CISSP Exam Question 856
The Internet Architecture Board (IAB) characterizes which of the following as unethical behavior for Internet users?
Correct Answer: C
The question is specifically about the IAB. This is why the best answer is the best answer. However there is nothing legal or ethical with any of the other choices presented. They would be covered under other Code of Ethics.
Another very important Code of Ethics you must be familiar with for the purpose of the exam is the ISC2 Code Of Ethics. You can read the full version of the ISC2 code of ethics at:
http://www.isc2.org/uploadedFiles/%28ISC%292_Public_Content/Code_of_ethics/ISC2-Code-of-Ethics.pdf
The 4 high level canons listed within the ISC2 Code of Ethics are listed in order of importance
within the document above. You should know the order of the 4 canons for the purpose of the
exam.
Internet Architecture Board
The Internet Architecture Board (IAB) is the coordinating committee for Internet design,
engineering, and management. It is an independent committee of researchers and professionals
with a technical interest in the health and evolution of the Internet.
IAB has two principal subsidiary task forces:
The Internet Engineering Task Force (IETF) and
The Internet Research Task Force (IRFT).
The IAB issues ethics-related statements concerning the use of the Internet.It considers the
Internet to be a resource that depends upon availability and accessibility to be useful to a wide
range of people. It is mainly concerned with irresponsible acts on the Internet that could threaten
its existence or negatively affect others. It sees the Internet as a great gift and works hard to
protect it for all who depend upon it. IAB sees the use of the Internet as a privilege, which should
be treated as such and used with respect.
The IAB considers the following acts as unethical and unacceptable behavior:
Purposely seeking to gain unauthorized access to Internet resources
Disrupting the intended use of the Internet
Wasting resources (people, capacity, and computers) through purposeful actions
Destroying the integrity of computer-based information
Compromising the privacy of others
Conducting Internet-wide experiments in a negligent manner
The (ISC)2Code of Ethics
All information systems security professionals who are certified by (ISC)2 recognize that such
certification is a privilege that must be both earned and maintained. In support of this principle, all
Certified Information Systems Security Professionals (CISSPs) commit to fully support this Code
of Ethics. CISSPs who intentionally or knowingly violate any provision of the Code will be subject
to action by a peer review panel, which may result in the revocation of certification.
Code of Ethics Preamble:
Safety of the commonwealth, duty to our principals, and to each other requires that we adhere,
and be seen to adhere, to the highest ethical standards of behavior.
Therefore, strict adherence to this code is a condition of certification.
Code of Ethics Canons:
Protect society, the commonwealth, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.
The Code of Ethics
Protect society, the commonwealth, and the infrastructure
Promote and preserve public trust and confidence in information and systems.
Promote the understanding and acceptance of prudent information security measures.
Preserve and strengthen the integrity of the public infrastructure.
Discourage unsafe practice.
Act honorably, honestly, justly, responsibly, and legally
Tell the truth; make all stakeholders aware of your actions on a timely basis.
Observe all contracts and agreements, express or implied.
Treat all constituents fairly. In resolving conflicts, consider public safety and duties to principals,
individuals, and the profession in that order.
Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort. Take care to
be truthful, objective, cautious, and within your competence.
When resolving differing laws in different jurisdictions, give preference to the laws of the
jurisdiction in which you render your service.
Provide diligent and competent service to principals
Preserve the value of their systems, applications, and information.
Respect their trust and the privileges that they grant you.
Avoid conflicts of interest or the appearance thereof.
Render only those services for which you are fully competent and qualified.
Advance and protect the profession
Sponsor for professional advancement those best qualified. All other things equal, prefer those
who are certified and who adhere to these canons. Avoid professional association with those
whose practices or reputation might diminish the profession.
Take care not to injure the reputation of other professionals through malice or indifference.
Maintain your competence; keep your skills and knowledge current. Give generously of your time
and knowledge in training others.
The following reference(s) were used for this question:
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
and
Fundamentals of Information Security
Another very important Code of Ethics you must be familiar with for the purpose of the exam is the ISC2 Code Of Ethics. You can read the full version of the ISC2 code of ethics at:
http://www.isc2.org/uploadedFiles/%28ISC%292_Public_Content/Code_of_ethics/ISC2-Code-of-Ethics.pdf
The 4 high level canons listed within the ISC2 Code of Ethics are listed in order of importance
within the document above. You should know the order of the 4 canons for the purpose of the
exam.
Internet Architecture Board
The Internet Architecture Board (IAB) is the coordinating committee for Internet design,
engineering, and management. It is an independent committee of researchers and professionals
with a technical interest in the health and evolution of the Internet.
