CISSP - Certified Information Systems Security Professional

QUESTION: 11
Which Wide Area Network (WAN) technology requires the first router in the path to determine the
full path the packet will travel, removing the need for other routers in the path to make independent
determinations?
A. Synchronous Optical Networking (SONET)
B. Multiprotocol Label Switching (MPLS)
C. Fiber Channel Over Ethernet (FCoE)
D. Session Initiation Protocol (SIP)

****
Answer(s): B
Explanation
Multiprotocol Label Switching (MPLS) is a high-performance WAN technology that uses label-
based forwarding to direct packets across a network. The key concept behind MPLS is that the
first router (ingress Label Edge Router, or LER) makes the complete forwarding decision for a
packet by assigning it a short, fixed-length label. This label then travels with the packet through the
MPLS network.
Instead of routers analyzing the IP header and performing a route lookup at each hop, intermediate
routers (Label Switch Routers, or LSRs) simply forward packets based on the label. This model:
- Speeds up packet forwarding.
- Supports traffic engineering by predefining the path (Label-Switched Path or LSP).
- Enables Quality of Service (QoS) by distinguishing traffic classes.
- Reduces processing overhead on core routers.
Thus, MPLS removes the need for intermediate routers to make independent routing decisions,
which is the essence of the question.
Option A - Synchronous Optical Networking (SONET): SONET is a physical-layer technology
used for optical transmission in telecom networks. It defines how bits are transmitted over fiber
but does not route or make decisions about packet paths. It operates at Layer 1 and is unrelated to
dynamic packet routing.
Option C - Fiber Channel Over Ethernet (FCoE): FCoE is a Layer 2 protocol that encapsulates
Fibre Channel frames over Ethernet networks, mainly for storage networking. It has nothing to do
with WAN routing or path determination across routers.
Option D - Session Initiation Protocol (SIP): SIP is an application-layer protocol (Layer 7) used for
initiating, managing, and terminating multimedia sessions, such as VoIP. It does not control packet
routing or determine network paths.
-----------------------------------------------------------------
QUESTION: 12
Which of the following would an information security professional use to recognize changes to
content, particularly unauthorized changes?
A. File Integrity Checker
B. Security information and event management (SIEM) system
C. Audit Logs
D. Intrusion detection system (IDS)

****
Answer(s): A
Explanation
A File Integrity Checker (FIC) is a specialized tool used by information security professionals to
detect unauthorized, unexpected, or accidental changes to files and system content. These tools
work by:
- Calculating and storing cryptographic hashes (e.g., SHA-256, MD5) of files when they are
known to be in a secure state (the baseline).
- Periodically recomputing hashes and comparing them to the baseline.
- Alerting when modifications, deletions, or unauthorized additions occur.
File integrity checkers are particularly effective at identifying changes caused by:
- Malicious activity (e.g., malware tampering with system files),
- Unauthorized configuration changes,
- Insider threats,
- Or even accidental modifications by administrators.
Common tools include Tripwire, AIDE (Advanced Intrusion Detection Environment), and OSSEC.
These are widely used in security operations and compliance frameworks such as PCI DSS, which
specifically mandates the use of file integrity monitoring for critical systems.
Option B - Security Information and Event Management (SIEM) system: A SIEM aggregates and
analyzes logs from multiple sources (including FICs), but it does not independently detect file
changes. It can correlate and report integrity alerts but depends on input from tools like FICs.
Option C - Audit Logs: Audit logs record user actions, access events, and system operations, but
they do not directly detect unauthorized file changes. They help investigate after-the-fact, but
unlike FICs, they don’t proactively detect integrity breaches.
Option D - Intrusion Detection System (IDS): An IDS monitors network or host activity for
suspicious behavior but is generally used for detecting attacks or policy violations, not specifically
for tracking file content changes. It lacks the hash comparison mechanism central to FICs.

