ISC Updated CISSP Exam Questions and Answers by aliyah

 Code quality, security, and origin are important criteria when designing procedures and acceptance criteria for acquired software. Code quality refers to the degree to which the software meets the functional and nonfunctional requirements, as well as the standards and best practices for coding. Security refers to the degree to which the software protects the confidentiality, integrity, and availability of the data and the system. Origin refers to the source and ownership of the software, as well as the licensing and warranty terms. Architecture, hardware, and firmware are not criteria for acquired software, but for the system that hosts the software. Data quality, provenance, and scaling are not criteria for acquired software, but for the data that the software processes. Distributed, agile, and bench testing are not criteria for acquired software, but for the software development and testing methods. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8: Software Development Security, page 947; Official (ISC)2 Guide to the CISSP CBK, Fifth Edition, Chapter 7: Software Development Security, page 869.

The main goal of information security awareness and training is to inform users of information assurance responsibilities. Information security awareness and training is a process or a program that aims to educate and inform the users or the employees of an organization about the information security policies and standards, as well as the best practices and the guidelines for protecting the confidentiality, the integrity, and the availability of the information and the systems. Information security awareness and training can provide some benefits for security, such as enhancing the knowledge and the skills of the users or the employees, preventing or mitigating human errors or threats, and supporting the audit and the compliance activities. Information security awareness and training can involve various methods and techniques, such as:

• Security awareness, which is the process or the program that aims to increase the level of understanding and recognition of the users or the employees about the importance and the value of information security, as well as the potential risks or issues that may affect information security, such as malware, phishing, or social engineering. Security awareness can be delivered through various methods, such as posters, newsletters, videos, or games.
• Security education, which is the process or the program that aims to enhance the knowledge and the comprehension of the users or the employees about the information security policies and standards, as well as the best practices and the guidelines for protecting information security, such as encryption, authentication, or backup. Security education can be delivered through various methods, such as courses, workshops, webinars, or books.
• Security training, which is the process or the program that aims to improve the skills and the proficiency of the users or the employees in performing specific tasks or functions related to information security, such as installing, configuring, or using security tools or applications, or responding to security incidents or events. Security training can be delivered through various methods, such as simulations, exercises, tests, or certifications.

The main goal of information security awareness and training is to inform users of information assurance responsibilities, which are the obligations or the duties of the users or the employees to protect the confidentiality, the integrity, and the availability of the information and the systems, as well as to comply with the information security policies and standards, and to report or disclose any information security issues or incidents. Informing users of information assurance responsibilities can help to ensure the security and the compliance of the information and the systems, as well as to reduce or prevent the human errors or threats that may compromise or damage the information and the systems. To inform users of the latest malware threats, to comply with the organization information security policy, and to prepare students for certification are not the main goals of information security awareness and training, although they may be related or possible outcomes or benefits. To inform users of the latest malware threats is a goal of security awareness, which is a part of information security awareness and training, but it is not the main goal of information security awareness and training, as it is not the only or the most important aspect of information security that the users or the employees need to understand and recognize. To comply with the organization information security policy is a goal of security education, which is a part of information security awareness and training, but it is not the main goal of information security awareness and training, as it is not the only or the most important aspect of information security that the users or the employees need to know and comprehend. To prepare students for certification is a goal of security training, which is a part of information security awareness and training, but it is not the main goal of information security awareness and training, as it is not the only or the most important aspect of information security that the users or the employees need to learn and practice.

The best method used by a forensic examiner to isolate the powered-on device from the network and preserve the evidence is to put the device in airplane mode. Airplane mode is a feature that disables the wireless communication functions of the device, such as cellular, Wi-Fi, Bluetooth, or GPS. Putting the device in airplane mode can isolate the device from the network and prevent any remote access, modification, deletion, or wiping of the data on the device. Putting the device in airplane mode can also preserve the evidence by maintaining the current state of the device, such as the battery level, the signal strength, the date and time, or the notifications. Putting the device in airplane mode can also avoid any legal or ethical issues that may arise from intercepting or monitoring the network traffic of the device. Suspend the account with the telecommunication provider, remove the SIM card, and turn the device off are not the best methods used by a forensic examiner to isolate the powered-on device from the network and preserve the evidence, although they may be possible or alternative options. Suspend the account with the telecommunication provider is a method that involves contacting the service provider and requesting them to disable the service or the account associated with the device. Suspend the account with the telecommunication provider can isolate the device from the cellular network, but it may not isolate the device from other wireless networks, such as Wi-Fi or Bluetooth. Suspend the account with the telecommunication provider may also require a court order or a warrant, and it may alert the owner or the user of the device. Remove the SIM card is a method that involves physically removing the subscriber identity module (SIM) card from the device. The SIM card is a small chip that stores the information and the credentials of the user and the service provider, and it enables the device to connect to the cellular network. Remove the SIM card can isolate the device from the cellular network, but it may not isolate the device from other wireless networks, such as Wi-Fi or Bluetooth. Remove the SIM card may also alter or damage the data on the SIM card or the device, and it may require special tools or skills. Turn the device off is a method that involves powering off the device completely. Turn the device off can isolate the device from all wireless networks, such as cellular, Wi-Fi, Bluetooth, or GPS. Turn the device off may also prevent any further data loss or corruption on the device. However, turn the device off may also cause some data to be erased or overwritten, such as the data in the volatile memory (RAM) or the temporary files. Turn the device off may also trigger some security mechanisms, such as encryption, password, or biometric lock, that may prevent or hinder the access to the data on the device. 

 The security access policy that contains fixed security attributes that are used by the system to determine a user’s access to a file or object is Mandatory Access Control (MAC). MAC is a type of access control model that assigns permissions to users and objects based on their security labels, which indicate their level of sensitivity or trustworthiness. MAC is enforced by the system or the network, rather than by the owner or the creator of the object, and it cannot be modified or overridden by the users. MAC can provide some benefits for security, such as enhancing the confidentiality and the integrity of the data, preventing unauthorized access or disclosure, and supporting the audit and compliance activities. MAC is commonly used in military or government environments, where the data is classified according to its level of sensitivity, such as top secret, secret, confidential, or unclassified. The users are granted security clearance based on their level of trustworthiness, such as their background, their role, or their need to know. The users can only access the objects that have the same or lower security classification than their security clearance, and the objects can only be accessed by the users that have the same or higher security clearance than their security classification. This is based on the concept of no read up and no write down, which requires that a user can only read data of lower or equal sensitivity level, and can only write data of higher or equal sensitivity level. MAC contains fixed security attributes that are used by the system to determine a user’s access to a file or object, by using the following methods:

• Assigning security labels to the users and the objects, which consist of a security classification and a set of security categories. The security classification indicates the level of sensitivity of the data, such as top secret, secret, confidential, or unclassified. The security categories indicate the subject matter or the scope of the data, such as nuclear, military, or intelligence. The security labels are attached to the users and the objects as metadata or tags, and they cannot be changed or removed by the users.
• Comparing the security labels of the users and the objects, using a reference monitor or an access control matrix. The reference monitor is a software component that intercepts and evaluates the requests for access to the objects, and grants or denies the access based on the security labels of the users and the objects. The access control matrix is a data structure that lists the users and the objects, and the permissions that each user has on each object, based on the security labels of the users and the objects.