors
Non of them

bigdummy

TheProfezzor wrote: »

Which of the following should be used, to detect early fire?

A: Rate of Rise of Temperature Fire Detection.
B: Fire Detection Alarm, after a specific temperature has been reached.
C: Smoke detectors
Non of them

The four stages of fire are:
1 - Incipient
2 - Smoke
3 - Flame
4 - Heat

So I'd go with C: Smoke Detectors

The smoke will be present before any significant change in temperature

wes allen

TheProfezzor wrote: »

RAID-5 This is also called striping with parity. It uses three or more disks with the equivalent of one disk holding parity information. If any single disk fails, the RAID array will continue to operate, though it will be slower.


My question is, is the above statement correct?

Yes, just keep in mind RAID is an availability technology, not a backup technology.

teancum144

TheProfezzor wrote: »

1 - What fence would a data company deploy, in order to deter determined intruders?

a- 4 Feet High
b- 8 Feet High
c- 6 Feet High, with barbed wires
d- They cannot deter a determined intruder

Dilemma:
I've read that fences 8 feet high can deter determined intruders. But, one of the McGrawHill quiz tells me that a determined intruder cannot be deterred. Both the answers seem logical.

Interestingly, on p. 52 of the official guide, a fence is listed as an example of a preventative control (and not a deterrent control). A "beware of dog" sign is listed as a deterrent control. I realize any control that the attacker is aware of can be considered a deterrent. Consider the following quote from the official guide:

• Access controls act as a deterrent to threats and attacks by the simple fact that the existence of the control is enough to keep some potential attackers from attempting to circumvent the control. This is often because the effort required to circumvent the control is far greater than the potential reward if the attacker is successful, or, conversely, the negative implications of a failed attack (or getting caught) outweigh the benefits of success.

I too believe the key word in this problem is "determined", so the answer "d" makes sense.

EasyPeezy

That odd moment when… You thought you were fully prepared for the CISSP exams until you saw a question that says:
At which ITSEC level are high-integrity requirements for networks introduced?
A. E6
B. AV
C. DI
D. DX

…and you say to yourself. I know about the Es and Fs… surely this isn’t one of the 25 beta questions.
AV, DI, DX.... what are they???

mjsinhsv

Functionality class F-DI sets high requirements with regard to the safeguarding of data integrity during data communication.

Information Technology Security Evaluation Criteria ( ITSEC )

TheProfezzor

EasyPeezy wrote: »

That odd moment when… You thought you were fully prepared for the CISSP exams until you saw a question that says:
At which ITSEC level are high-integrity requirements for networks introduced?
A. E6
B. AV
C. DI
D. DX

…and you say to yourself. I know about the Es and Fs… surely this isn’t one of the 25 beta questions.
AV, DI, DX.... what are they???

You Sir, have successfully managed to scare the **** out of me. Knowing I am to write the exam in a week and I have no idea, what this question is about. Holy Mother of All Security Professionals :P

EasyPeezy

TheProfezzor wrote: »

You Sir, have successfully managed to scare the **** out of me. Knowing I am to write the exam in a week and I have no idea, what this question is about. Holy Mother of All Security Professionals :P

...and he obvious (E6) was the wrong answer... apparently

A. E6 level introduces verified design.. so its wrong
B. AV level introduces high availability requirements... so its wrong too
D. DX level introduces high integrity and confidentiality requirements for networks... wrong!

The correct answer is C - DI level introduces high-integrity requirements for networks.

CyberfiSecurity

Since Dr. EasyPeezy is British, I assume his study focus on ITSEC. Honestly, I have never seen AV, DX, and DI in my CISSP studies. I assume the American CISSP focus on the Orange book and Common Criteria. Canadian has its own version, but I don't know what are in those. To me...

E6 = Evaluation level 6 in the ITSEC
AV = Anti-Virus or Absolute Value
DX = Some sort of record
DI = as a former U.S Marine I treat it as DRILL INSTRUCTOR

lol

EasyPeezy

CyberfiSecurity wrote: »

Since Dr. EasyPeezy is British, I assume his study focus on ITSEC. Honestly, I have never seen AV, DX, and DI in my CISSP studies. I assume the American CISSP focus on the Orange book and Common Criteria. Canadian has its own version, but I don't know what are in those. To me...

E6 = Evaluation level 6 in the ITSEC
AV = Anti-Virus or Absolute Value
DX = Some sort of record
DI = as a former U.S Marine I treat it as DRILL INSTRUCTOR

lol

LMAO... Its nothing to do with being British.... the question was straight out of Eric Conrad's 250 Practice exam B.

Some of these questions make you feel like you need an extra 6 months of study. I can't wait to get this over and done with.

Erinkima

Which access control model allows the system administrator to define specific rights and privileges to that group?
a) Discretionary Access Control
b) Mandatory Access Control
c) Role based Access Control
d) Rule based access control

The answers given is D but I thought it should be C.

Any can explain?

5ekurity

Erinkima wrote: »

Which access control model allows the system administrator to define specific rights and privileges to that group?
a) Discretionary Access Control
b) Mandatory Access Control
c) Role based Access Control
d) Rule based access control

The answers given is D but I thought it should be C.

Any can explain?

Role based is assigned to a user for their role within the organization, and what they are permitted to do. Rule based is associated with what a group of users and what their permissions are. So think of Role = One, Rule = Many.