ISC Updated CISSP Exam Questions and Answers by lexie

The most effective practice in managing user accounts when an employee is terminated is to implement processes for automated removal of access for terminated employees. This practice can ensure that the access rights of the terminated employee are revoked as soon as possible, preventing any unauthorized or malicious use of the account. Automated removal of access can be achieved by using software tools or scripts that can disable or delete the account, remove it from any groups or roles, and revoke any permissions or privileges associated with the account. Automated removal of access can also reduce the human errors or delays that may occur in manual processes, and provide an audit trail of the actions taken. Deleting employee network and system IDs upon termination, manually removing terminated employee user-access to all systems and applications, and disabling terminated employee network ID to remove all access are all possible ways to manage user accounts when an employee is terminated, but they are not as effective as automated removal of access. Deleting employee network and system IDs upon termination may cause problems with data retention, backup, or recovery, and may not remove all traces of the account from the systems. Manually removing terminated employee user-access to all systems and applications may be time-consuming, error-prone, or incomplete, and may depend on the cooperation and coordination of different administrators or departments. Disabling terminated employee network ID to remove all access may not be sufficient, as the account may still exist and be reactivated, or may have access to some resources that are not controlled by the network ID. 

 A SYN flood attack does exceed the limits for new TCP/IP connections. A SYN flood attack is a type of denial-of-service attack that sends a large number of SYN packets to a server, without completing the TCP three-way handshake. The server allocates resources for each SYN packet and waits for the final ACK packet, which never arrives. This consumes the server’s memory and processing power, and prevents it from accepting new legitimate connections. The other options are not accurate descriptions of what a SYN flood attack does. References: SYN flood - Wikipedia; SYN flood DDoS attack | Cloudflare.

A benefit in implementing an enterprise Identity and Access Management (IAM) solution is that the risk associated with orphan accounts is reduced. An orphan account is an account that belongs to a user who has left the organization or changed roles, but the account has not been deactivated or deleted. An orphan account poses a security risk, as it can be exploited by unauthorized users or attackers to gain access to the system or data. An enterprise IAM solution is a system that manages the identification, authentication, authorization, and provisioning of users and devices across the organization. An enterprise IAM solution can help to reduce the risk associated with orphan accounts by automating the account lifecycle management, such as creating, updating, suspending, or deleting accounts based on the user status, role, or policy. An enterprise IAM solution can also help to monitor and audit the account activity, and to detect and remediate any orphan accounts. Password requirements are simplified, segregation of duties is automatically enforced, and data confidentiality is increased are all possible benefits or features of an enterprise IAM solution, but they are not the best answer to the question. Password requirements are simplified by an enterprise IAM solution that supports single sign-on (SSO) or federated identity management (FIM), which allow the user to access multiple systems or applications with one set of credentials. Segregation of duties is automatically enforced by an enterprise IAM solution that implements role-based access control (RBAC) or attribute-based access control (ABAC), which grant or deny access to resources based on the user role or attributes. Data confidentiality is increased by an enterprise IAM solution that encrypts or masks the sensitive data, or applies data loss prevention (DLP) or digital rights management (DRM) policies to the data. 

 The foundation of cryptographic functions is entropy. Entropy is a measure of the randomness or unpredictability of a system or a process. Entropy is essential for cryptographic functions, such as encryption, decryption, hashing, or key generation, as it provides the security and the strength of the cryptographic algorithms and keys. Entropy can be derived from various sources, such as physical phenomena, user input, or software applications. Entropy can also be quantified in terms of bits, where higher entropy means higher randomness and higher security. Encryption, cipher, and hash are not the foundation of cryptographic functions, although they are related or important concepts or techniques. Encryption is the process of transforming plaintext or cleartext into ciphertext or cryptogram, using a cryptographic algorithm and a key, to protect the confidentiality and the integrity of the data. Encryption can be symmetric or asymmetric, depending on whether the same or different keys are used for encryption and decryption. Cipher is another term for a cryptographic algorithm, which is a mathematical function that performs encryption or decryption. Cipher can be classified into various types, such as substitution, transposition, stream, or block, depending on how they operate on the data. Hash is the process of generating a fixed-length and unique output, called a hash or a digest, from a variable-length and arbitrary input, using a one-way function, to verify the integrity and the authenticity of the data. Hash can be used for various purposes, such as digital signatures, message authentication codes, or password storage.