If the intrusion causes the system processes to hang, the system availability has been affected. The system availability is the property or the characteristic of the system that ensures that the system is accessible and functional when needed by the authorized users or entities, and that the system is protected from the unauthorized or the malicious denial or disruption of service. The system availability can be affected when the system processes hang, as it can prevent or delay the system from responding to the requests or performing the tasks, and it can cause the system to crash or freeze. The system availability can also be affected by other factors, such as the network congestion, the hardware failure, the power outage, or the malicious attacks, such as the distributed denial-of-service (DDoS) attack. System integrity, system confidentiality, and system auditability are not the properties or the characteristics of the system that have been affected, if the intrusion causes the system processes to hang, as they are related to the accuracy, the secrecy, or the accountability of the system, not the accessibility or the functionality of the system.  References :  CISSP All-in-One Exam Guide, Eighth Edition , Chapter 3, Security Architecture and Engineering, page 263.  Official (ISC)2 CISSP CBK Reference, Fifth Edition , Chapter 3, Security Architecture and Engineering, page 279.

Monitoring of a control should occur at a rate concurrent with the volatility of the security control when implementing Information Security Continuous Monitoring (ISCM) solutions. ISCM is a process that involves maintaining the ongoing awareness of the security status, events, and activities of a system or network, by collecting, analyzing, and reporting the security data and information, using various methods and tools. ISCM can provide several benefits, such as:

Improving the security and risk management of the system or network by identifying and addressing the security weaknesses and gaps

Enhancing the security and decision making of the system or network by providing the evidence and information for the security analysis, evaluation, and reporting

Increasing the security and improvement of the system or network by providing the feedback and input for the security response, remediation, and optimization

Facilitating the compliance and alignment of the system or network with the internal or external requirements and standards

A security control is a measure or mechanism that is implemented to protect the system or network from the security threats or risks, by preventing, detecting, or correcting the security incidents or impacts. A security control can have various types, such as administrative, technical, or physical, and various attributes, such as preventive, detective, or corrective. A security control can also have different levels of volatility, which is the degree or frequency of change or variation of the security control, due to various factors, such as the security requirements, the threat landscape, or the system or network environment.

Monitoring of a control should occur at a rate concurrent with the volatility of the security control when implementing ISCM solutions, because it can ensure that the ISCM solutions can capture and reflect the current and accurate state and performance of the security control, and can identify and report any issues or risks that might affect the security control. Monitoring of a control at a rate concurrent with the volatility of the security control can also help to optimize the ISCM resources and efforts, by allocating them according to the priority and urgency of the security control.

The other options are not the correct frequencies for monitoring of a control when implementing ISCM solutions, but rather incorrect or unrealistic frequencies that might cause problems or inefficiencies for the ISCM solutions. Continuously without exception for all security controls is an incorrect frequency for monitoring of a control when implementing ISCM solutions, because it is not feasible or necessary to monitor all security controls at the same and constant rate, regardless of their volatility or importance. Continuously monitoring all security controls without exception might cause the ISCM solutions to consume excessive or wasteful resources and efforts, and might overwhelm or overload the ISCM solutions with too much or irrelevant data and information. Before and after each change of the control is an incorrect frequency for monitoring of a control when implementing ISCM solutions, because it is not sufficient or timely to monitor the security control only when there is a change of the security control, and not during the normal operation of the security control. Monitoring the security control only before and after each change might cause the ISCM solutions to miss or ignore the security status, events, and activities that occur between the changes of the security control, and might delay or hinder the ISCM solutions from detecting and responding to the security issues or incidents that affect the security control. Only during system implementation and decommissioning is an incorrect frequency for monitoring of a control when implementing ISCM solutions, because it is not appropriate or effective to monitor the security control only during the initial or final stages of the system or network lifecycle, and not during the operational or maintenance stages of the system or network lifecycle. Monitoring the security control only during system implementation and decommissioning might cause the ISCM solutions to neglect or overlook the security status, events, and activities that occur during the regular or ongoing operation of the system or network, and might prevent or limit the ISCM solutions from improving and optimizing the security control.

