ISC Updated CISSP Exam Questions and Answers by rosabella

The primary goal for using Domain Name System Security Extensions (DNSSEC) to sign records is integrity. DNSSEC is a set of extensions or enhancements to the Domain Name System (DNS) protocol, which is a protocol that translates or resolves the domain names or the hostnames into the IP addresses or the network addresses, and vice versa. DNSSEC is designed or intended to provide the security or the protection for the DNS protocol, by using the digital signatures or the cryptographic keys to sign or to verify the DNS records or the DNS data, such as the A records, the AAAA records, or the MX records. The primary goal for using DNSSEC to sign records is integrity, which means that DNSSEC aims to ensure or to confirm that the DNS records or the DNS data are authentic, accurate, or reliable, and that they have not been modified, altered, or corrupted by the third parties or the attackers who intercept or manipulate the DNS queries or the DNS responses over the network. DNSSEC can provide the integrity for the DNS records or the DNS data, by using the public key cryptography or the asymmetric cryptography to generate or to validate the digital signatures or the cryptographic keys that are attached or appended to the DNS records or the DNS data, and that can prove or demonstrate the origin, the identity, or the validity of the DNS records or the DNS data. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 4, page 113; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 4, page 170

According to the CISSP CBK Official Study Guide, a chosen plaintext attack is a type of cryptanalysis that allows the cryptanalyst to generate ciphertext from arbitrary text. A cryptanalysis is the process of breaking or analyzing a cryptographic system or algorithm, by finding the plaintext, the key, or the algorithm from the ciphertext, or by exploiting the weaknesses or vulnerabilities of the system or algorithm. A chosen plaintext attack is a scenario where the cryptanalyst has access to the encryption function or device, and can choose any plaintext and obtain the corresponding ciphertext. A chosen plaintext attack can help the cryptanalyst to deduce the key or the algorithm, or to create a codebook or a dictionary that maps the plaintext to the ciphertext. The cryptanalyst does not examine the communication being sent back and forth, as this would be a ciphertext-only attack, where the cryptanalyst only has access to the ciphertext, and tries to infer the plaintext, the key, or the algorithm from the statistical or linguistic analysis of the ciphertext. The cryptanalyst does not choose the key and algorithm to mount the attack, as this would be a known plaintext attack, where the cryptanalyst has access to some pairs of plaintext and ciphertext that are encrypted with the same key and algorithm, and tries to find the key or the algorithm from the correlation or pattern between the plaintext and the ciphertext. The cryptanalyst is not presented with the ciphertext from which the original message is determined, as this would be a decryption problem, where the cryptanalyst has access to the ciphertext and the key or the algorithm, and tries to recover the plaintext from the ciphertext.

Baseline configuration information is the set of data that describes the state of a computer system at a specific point in time. It is used to monitor and control changes to the system, as well as to assess its compliance with security standards and policies. Baseline configuration information must include the operating system and version, patch level, applications running, and versions, because these are the essential components that define the functionality and security of the system. These components can also affect the compatibility and interoperability of the system with other systems and networks. Therefore, it is important to maintain accurate and up-to-date records of these components for each computer system123. References:

• Create configuration baselines - Configuration Manager, Section: Configuration baselines
• About Configuration Baselines - Configuration Manager, Section: Configuration Baseline Rules
• About Configuration Baselines and Items - Configuration Manager, Section: Configuration Baselines

According to the CISSP All-in-One Exam Guide1, the greatest responsibility of Information Security when evaluating third-party applications is to quantify the risk to the business for product selection. This means that Information Security should assess the potential impact and likelihood of threats and vulnerabilities associated with the applications, and communicate the results to the business stakeholders who are responsible for making the final decision. Information Security should not accept the risk on behalf of the organization, report findings to the business without providing risk analysis, or approve the application that best meets security requirements without considering the business needs and objectives.