IAB has two principal subsidiary task forces:
The Internet Engineering Task Force (IETF) and
The Internet Research Task Force (IRFT).
The IAB issues ethics-related statements concerning the use of the Internet.It considers the
Internet to be a resource that depends upon availability and accessibility to be useful to a wide
range of people. It is mainly concerned with irresponsible acts on the Internet that could threaten
its existence or negatively affect others. It sees the Internet as a great gift and works hard to
protect it for all who depend upon it. IAB sees the use of the Internet as a privilege, which should
be treated as such and used with respect.
The IAB considers the following acts as unethical and unacceptable behavior:
Purposely seeking to gain unauthorized access to Internet resources
Disrupting the intended use of the Internet
Wasting resources (people, capacity, and computers) through purposeful actions
Destroying the integrity of computer-based information
Compromising the privacy of others
Conducting Internet-wide experiments in a negligent manner
The (ISC)2Code of Ethics
All information systems security professionals who are certified by (ISC)2 recognize that such
certification is a privilege that must be both earned and maintained. In support of this principle, all
Certified Information Systems Security Professionals (CISSPs) commit to fully support this Code
of Ethics. CISSPs who intentionally or knowingly violate any provision of the Code will be subject
to action by a peer review panel, which may result in the revocation of certification.
Code of Ethics Preamble:
Safety of the commonwealth, duty to our principals, and to each other requires that we adhere,
and be seen to adhere, to the highest ethical standards of behavior.
Therefore, strict adherence to this code is a condition of certification.
Code of Ethics Canons:
Protect society, the commonwealth, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.
The Code of Ethics
Protect society, the commonwealth, and the infrastructure
Promote and preserve public trust and confidence in information and systems.
Promote the understanding and acceptance of prudent information security measures.
Preserve and strengthen the integrity of the public infrastructure.
Discourage unsafe practice.
Act honorably, honestly, justly, responsibly, and legally
Tell the truth; make all stakeholders aware of your actions on a timely basis.
Observe all contracts and agreements, express or implied.
Treat all constituents fairly. In resolving conflicts, consider public safety and duties to principals,
individuals, and the profession in that order.
Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort. Take care to
be truthful, objective, cautious, and within your competence.
When resolving differing laws in different jurisdictions, give preference to the laws of the
jurisdiction in which you render your service.
Provide diligent and competent service to principals
Preserve the value of their systems, applications, and information.
Respect their trust and the privileges that they grant you.
Avoid conflicts of interest or the appearance thereof.
Render only those services for which you are fully competent and qualified.
Advance and protect the profession
Sponsor for professional advancement those best qualified. All other things equal, prefer those
who are certified and who adhere to these canons. Avoid professional association with those
whose practices or reputation might diminish the profession.
Take care not to injure the reputation of other professionals through malice or indifference.
Maintain your competence; keep your skills and knowledge current. Give generously of your time
and knowledge in training others.
The following reference(s) were used for this question:
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
and
Fundamentals of Information Security
CISSP Exam Question 857
When adopting software as a service (Saas), which security responsibility will remain with remain with the adopting organization?
Correct Answer: D
CISSP Exam Question 858
In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of
Correct Answer: D
According to the CISSP CBK Official Study Guide1, the Software Development Life Cycle (SDLC) phase that requires maintaining accurate hardware and software inventories is change management. SDLC is a structured process that is used to design, develop, and test good-quality software. SDLC consists of several phases or stages that cover the entire life cycle of the software, from the initial idea or concept to the final deployment or maintenance of the software. SDLC aims to deliver high-quality, maintainable software that meets the user's requirements and fits within the budget and schedule of the project. Change management is the process of controlling or managing the changes or modifications that are made to the software or the system during the SDLC, by using or applying the appropriate methods or mechanisms, such as the policies, procedures, or tools of the project. Change management helps to ensure the security or the integrity of the software or the system, as well as the quality or the performance of the software or the system, by preventing or minimizing the risks or the impacts of the changes or modifications that may affect or impair the software or the system, such as the errors, defects, or vulnerabilities of the software or the system. Maintaining accurate hardware and software inventories is a critical part of change management, as it provides or supports a reliable or consistent source or basis to identify or track the hardware and software components or elements that are involved or included in the software or the system, as well as the changes or modifications that are made to the hardware and software components or elements during the SDLC, such as the name, description, version, status, or value of the hardware and software components or elements of the software or the system.
