Unlock the doors to a fortified cybersecurity career with me, Sean Gerber, as we navigate the complex landscape of CISSP concepts tailored for those aspiring to conquer the CISSP exam. We're not just scratching the surface; we're burrowing into the depths of what it takes to understand and tackle real-world security challenges. From the perils of unprotected customer data on cloud servers to the intricacies of managing employees who sidestep DRM for convenience, this podcast equips you with the knowledge to address these issues head-on. Get ready to absorb strategies that fortify your cybersecurity defenses and master the controls that thwart unauthorized data exposure.
As we march through the eight domains of CISSP, we dissect the fine balance between security measures and operational complexity, ensuring your policies don't just check boxes but actively protect your enterprise. Together, we'll decrypt the importance of encryption for portable devices and debate the merits of DMZs for bridging the gap to secure cloud interactions. Entering the realm of remote desktop access, I'll champion the cause for SSH protocols fortified by robust authentication methods. By the close of our session, you'll not only have unraveled the blueprint for CISSP success but also be primed to pepper your systems with penetration tests to uncover hidden vulnerabilities. Join me for a session that promises to elevate your cybersecurity prowess to meet the CISSP challenge with confidence.
Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
Unlock the doors to a fortified cybersecurity career with me, Sean Gerber, as we navigate the complex landscape of CISSP concepts tailored for those aspiring to conquer the CISSP exam. We're not just scratching the surface; we're burrowing into the depths of what it takes to understand and tackle real-world security challenges. From the perils of unprotected customer data on cloud servers to the intricacies of managing employees who sidestep DRM for convenience, this podcast equips you with the knowledge to address these issues head-on. Get ready to absorb strategies that fortify your cybersecurity defenses and master the controls that thwart unauthorized data exposure.
As we march through the eight domains of CISSP, we dissect the fine balance between security measures and operational complexity, ensuring your policies don't just check boxes but actively protect your enterprise. Together, we'll decrypt the importance of encryption for portable devices and debate the merits of DMZs for bridging the gap to secure cloud interactions. Entering the realm of remote desktop access, I'll champion the cause for SSH protocols fortified by robust authentication methods. By the close of our session, you'll not only have unraveled the blueprint for CISSP success but also be primed to pepper your systems with penetration tests to uncover hidden vulnerabilities. Join me for a session that promises to elevate your cybersecurity prowess to meet the CISSP challenge with confidence.
Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
Speaker 1:
Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Let's go.
Speaker 2:
Cybersecurity knowledge All right, let's get started. Good morning, it's Sean Gerber with CISSP Cyber Training and I hope you all are having a beautiful, blessed day today. Today's a gorgeous day. Here in Kansas, we couldn't ask for better weather. Actually, it's like 75 degrees today. So for Kansas, if you guys have listened to this podcast at any time, you know that it can vary from 20 degrees below zero some days to as high as about 105. And today it's 75. So, wherever you live around the globe, if you are in that kind of environment, you know what I'm talking about. It's gorgeous, it's very, very nice. So I'm going to enjoy it while we can, because in about a month and a half well, less than a month, probably about three weeks it'll be 95 degrees. So well, less than a month, probably about three weeks, it'll be 95 degrees. So, yeah, it is what it is, okay.
Speaker 2:
So let's roll into the questions we have for today. So today is CISSP Question Thursday and because of that we have various questions and today I'm going to cover all eight domains. We've got kind of a smattering of each of those and you can get all of this content at CISSP Cyber Training. You can get the video of this will be on my blog and it'll be available for you. You can actually listen to it or watch it, whatever you choose. If you want to have access to the questions, you can go ahead and log into CISSP Cyber Training and gain access to all of the questions I have and the list is continuing to grow. But, like I mentioned before, with this class or I should say, with this class, with this podcast that the ultimate goal is, these questions are not ones that you would necessarily see on the CISSP, but the concepts are what you would anticipate to see on the CISSP exam, and that's the overall challenge that you need to work through is this is the concepts. This isn't the actual questions. And understanding and trying to memorize questions just to pass the test For the CISSP yeah, that's not going to work. You're going to have to understand the overall concepts so that you can answer the questions based on a senior management level. So let's roll into question number one.
Speaker 2:
A company stores highly sensitive customer data on a cloud server. The data is encrypted at rest and in transit. However, the company also allows employees to download the data to their local laptops Probably not a good idea. Which of the following controls would be most effective in mitigating the risk of unauthorized data disclosure in this specific scenario A Multi-factor authentication, d DLP on employee laptops, c Role-based access controls on a cloud server. Or D encryption of the data at rest on employee laptops. So now, each of those are very good as you stand them alone amongst themselves. However, when you want to find the most effective way for mitigating the risk of unauthorized data disclosure in this specific scenario, the answer would be B data loss prevention on the employee laptops.