 Consolidation of multiple providers is the primary advantage of using a third-party identity service. A third-party identity service is a service that provides identity and access management (IAM) functions, such as authentication, authorization, and federation, for multiple applications or systems, using a single identity provider (IdP). A third-party identity service can offer various benefits, such as:

Improving the user experience and convenience by allowing the users to access multiple applications or systems with a single sign-on (SSO) or a federated identity

Enhancing the security and compliance by applying the consistent and standardized IAM policies and controls across multiple applications or systems

Increasing the scalability and flexibility by enabling the integration and interoperability of multiple applications or systems with different platforms and technologies

Reducing the cost and complexity by outsourcing the IAM functions to a third-party provider, and avoiding the duplication and maintenance of multiple IAM systems

Consolidation of multiple providers is the primary advantage of using a third-party identity service, because it can simplify and streamline the IAM architecture and processes, by reducing the number of IdPs and IAM systems that are involved in managing the identities and access for multiple applications or systems. Consolidation of multiple providers can also help to avoid the issues or risks that might arise from having multiple IdPs and IAM systems, such as the inconsistency, redundancy, or conflict of the IAM policies and controls, or the inefficiency, vulnerability, or disruption of the IAM functions.

The other options are not the primary advantages of using a third-party identity service, but rather secondary or specific advantages for different aspects or scenarios of using a third-party identity service. Directory synchronization is an advantage of using a third-party identity service, but it is more relevant for the scenario where the organization has an existing directory service, such as LDAP or Active Directory, that stores and manages the user accounts and attributes, and wants to synchronize them with the third-party identity service, to enable the SSO or federation for the users. Web based logon is an advantage of using a third-party identity service, but it is more relevant for the aspect where the third-party identity service uses a web-based protocol, such as SAML or OAuth, to facilitate the SSO or federation for the users, by redirecting them to a web-based logon page, where they can enter their credentials or consent. Automated account management is an advantage of using a third-party identity service, but it is more relevant for the aspect where the third-party identity ser vice provides the IAM functions, such as provisioning, deprovisioning, or updating, for the user accounts and access rights, using an automated or self-service mechanism, such as SCIM or JIT.

 Isolating the system from the network is the most important step during forensic analysis when trying to learn the purpose of an unknown application. An unknown application is an application that is not recognized or authorized by the system or network administrator, and that may have been installed or executed without the user’s knowledge or consent. An unknown application may have various purposes, such as:

Providing a legitimate or useful function or service for the user, such as a utility or a tool

Providing an illegitimate or malicious function or service for the attacker, such as a malware or a backdoor

Providing a neutral or benign function or service for the developer, such as a trial or a demo

Forensic analysis is a process that involves examining and investigating the system or network for any evidence or traces of the unknown application, such as its origin, nature, behavior, and impact. Forensic analysis can provide several benefits, such as:

Identifying and classifying the unknown application as legitimate, malicious, or neutral

Determining and assessing the purpose and function of the unknown application

Detecting and resolving any issues or risks caused by the unknown application

Preventing and mitigating any future incidents or attacks involving the unknown application

Isolating the system from the network is the most important step during forensic analysis when trying to learn the purpose of an unknown application, because it can ensure that the system is isolated and protected from any external or internal influences or interferences, and that the forensic analysis is conducted in a safe and controlled environment. Isolating the system from the network can also help to:

Prevent the unknown application from communicating or connecting with any other system or network, and potentially spreading or escalating the attack

Prevent the unknown application from receiving or sending any commands or data, and potentially altering or deleting the evidence

Prevent the unknown application from detecting or evading the forensic analysis, and potentially hiding or destroying itself

The other options are not the most important steps during forensic analysis when trying to learn the purpose of an unknown application, but rather steps that should be done after or along with isolating the system from the network. Disabling all unnecessary services is a step that should be done after isolating the system from the network, because it can ensure that the system is optimized and simplified for the forensic analysis, and that the system resources and functions are not consumed or affected by any irrelevant or redundant services. Ensuring chain of custody is a step that should be done along with isolating the system from the network, because it can ensure that the integrity and authenticity of the evidence are maintained and documented throughout the forensic process, and that the evidence can be traced and verified. Preparing another backup of the system is a step that should be done after isolating the system from the network, because it can ensure that the system data and configuration are preserved and replicated for the forensic analysis, and that the system can be restored and recovered in case of any damage or loss.