Maintaining accurate hardware and software inventories helps to ensure the security or the integrity of the software or the system, as well as the quality or the performance of the software or the system, by enabling or facilitating the monitoring, evaluation, or improvement of the hardware and software components or elements of the software or the system, by using or applying the appropriate methods or mechanisms, such as the reporting, auditing, or optimization of the hardware and software components or elements of the software or the system. Systems integration is not the SDLC phase that requires maintaining accurate hardware and software inventories, although it may be a benefit or a consequence of change management. Systems integration is the process of combining or integrating the hardware and software components or elements of the software or the system, by using or applying the appropriate methods or mechanisms, such as the interfaces, protocols, or standards of the project. Systems integration helps to ensure the functionality or the interoperability of the software or the system, as well as the compatibility or the consistency of the hardware and software components or elements of the software or the system, by ensuring or verifying that the hardware and software components or elements of the software or the system work or operate together or with other systems or networks, as intended or expected by the user or the client of the software or the system. Systems integration may be a benefit or a consequence of change management, as change management may provide or support a framework or a guideline to perform or conduct the systems integration, by controlling or managing the changes or modifications that are made to the hardware and software components or elements of the software or the system, as well as by maintaining accurate hardware and software inventories of the software or the system. However, systems integration is not the SDLC phase that requires maintaining accurate hardware and software inventories, as it is not the main or the most important objective or purpose of systems integration, which is to combine or integrate the hardware and software components or elements of the software or the system. Risk management is not the SDLC phase that requires maintaining accurate hardware and software inventories, although it may be a benefit or a consequence of change management. Risk management is the process of identifying, analyzing, evaluating, and treating the risks or the uncertainties that may affect or impair the software or the system, by using or applying the appropriate methods or mechanisms, such as the policies, procedures, or tools of the project. Risk management helps to ensure the security or the integrity of the software or the system, as well as the quality or the performance of the software or the system, by preventing or minimizing the impact or the consequence of the risks or the uncertainties that may harm or damage the software or the system, such as the threats, attacks, or incidents of the software or the system. Risk management may be a benefit or a consequence of change management, as change management may provide or support a framework or a guideline to perform or conduct the risk management, by controlling or managing the changes or modifications that are made to the software or the system, as well as by maintaining accurate hardware and software inventories of the software or the system. However, risk management is not the SDLC phase that requires maintaining accurate hardware and software inventories, as it is not the main or the most important objective or purpose of risk management, which is to identify, analyze, evaluate, and treat the risks or the uncertainties of the software or the system. Quality assurance is not the SDLC phase that requires maintaining accurate hardware and software inventories, although it may be a benefit or a consequence of change management. Quality assurance is the process of ensuring or verifying the quality or the performance of the software or the system, by using or applying the appropriate methods or mechanisms, such as the standards, criteria, or metrics of the project. Quality assurance helps to ensure the security or the integrity of the software or the system, as well as the quality or the performance of the software or the system, by preventing or detecting the errors, defects, or vulnerabilities of the software or the system, by using or applying the appropriate methods or mechanisms, such as the testing, validation, or verification of the software or the system. Quality assurance may be a benefit or a consequence of change management, as change management may provide or support a framework or a guideline to perform or conduct the quality assurance, by controlling or managing the changes or modifications that are made to the software or the system, as well as by maintaining accurate hardware and software inventories of the software or the system. However, quality assurance is not the SDLC phase that requires maintaining accurate hardware and software inventories, as it is not the main or the most important objective or purpose of quality assurance, which is to ensure or verify the quality or the performance of the software or the system.