-----------------------------------------------------------------
QUESTION: 13
Which of the following is included in change management?
A. Technical review by business owner
B. User Acceptance Testing (UAT) before implementation
C. Cost-benefit analysis (CBA) after implementation
D. Business continuity testing

****
Answer(s): B
Explanation
User Acceptance Testing (UAT) is a critical step in the change management process, especially
within IT and information systems. It is conducted before a change is formally implemented in a
production environment to ensure that:
- The change meets business requirements,
- The system behaves as expected under real-world scenarios,
- The end users are satisfied with the change or enhancement.
UAT provides the final validation from a user's perspective and helps identify issues that may not
have been discovered during technical or functional testing phases. It ensures that the change will
not disrupt business operations and is fit for purpose before deployment.
Within the ITIL Change Management framework, UAT is explicitly referenced as part of the "Build,
Test, and Implement" phase, and its successful completion is often a go/no-go gate for
deployment into live systems.
Thus, incorporating UAT into change management supports:
- Risk mitigation by identifying and correcting issues before go-live,
- Stakeholder confidence by involving business users in validation,
- Change success, as changes aligned with user expectations are more likely to be adopted
effectively.
Option A - Technical review by business owner: While a business owner may provide input or
approval, technical reviews are usually conducted by IT or engineering teams. Business owners
typically focus on requirements and outcomes, not deep technical analysis. Also, this is not a core
phase of standard change management processes.
Option C - Cost-benefit analysis (CBA) after implementation: CBA is usually conducted before
a change is approved to justify its value. Performing a CBA after implementation is not part of
formal change management; it is more aligned with project review or ROI evaluation, not the
change lifecycle.
Option D - Business continuity testing: This is part of business continuity planning (BCP) and
disaster recovery (DR), not standard change management. While changes should not harm BCP
readiness, continuity testing is its own discipline with different objectives and timelines.

-----------------------------------------------------------------
QUESTION: 14
A company is enrolled in a hard drive reuse program where decommissioned equipment is sold
back to the vendor when it is no longer needed. The vendor pays more money for functioning drives
than equipment that is no longer operational. Which method of data sanitization would provide the
most secure means of preventing unauthorized data loss, while also receiving the most money
from the vendor?
A. Pinning
B. Single-pass wipe
C. Multi-pass wipes
D. Degaussing

****
Answer(s): C (ChatGPT Comment: B)
Explanation B
A single-pass wipe is the most secure and cost-effective method of data sanitization for hard
drives that are being reused or resold. This process involves overwriting every sector on the disk
once with random or fixed patterns, effectively removing all recoverable data while preserving the
drive’s operability, which is critical in this scenario.
Why it is optimal:
- Secure enough for most use cases: According to the National Institute of Standards and
Technology (NIST) SP 800-88 Rev. 1, a single overwrite pass is sufficient to prevent data
recovery on modern hard drives, especially when paired with verification.
- Preserves hardware functionality: Unlike physical destruction or degaussing, a single-pass
wipe leaves the drive fully functional, allowing the company to receive maximum resale
value from the vendor.
- Efficient and faster than multi-pass: A single-pass wipe is significantly faster and more
energy-efficient than multi-pass methods, minimizing downtime while still meeting
compliance and security requirements.
“For modern storage media, a single pass of overwrite is generally sufficient to protect data from
recovery.”
Option A - Pinning: "Pinning" refers to retaining data in memory or storage for longer access times
and is not a recognized data sanitization method. It does not prevent unauthorized access nor
erase data.
Option C - Multi-pass wipes: Although more thorough than a single-pass wipe, multi-pass wipes
are overkill on modern drives and waste time and energy. NIST has stated that multiple overwrites
offer no additional benefit for most modern media. It also adds unnecessary wear, potentially
reducing the value of the drive.
Option D - Degaussing: Degaussing uses magnetic fields to scramble data, which is effective but
renders the drive inoperable. This violates the company’s goal of receiving the most money from
functional drives. It’s suitable for classified environments, not resale programs.