The requirement that must be met during internal security audits to ensure that all information provided is expressed as an objective assessment without risk of retaliation is that the auditor must be independent and report directly to the management. An internal security audit is a process that involves the examination or evaluation of the security policies, procedures, or practices of an organization, by an internal auditor or a team of internal auditors, to identify or detect any security gaps, weaknesses, or issues, as well as to provide or recommend any security improvements, enhancements, or solutions. An internal security audit can help to ensure the security, compliance, or performance of the organization, as well as to protect the organization from various security threats or risks, such as unauthorized access, data leakage, or malware infection. However, an internal security audit can also face various challenges, difficulties, or biases, such as conflicts of interest, lack of cooperation, or resistance to change, that may affect the quality, accuracy, or reliability of the audit results or findings, as well as the implementation, acceptance, or effectiveness of the audit recommendations or suggestions. Therefore, an internal security audit should be conducted with integrity, objectivity, or professionalism, by following various security standards, guidelines, or best practices. The requirement that must be met during internal security audits to ensure that all information provided is expressed as an objective assessment without risk of retaliation is that the auditor must be independent and report directly to the management. The auditor must be independent, which means that the auditor must not have any personal, professional, or financial relationship or interest with the auditee or the subject of the audit, that may compromise or influence the auditor’s judgment, opinion, or decision. The auditor must also report directly to the management, which means that the auditor must communicate or deliver the audit results or findings to the highest level of authority or responsibility in the organization, such as the board of directors, the executive committee, or the senior management, without any interference, manipulation, or censorship from any other party or stakeholder. The auditor must be independent and report directly to the management, to ensure that all information provided is expressed as an objective assessment, which means that the information is based on facts, evidence, or data, rather than on opinions, assumptions, or emotions, and without risk of retaliation, which means that the information is provided without fear, pressure, or intimidation from any party or stakeholder, that may harm, punish, or discourage the auditor for providing the information. The auditor must utilize automated tools to back their findings, the auditor must work closely with both the information technology (IT) and security sections of an organization, or the auditor must perform manual reviews of systems and processes are not the requirements that must be met during internal security audits to ensure that all information provided is expressed as an objective assessment without risk of retaliation, as they are either more related to the methods, techniques, or tools that are used or applied by the auditor during the audit process, rather than the principles, standards, or practices that are followed or adhered by the auditor during the audit process, or to the relationships, interactions, or collaborations that are established or maintained by the auditor with the other parties or stakeholders during the audit process, rather than the independence, objectivity, or professionalism that are demonstrated or exhibited by the auditor during the audit process.  References :  CISSP All-in-One Exam Guide, Eighth Edition , Chapter 7: Security Operations, page 484;  CISSP Official (ISC)2 Practice Tests, Third Edition , Domain 7: Security Operations, Question 7.13, page 276.

A one-time password (OTP) token is the solution that can best improve the confidentiality and integrity of a new home banking system. A home banking system is a type of online banking service that allows the customers to access and manage their bank accounts and transactions through the Internet, using a web browser or a mobile application. A home banking system requires a high level of security and protection, as it involves sensitive and confidential information, such as the customer’s personal and financial data. A one-time password token is a device or a software that generates a random and unique password that can be used only once and for a limited time to authenticate the user to a system or a service. A one-time password token can enhance the security and the protection of a home banking system, as it provides a strong and dynamic authentication mechanism that can prevent unauthorized access, identity theft, or replay attacks. A one-time password token can also improve the confidentiality and the integrity of the home banking system, as it ensures that only the legitimate and authorized user can access and modify the bank account and the transaction data.  References :  CISSP All-in-One Exam Guide, Eighth Edition , Chapter 5: Identity and Access Management, page 224.  CISSP Practice Exam | Boson , Question 13.

Link Control Protocol (LCP) is used by the Point-to-Point Protocol (PPP) to determine packet formats. PPP is a data link layer protocol that provides a standard method for transporting network layer packets over point-to-point links, such as serial lines, modems, or dial-up connections. PPP supports various network layer protocols, such as IP, IPX, or AppleTalk, and it can encapsulate them in a common frame format. PPP also provides features such as authentication, compression, error detection, and multilink aggregation. LCP is a subprotocol of PPP that is responsible for establishing, configuring, maintaining, and terminating the point-to-point connection. LCP negotiates and agrees on various options and parameters for the PPP link, such as the maximum transmission unit (MTU), the authentication method, the compression method, the error detection method, and the packet format. LCP uses a series of messages, such as configure-request, configure-ack, configure-nak, configure-reject, terminate-request, terminate-ack, code-reject, protocol-reject, echo-request, echo-reply, and discard-request, to communicate and exchange information between the PPP peers.