Maintaining accurate hardware and software inventories helps to ensure the security or the integrity of the software or the system, as well as the quality or the performance of the software or the system, by enabling or facilitating the monitoring, evaluation, or improvement of the hardware and software components or elements of the software or the system, by using or applying the appropriate methods or mechanisms, such as the reporting, auditing, or optimization of the hardware and software components or elements of the software or the system. Systems integration is not the SDLC phase that requires maintaining accurate hardware and software inventories, although it may be a benefit or a consequence of change management. Systems integration is the process of combining or integrating the hardware and software components or elements of the software or the system, by using or applying the appropriate methods or mechanisms, such as the interfaces, protocols, or standards of the project. Systems integration helps to ensure the functionality or the interoperability of the software or the system, as well as the compatibility or the consistency of the hardware and software components or elements of the software or the system, by ensuring or verifying that the hardware and software components or elements of the software or the system work or operate together or with other systems or networks, as intended or expected by the user or the client of the software or the system. Systems integration may be a benefit or a consequence of change management, as change management may provide or support a framework or a guideline to perform or conduct the systems integration, by controlling or managing the changes or modifications that are made to the hardware and software components or elements of the software or the system, as well as by maintaining accurate hardware and software inventories of the software or the system. However, systems integration is not the SDLC phase that requires maintaining accurate hardware and software inventories, as it is not the main or the most important objective or purpose of systems integration, which is to combine or integrate the hardware and software components or elements of the software or the system. Risk management is not the SDLC phase that requires maintaining accurate hardware and software inventories, although it may be a benefit or a consequence of change management. Risk management is the process of identifying, analyzing, evaluating, and treating the risks or the uncertainties that may affect or impair the software or the system, by using or applying the appropriate methods or mechanisms, such as the policies, procedures, or tools of the project. Risk management helps to ensure the security or the integrity of the software or the system, as well as the quality or the performance of the software or the system, by preventing or minimizing the impact or the consequence of the risks or the uncertainties that may harm or damage the software or the system, such as the threats, attacks, or incidents of the software or the system. Risk management may be a benefit or a consequence of change management, as change management may provide or support a framework or a guideline to perform or conduct the risk management, by controlling or managing the changes or modifications that are made to the software or the system, as well as by maintaining accurate hardware and software inventories of the software or the system. However, risk management is not the SDLC phase that requires maintaining accurate hardware and software inventories, as it is not the main or the most important objective or purpose of risk management, which is to identify, analyze, evaluate, and treat the risks or the uncertainties of the software or the system. Quality assurance is not the SDLC phase that requires maintaining accurate hardware and software inventories, although it may be a benefit or a consequence of change management. Quality assurance is the process of ensuring or verifying the quality or the performance of the software or the system, by using or applying the appropriate methods or mechanisms, such as the standards, criteria, or metrics of the project. Quality assurance helps to ensure the security or the integrity of the software or the system, as well as the quality or the performance of the software or the system, by preventing or detecting the errors, defects, or vulnerabilities of the software or the system, by using or applying the appropriate methods or mechanisms, such as the testing, validation, or verification of the software or the system. Quality assurance may be a benefit or a consequence of change management, as change management may provide or support a framework or a guideline to perform or conduct the quality assurance, by controlling or managing the changes or modifications that are made to the software or the system, as well as by maintaining accurate hardware and software inventories of the software or the system. However, quality assurance is not the SDLC phase that requires maintaining accurate hardware and software inventories, as it is not the main or the most important objective or purpose of quality assurance, which is to ensure or verify the quality or the performance of the software or the system.
CISSP Exam Question 859
A security architect is responsible for the protection of a new home banking system. Which of the following solutions can BEST improve the confidentiality and integrity of this external system?
Correct Answer: A
Section: Mixed questions
CISSP Exam Question 860
A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions.
These capabilities are BEST described as
These capabilities are BEST described as
Correct Answer: D
The capabilities of the system that allow its business users to perform business functions but not user administration functions, and its application administrators to perform administration functions but not user business functions, are best described as separation of duties. Separation of duties is a security principle that divides the roles and responsibilities of different tasks or functions among different individuals or groups, so that no one person or group has complete control or authority over a critical process or asset. Separation of duties can help to prevent fraud, collusion, abuse, or errors, and to ensure accountability, oversight, and checks and balances. Least privilege, rule based access controls, and Mandatory Access Control (MAC) are not the best descriptions of the capabilities of the system, as they do not reflect the division of roles and responsibilities among different users or groups. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1, Security and Risk Management, page 32. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 1, Security and Risk Management, page 45.
- Other Version
- 1573ISC.CISSP.v2026-05-11.q720
- 3379ISC.CISSP.v2024-06-16.q746
- 63ISC.Braindumpspass.CISSP.v2022-04-14.by.egbert.619q.pdf
- 10062ISC.CISSP.v2022-02-09.q619
- 8973ISC.CISSP.v2021-08-21.q483
- Latest Upload
- 141Microsoft.AB-900.v2026-06-27.q28
- 136BCS.BAPv5.v2026-06-27.q50
- 148TheOpenGroup.OGEA-101.v2026-06-27.q69
- 175CyberAB.CMMC-CCP.v2026-06-26.q98
- 153MedicalProfessional.CCM.v2026-06-26.q60
- 165RedHat.EX200.v2026-06-25.q31
- 291Microsoft.DP-100.v2026-06-25.q212
- 262IIBA.ECBA.v2026-06-24.q96
- 296Microsoft.AI-102.v2026-06-24.q184
- 172Databricks.Databricks-Generative-AI-Engineer-Associate.v2026-06-24.q31