ISC Updated CISSP Exam Questions and Answers by zorawar

The most suitable privileges for the support team to access the application logs of a web application that is hosted by a web server running on a specific OS on a VM are administrative privileges on the web server. A web application is a type of software application that runs on a web server, and that can be accessed and used by the users or the customers through a web browser, over the internet or a network. A web application can generate and store various types of logs, such as access logs, error logs, or security logs, that record and provide information about the activities, events, or issues that occur on the web application. A web server is a type of software or hardware that hosts and delivers the web application and its content to the web browser, using the Hypertext Transfer Protocol (HTTP) or other protocols. A web server can run on a specific OS, such as Windows, Linux, or MacOS, and it can run on a physical or a virtual machine. A VM is a type of software that emulates a physical machine, and that can run multiple OSs and applications on the same physical machine, using a software layer called a hypervisor. Administrative privileges are a type of access rights or permissions that grant the user or the role the ability to perform various actions or tasks on a system or a service, such as installing, configuring, or managing the system or the service. Administrative privileges on the web server are the most suitable privileges for the support team to access the application logs of a web application that is hosted by a web server running on a specific OS on a VM, as they can provide the support team with the necessary and sufficient access rights or permissions to view, analyze, or troubleshoot the application logs, without compromising the security or the functionality of the OS, the VM, or the hypervisor56. References: CISSP CBK, Fifth Edition, Chapter 3, page 241; CISSP Practice Exam – FREE 20 Questions and Answers, Question 16.

The software has multiple Common Vulnerabilities and Exposures (CVE) and only some are remediated poses the most risk to an application. Open source software is software that is developed and distributed under a license that allows anyone to access, modify, and share the source code. Open source software can offer various benefits, such as cost savings, innovation, flexibility, and transparency. However, open source software can also introduce various risks, such as security, legal, operational, and reputational risks. One of the main security risks of open source software is the presence of vulnerabilities that can be exploited by attackers to compromise the application or the system that uses the software. Common Vulnerabilities and Exposures (CVE) is a system that assigns unique identifiers and descriptions to publicly known vulnerabilities in software. A software that has multiple CVEs and only some are remediated means that the software still has unresolved vulnerabilities that can pose a high risk to the application. The software may not have received timely or adequate patches or updates from the developers or the community, or the patches or updates may not have been applied by the users or the administrators. Therefore, the software may be exposed to potential attacks that can cause data loss, data breach, denial of service, or unauthorized access. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8: Software Development Security, page 451. CISSP Practice Exam – FREE 20 Questions and Answers, Question 17.

The key findings section of the assessment report is where the separate vulnerabilities, weaknesses, and gaps identified during the assessment are presented and prioritized. This section should provide a clear and concise summary of the most significant issues that need to be addressed by the organization. The other options are not correct. The executive summary with full details is a contradiction, as the executive summary should only provide a brief overview of the assessment objectives, scope, methodology, and results. The risk review section is where the risks associated with the identified vulnerabilities, weaknesses, and gaps are analyzed and evaluated. The findings definition section is not a standard section of the assessment report, although it may be included as part of the introduction or background to explain the terminology and criteria used for the assessment. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 6: Security Assessment and Testing, page 715. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 6: Security Assessment and Testing, page 713.

The first action for a security administrator who detects an intrusion on the network based on precursors and other indicators is to isolate and contain the intrusion. An intrusion is an unauthorized or malicious activity that attempts to compromise the security or the functionality of a system or a network. An intrusion can be detected by various methods, such as the analysis of the network traffic, the logs, the alerts, or the anomalies. Precursors and indicators are the signs or the evidence of an intrusion or an attempted intrusion. Precursors are the events or the activities that occur before or during an intrusion, such as the reconnaissance, the scanning, or the probing. Indicators are the events or the activities that occur after or as a result of an intrusion, such as the exploitation, the backdoor, or the payload. The first action for a security administrator who detects an intrusion on the network is to isolate and contain the intrusion, which means to disconnect or block the affected system or network from the rest of the environment and prevent the intrusion from spreading or causing more damage. Isolating and containing the intrusion can help protect the other systems or networks from being compromised, preserve the evidence for the investigation, and facilitate the recovery and the restoration of the normal operations. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7: Security Operations, page 364. Free daily CISSP practice questions, Question 4.