Speaker 2:
Now the DLP will specifically focus on preventing unauthorized data exfiltration. Now what does that mean? It means that data could still get out and you still have employees send the data out. However, the unauthorized piece of this is the fact that they would be secure, with some level of protection on each of the documents. So you could have a document sent to I don't know, timbuktu, any place on the planet, and if it is protected with a DLP product, it could be. If it is, it would be protected to restrict people from having access to it. Now the challenge is, if you open it up to the globe and you put DLP on it and you don't put the necessary controls to mitigate the risk, then you're not really doing yourself any good, you've created a placebo and that's about it. So you need to follow through with the DLP products that you engage on your products on your insider risk program.
Speaker 2:
Question two a company uses digital rights management, or DRM, to protect its intellectual property documents. However, the employees have reported the difficulty using DRM okay, leading to some resorting to emailing sensitive documents without DRM protection. Which of the following actions would be best way to address this specific issue? Okay, so your employees are doing stuff they shouldn't do because they don't like the product and it takes it's hard on them. A implement user training on alternative secure document sharing methods. C disable DRM altogether, or actually that's B. C increase the access controls for DRM protections or documents, or. D find employees who violate the document security policy.
Speaker 2:
So it might be a combination of a couple of those right. One is you want to, so what would you do? Well, you'd want to implement some level of user training. It's important that you teach your people how to utilize the product and get it to the best way it possibly can, and potentially give them an alternate secure document sharing method. What I have learned with employees is that it isn't always a one-size-fits-all in all situations. However, if you start giving different types of alternatives. It can dilute the process, and then you can actually have more challenges down the road. The other one you might want to consider, though, is if people are blatantly trying to disrespect and that's disrespect, not the right word go around the policies you have in place, you may have to look at some sort of disciplinary action on the employee. Bottom line is that if you have a policy in place, they should follow it. If they choose not to follow it on their own fruition, then you may need to do something different with the employee, to include potentially letting that individual go. Something different with the employee to include potentially letting that individual go.
Speaker 2:
Question three a company is migrating its data center to a new facility. Which of the following controls is most important to implement during migration process to ensure data security? So a company's migrating its data center to a new facility, which of the following is the most important to implement during a migration process to ensure data security? A update all server software to the latest patch level. B implement strong access controls for a new data center. C backup all data before the migration begins. Or. D conduct a risk assessment of the new data center. Again, what's the most important thing to implement during the migration process to ensure data security? And the answer is D conduct a risk assessment of the new data center. You want to really. All these things are important, right, when you're looking at a new data center backup data, implement strong access controls and so forth but you really want to. First thing you want to do, that's most important, is conduct a risk assessment of the data center to really understand what are your risks. Important is conduct a risk assessment of the data center to really understand what are your risks.
Speaker 2:
Question four a company uses a mobile device management solution MDM, to manage its employees' smartphones. However, some employees have rooted or jailbroken their devices, basically cracked them open, figured out a way to take the software off that manages them, bypassing the MDM controls. Which of the following actions would be most effective in addressing this specific issue? A Implement a policy allowing employees to root or jailbreak their devices Not a good idea period. B develop an MDM solution that can detect or prevent routing or jailbreaking. C educate employees on the security risks of routing or jailbreaking and enforce disciplinary action for noncompliance. And D revoke access to corporate resources for all routed or jailbroken devices. Okay, so some of those are very good, right, you still want to do them, revoke access, develop MDM solutions, so forth, develop MDM solutions, so forth. But the bottom line, on this question specifically, is the most effective is educate the employees on the security risks of doing this and then slap their hands if they do things wrong. I mean, again, it could be a situation where, you want to, they may get terminated because of it. Again, you want to let them know what is the rules, what are the lines that they cannot cross, and then, when they do cross them, determine whether or not it was blatant or it was accidental, and then go from there.
Speaker 2:
Question five a company stores classified data on a dedicated server segment within the network. Which of the following controls would be the most effective in isolating and protecting the classified data? So it's on a dedicated server segment within a network. Which would be the most effective in isolating and protecting this classified data? A implement strong access controls for the server segment. B disable all network connections to the server segment. C encrypt the classified data at rest on the server or. D segment the network further to create separate zones for the server itself. Okay, okay, what's the most effective in isolating and protecting the classified data. And the answer is D segmenting the network further to create a separate zone for that specific server. Now, when you start doing that, that's the most effective at this point, right. But there also comes with complications when you start doing this. On zoning these systems off even further, you now become very complicated and getting to those systems can be challenging from a networking standpoint. So you just need to keep that in mind. How much complexity do you want to add? And is there other controls that you could put in place that may not be as strong as segmenting but would also be effective as well?
