ISC Updated CISSP Exam Questions and Answers by sam

The document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls is the Plan of Action and Milestones (POA&M). A POA&M is a tool that helps to track and manage the remediation actions for the identified weaknesses or gaps in the security controls. A POA&M typically includes the following elements: the description of the weakness, the source of the weakness, the risk level of the weakness, the proposed corrective action, the responsible party, the estimated completion date, and the status of the action. A POA&M can help to prioritize the remediation efforts, monitor the progress, and report the results. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 6: Security Assessment and Testing, page 295; [Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 6: Security Assessment and Testing, page 421]

The primary motivation for writing a data retention policy based on applicable laws is to dispose of data in order to limit liability. A data retention policy is a document that defines the rules and guidelines for retaining and disposing of the data that is created, received, or maintained by an organization. A data retention policy is based on various factors, such as the business needs, the legal requirements, the regulatory compliance, and the security risks of the data. The main purpose of a data retention policy is to dispose of the data that is no longer needed, used, or relevant for the organization, in order to limit the liability that may arise from keeping the data. For example, if the data is subject to litigation, discovery, or breach, the organization may face legal, financial, or reputational consequences. By disposing of the data according to the data retention policy, the organization can reduce the exposure and damage of the data, and avoid unnecessary costs and penalties. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1: Security and Risk Management, page 21. CISSP Practice Exam | Boson, Question 9.

 The Authorizing Official (AO) determines the required level of independence for security control assessors (SCA). The AO is the senior official or executive who has the authority to formally assume responsibility for operating an information system at an acceptable level of risk. The AO decides the extent of independence needed for the SCA to conduct an objective and impartial assessment of the security controls implemented in the system. The level of independence may vary depending on the type, complexity, and criticality of the system, as well as the organizational policies and standards. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 3: Security Engineering, page 122. CISSP Testking ISC Exam Questions, Question 4.

The technology that would provide the best alternative to anti-malware software is application whitelisting. Anti-malware software is a software program that detects, prevents, and removes malware, such as viruses, worms, trojans, ransomware, or spyware, from a computer or a network. Anti-malware software usually relies on signature-based detection, which means that it compares the files or processes on the computer or the network with a database of known malware signatures, and blocks or deletes the files or processes that match the signatures. However, anti-malware software has some limitations and drawbacks, such as being unable to detect new or unknown malware, being vulnerable to evasion or tampering techniques, consuming system resources and bandwidth, or requiring frequent updates and maintenance. Application whitelisting is a technology that allows only authorized or trusted applications to run on a computer or a network, and blocks or denies all other applications. Application whitelisting can provide a better alternative to anti-malware software, as it can prevent malware from executing or infecting the computer or the network, regardless of whether the malware is known or unknown, or whether it uses evasion or tampering techniques. Application whitelisting can also improve the performance and stability of the computer or the network, as it reduces the system overhead and the network traffic. However, application whitelisting also has some challenges and risks, such as being difficult to implement and manage, being incompatible with some applications or systems, or being susceptible to bypass or exploitation methods. Host-based Intrusion Detection Systems (HIDS), host-based firewalls, and application sandboxing are not the best alternatives to anti-malware software, as they are either not as effective or not as efficient as application whitelisting, or they serve different purposes or functions than anti-malware software. References:

• [Anti-malware Software]
• [Application Whitelisting]
• [Application Whitelisting vs. Blacklisting: Which Is More Secure?]