Reference
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

-----------------------------------------------------------------
QUESTION: 15
When reviewing vendor certifications for handling and processing of company data, which of the
following is the BEST Service Organization Controls (SOC) certification for the vendor to possess?
A. SOC1 Type 1
B. SOC2 Type 1
C. SOC2 Type 2
D. SOC3

****
Answer(s): C
Explanation
The Type 1 report is a point-in-time snapshot of your organization’s controls, validated by tests to
determine if the controls are designed appropriately.
The Type 2 report looks at the effectiveness of those same controls over a more extended period -
usually 12 months.
SOC 1 offers a Type 1 and Type 2 report and is good for financial / books of account.
SOC 2 also offers a Type 1 and Type 2 report. This certification is the most stringent regarding data
security and privacy and is the most highly sought after by companies. It provides assurance that
the vendor has appropriate processes, procedures, and controls in place for the data that they
process. It also provides assurance to customers that the vendor is upholding the standards set by
the American Institute of Certified Public Accountants (AICPA). The SOC 2 Type II certification is
the gold standard regarding data security and privacy and is the best certification a vendor can
possess.
There is no type 1 or 2 for SOC 3, and it's used high-level report generally available on public
domain / website.

-----------------------------------------------------------------
QUESTION: 16
Which application type is considered high risk and provides a common way for malware and
viruses to enter a network?
A. Instant messaging or chat applications
B. Peer-to-Peer (P2P) file sharing applications
C. E-mail applications
D. End-to-end applications

****
Answer(s): B
Explanation
"Eliminating unsecured file shares, which are a common way for malware to spread"
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-83r1.pdf

P2P file sharing is the process of sharing and transferring digital files from one computer to
another. If you aren’t careful, P2P file sharing can subject you to spyware, viruses, Trojan horses,
worms and identity theft. Some P2P applications can even modify or penetrate your computer’s
firewall without detection.

-----------------------------------------------------------------
QUESTION: 17
An organization is looking to include mobile devices in its asset management system for better
tracking. In which system tier of the reference architecture would mobile devices be tracked?
A. 0
B. 1
C. 2
D. 3

****
Answer(s): B
Explanation
Tier 0: Facilities, power systems, and environmental controls.
Tier 1: Hardware and software supporting IT infrastructure.
Tier 2: Shared services like email, directories, and collaboration tools.
Tier 3: Business-critical systems and databases.

-----------------------------------------------------------------
QUESTION: 18
Which of the following is the BEST way to protect an organization's data assets?
A. Encrypt data in transit and at rest using up-to-date cryptographic algorithms.
B. Monitor and enforce adherence to security policies.
C. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD).
D. Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.

****
Answer(s): A
Explanation
While all these measures are important parts of a comprehensive security strategy, encryption,
option A provides the most direct and fundamental protection for the data itself. It ensures that
even if other security measures fail or data is somehow accessed, it remains unreadable and
protected. This makes it the BEST way to protect an organization's data assets among the given
options.

-----------------------------------------------------------------
QUESTION: 19
Within a large organization, what business unit is BEST positioned to initiate provisioning and
deprovisioning of user accounts?
A. Training department
B. Internal audit
C. Human resources
D. Information technology (IT)

****
Answer(s): C

-----------------------------------------------------------------
QUESTION: 20
Which of the following is the PRIMARY purpose of installing a mantrap within a facility?
A. Control traffic
B. Control air flow
C. Prevent piggybacking
D. Prevent rapid movement

****
Answer(s): C
Explanation
The main objective of a mantrap is to prevent piggybacking, which refers to unauthorized
individuals following closely behind an authorized person to gain entry to a restricted area without
proper authentication. By allowing only one person at a time, the mantrap ensures that each
individual must present their credentials, such as an access card or biometric identification,
before proceeding further into the secure area.

-----------------------------------------------------------------