Speaker 2:
Question six a company is developing a new security policy. Which of the following factors should be considered the least during the development process? So they're developing a new security policy. Which of the following factors should be considered the least during the development process? A alignment with the business objectives and risk tolerance. B legal and regulatory compliance requirements. C technical feasibility and implementation costs. Or D industry best practices and standards, security standards for that specific deployment or policy. I should say which is the least. It would be A alignment with business objectives and risk tolerance. Now I say that is the least. They kind of all go together right. You'd want all of those to be a factor. However, if you're looking at the least during this entire process, alignment with business objectives and the risk tolerance might be the least. But just because if you went to a higher risk, even if the risk tolerance for the business is very low or very high, you may want to go with a higher risk, even if the risk tolerance for the business is very low or very high. You may want to go with a lower risk tolerance to offset some other control issues you have. But the technical feasibility if it doesn't technically work, it won't work. Best practices you should always implement best practices. Now, whether or not they will implement within your environment all of them, you have to make a decision there. And then legal and regulatory compliance requirements yeah, that's something you really can't mess around with too much.
Speaker 2:
So question seven which of the following controls is most effective in protecting classified data at rest on a laptop? Which is most effective in protecting classified data at rest on a laptop? A implement strong access controls for the laptop. C disable internet access for the laptop. C disable internet access for the laptop. C encrypting the classified data at rest. Or. D enabling automatic software updates on the laptop. So what's the most effective for protecting classified data on the laptop? It would be C encrypting the classified data at rest. So again, obviously, implementing strong access controls is a great thing you should do. It is, it's very good. But if somebody does get through them the data is open and not encrypted you could have an issue. Or someone loses the laptop without as good of access controls. Then you now have the data exposed.
Speaker 2:
Question eight which of the following security architecture is designed to provide a secure connection between the organization's internal network and a public cloud service? So which of the following security architectures is designed to provide a secure connection between an organization's internal network and a public cloud service A bastion host, c honeypot that's actually B honeypot C demilitarized zone or D intrusion detection system. So you're looking at providing a secure connection between them. It would be a DMZ. A DMZ is typically set up between the internal network and an untrusted public cloud. Now you can do it within the manufacturing space and make it part of the Purdue model, where you have your manufacturing network is separate from your business network. But bottom line is you look for an untrusted network or putting a DMC place between them and this actually allows for controlled access to specific resources while protecting the critical internal assets. When you're dealing with passion hosts and honeypots, they are used for different purposes and obviously the IDS is an intrusion detection system, not an architectural aspect.
Speaker 2:
Question nine which of the following protocols offers the most secure option for remote desktop access? A Telnet, b. Ftp, c. Ssh with weak password authentication All right. D. Ssh with strong password authentication and a PKI infrastructure? And the answer is D, obviously right. Ssh with a strong password authentication and PKI. This encrypts the data in communication and it also allows for strong access to the or strong infrastructure authentication, access to the documents and the system itself. So it's the most secure. Again, telnet and FTP. They do lack encryption and are not suitable for secure remote access.
Speaker 2:
Question 10, which of the following principles of least privilege focuses on granting access to users? A users should be able to share their access with colleagues whenever necessary. B users should have the minimum level of access required to perform their job functions effectively. C users should have all the access they request, regardless of job duties. And D users should be granted the highest level of access possible to ensure efficiency. So which of the following principles of least privilege focuses on granting access to users? And the answer is B. Users should have the minimum level of access required to perform their job functions effectively. Again, you don't give them more than they actually have to have, because people will do what people do and people will use more of their credentials or more of their rights than they should the entitlements, I should say.
Speaker 2:
Question 11. Which of the following types of assessments involve simulating real-world attacks to identify exploitable vulnerabilities in a system? So again, which type of assessment involves simulating real-world attacks to identify exploitable vulnerabilities in a system? A penetration test. B vulnerability scanning. C risk assessment or D security policy review? Which of the assessments involves simulating real-world attacks to identify exploitable vulnerabilities? And it is A penetration testing. These are done to look for vulnerabilities in systems and they look for potential security breaches and ways they can gain in. I did this for years and it's fun. It's a lot of fun. It is just kick-butt fun. But yeah, it is also a very unique niche on when you would actually use it.
Speaker 2:
Question 12. During an incident response, which of the following actions should be taken with the highest priority? A blame the individuals who's responsible for the incident. That always works well. I highly recommend it. No, don't do that there is a time and place for that. Restoring compromised systems to normal operations as quickly as possible. C collecting and preserving evidence for the potential legal action. Or. D containing incident to prevent further damage and data loss. The highest priority, yes, is not going after the person who made the mistake. If it's a mistake or whatever caused the whole issue, that would be something for a later time, and then you can go and pull out the wet noodle and beat the person with the wet noodle or whatever you decide to do, but the bottom line is contain the incident, prevent further damage and data loss. Answer is D, question 13. Which of the following coding practices is the most effective in preventing SQL injection attacks in web applications? So which of the following practices of coding is the most effective in preventing SQL injection attacks in web applications? So your web application, if you're not familiar with, is just basically, you log into your browser and it's connecting to whatever application you have via the web portal, so it's a web application.