The other options are not used by PPP to determine packet formats, but rather for other purposes. Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol that allows the creation of virtual private networks (VPNs) over public networks, such as the Internet. L2TP encapsulates PPP frames in IP datagrams and sends them across the tunnel between two L2TP endpoints. L2TP does not determine the packet format of PPP, but rather uses it as a payload. Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol that is used by PPP to verify the identity of the remote peer before allowing access to the network. CHAP uses a challenge-response mechanism that involves a random number (nonce) and a hash function to prevent replay attacks. CHAP does not determine the packet format of PPP, but rather uses it as a transport. Packet Transfer Protocol (PTP) is not a valid option, as there is no such protocol with this name. There is a Point-to-Point Protocol over Ethernet (PPPoE), which is a protocol that encapsulates PPP frames in Ethernet frames and allows the use of PPP over Ethernet networks. PPPoE does not determine the packet format of PPP, but rather uses it as a payload.

Facilities - Window

Devices - Firewall

Information Systems - Authentication

(Note: “Encryption” is not matched as it can be applied in various areas including Devices and Information Systems.)

 In the context of protecting physical and logical assets, the access management areas and the technologies can be matched as follows: - Facilities are the physical buildings or locations that house the organization’s assets, such as servers, computers, or documents. Facilities can be protected by using windows that are resistant to breakage, intrusion, or eavesdropping, and that can prevent the leakage of light or sound from inside the facilities. - Devices are the hardware or software components that enable the communication or processing of data, such as routers, switches, firewalls, or applications. Devices can be protected by using firewalls that can filter, block, or allow the network traffic based on the predefined rules or policies, and that can prevent unauthorized or malicious access or attacks to the devices or the data. - Information Systems are the systems that store, process, or transmit data, such as databases, servers, or applications. Information Systems can be protected by using authentication mechanisms that can verify the identity or the credentials of the users or the devices that request access to the information systems, and that can prevent impersonation or spoofing of the users or the devices. - Encryption is a technology that can be applied in various areas, such as Devices or Information Systems, to protect the confidentiality or the integrity of the data. Encryption can transform the data into an unreadable or unrecognizable form, using a secret key or an algorithm, and can prevent the interception, disclosure, or modification of the data by unauthorized parties.

The action that must be taken if a vulnerability is discovered during the maintenance stage in a SDLC is to make changes following principle and design guidelines. Principle and design guidelines are the rules and standards that define the security objectives, requirements, and specifications of the system. They also provide the criteria and methods for evaluating and testing the security of the system. By making changes following principle and design guidelines, the organization can ensure that the vulnerability is fixed in a secure and consistent manner, and that the system maintains its functionality and quality. The other options are not actions that must be taken, as they either do not fix the vulnerability (B and D), or do not follow the principle and design guidelines ©.  References :  CISSP All-in-One Exam Guide, Eighth Edition , Chapter 8, page 461;  Official (ISC)2 CISSP CBK Reference, Fifth Edition , Chapter 8, page 553.

Drag the authentication type on the correct positions on the right according to strength from weakest to strongest.

The correct order of the HTTP authentication types according to their relative strength is as follows:

Digest: This is the weakest type of HTTP authentication, as it only provides a weak protection against replay attacks and does not encrypt the data or the credentials. Digest authentication uses a challenge-response mechanism, where the server sends a nonce (a random number) to the client, and the client responds with a hash of the username, password, nonce, and other parameters. The server then verifies the hash and grants access if it matches.

Integrated Windows Authentication: This is a weak type of HTTP authentication, as it only works with Windows-based clients and servers, and does not support encryption or mutual authentication. Integrated Windows Authentication uses the Kerberos or NTLM protocols to authenticate the users based on their Windows domain credentials. The client sends the credentials to the server, and the server validates them using the domain controller.

Basic: This is a strong type of HTTP authentication, as it is simple and widely supported by most browsers and servers. However, it also has some drawbacks, such as sending the credentials in plain text, which can be intercepted or sniffed by attackers. Basic authentication uses a simple mechanism, where the client sends the username and password encoded in Base64 to the server, and the server verifies them against a user database or a file.

Client Certificate: This is the strongest type of HTTP authentication, as it provides encryption, mutual authentication, and non-repudiation. Client certificate authentication uses the TLS protocol to establish a secure connection between the client and the server, and to exchange digital certificates that prove the identity and trustworthiness of both parties. The client sends its certificate to the server, and the server validates it using a certificate authority. The server may also send its certificate to the client, and the client may validate it as well.  References :  CISSP All-in-One Exam Guide, Eighth Edition , Chapter 4: Communication and Network Security, page 174.  CISSP Testking ISC Exam Questions , Question 13.