Speaker 2:
A use complex algorithms for data processing. C implement firewalls to restrict unauthorized access. C validate and sanitize all user input before processing it. Or. D encrypt all data stored in the database. Again, those are all important, right, but when you deal with, start peeling back the layers and then go with a SQL injection attack, the answer would be C, validating and sanitizing user input before processing it. Obviously, when you have user inputs, you want people that are trying to do injection attack will try to put different types of code into the input form and then try to execute that type of code and then if it can burp up something for them to use, then they'll be happy about that. If not, then that's the ultimate goal for an attacker is I'm trying to use as least amount that I possibly can to gain access, the greatest amount of access I possibly can. So again, sql injections are vulnerable, or I should say systems are vulnerable to SQL injections when they don't have input sanitization in place on their database queries and so forth. So something to consider.
Speaker 2:
Question 14, a company is outsourcing a critical business process to a third-party vendor Interesting. Which of the following risk assessments, risk management activities, is most important to conduct before finalizing the contract with the vendor? Okay, this is an important part and I'd hate to tell you that you know what a lot of times it doesn't happen. They actually come to us after the fact and say, hey, we just got this contract, can you take a look at them? And then we look at them and they go, we go. What did you do? So then you have to kind of put some duct tape and bailing wire to try to keep this whole thing together. But again, that being said, what's the most important to conduct before finalizing the contract with the vendor? A conducting a security awareness training session with the vendor's employees Probably wouldn't happen. B including security requirements and controls within the vendor's contract Good idea. C performing a vulnerability scan on the vendor's IT infrastructure Possibility. Or D requiring the vendor to obtain a specific security certification. That is not a bad idea, but before the contract is signed, probably not going to happen because these things take time. So the answer is B including security requirements and controls within the vendor's contract. So if they don't meet it, then things happen right. So that's the ultimate goal, if you can get it in there. So that's why the relationship you have with your vendor support your procurement, all of those folks is extremely important because they are the front lines. They can actually help you with the contracts to ensure that the right controls are put in place.
Speaker 2:
Question 15. A security analyst detects unusual network traffic originating from a server within an internal network, traffic appears to be attempting to transfer sensitive data to an external IP address Not good. Which of the following actions should be a security analyst take as a first step? Okay, so you have something that's inside your network trying to send stuff out to someplace else, to an external IP address, and you are thinking it could be sensitive data A isolate the compromised server from the network to prevent further data exfiltration. B analyze the network traffic logs to identify specific data being transferred. C reboot the server, potentially to stop the suspicious activity. Or. D notify management and document the incident, along with the organization's incident response plan.
Speaker 2:
Now, the interesting part on all this is the answer that we have right here, for the first step would be to isolate the compromised server, but these are going to work in conjunction. You may isolate that. Now you have to really be confirmed that that is actually what's happening before you go and isolate things, because sometimes it might be part of their daily job, but it's a parallel type operation One. You would isolate the compromised server most definitely. You would also notify management and document the incident at the same time. So you'd want to make sure you're starting to keep a paper log of what you are doing. But the first step should be isolate the compromised server from the network to prevent any further sort of data exfiltration.
Speaker 2:
Okay, that is all I have for today. At CISSP Cyber Training, head on over and get your stuff. You want it. You know you do. You're looking to pass your CISSP. Head on over to CISSP Cyber Training and you will have access to all of my videos. You'll have access to all my training and to the questions that I've created over the years, so it's a great place for you to start. If you're just wanting some free content, go to the blog. You'll love it. There'll be lots of good stuff there for you as well and then just listen to the podcast. That'll help you go a long way.
Speaker 2:
Bottom line, though, is I have a blueprint that is available to you on CISSP Cyber Training. That blueprint will step you through what you need to do to be prepared for the exam, step by step by step. If you follow it, you will pass. I can't stress this enough. If you follow the blueprint, you will pass. Why do I say that? Because it steps you through each of the different areas that you must know and be connected with. If you try to just circumvent it, I don't know, it's a crapshoot. You just don't know what's going to happen, but that doesn't mean that you can't pass it without the blueprint. You can, you surely can, I did but the blueprint is designed to help you, guide you and direct you and give you the steps you need to pass the CISSP the first time. Okay, have a wonderful day and we will catch you on the flip side, see ya.
