Section: Security Operations

Explanation/Reference:
Explanation:
IPSec works at the network layer, not at the transport layer.
Incorrect Answers:
A: IPSec protects networks by authenticating and encrypting each IP packet of a communication session.
C: IPSec protects against man-in-the-middle attacks by combining mutual authentication with shared, cryptography-based keys.
D: IPSec uses cryptography-based keys, shared only by the sending and receiving computers, to create a cryptographic checksum for each IP packet. The cryptographic checksum ensures that only the computers that have knowledge of the keys could have sent each packet. This products against spoofing.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1360

The step in the disaster recovery plan (DRP) that will list the greatest duration of time for the service to be fully operational is to update the Domain Name System (DNS) server addresses with the domain registrar.
DNS is a system that translates domain names, such as www.example.com, into IP addresses, such as
192.168.1.1, and vice versa. DNS enables users to access websites or services by using human-readable names, rather than numerical addresses. A domain registrar is an entity that manages the registration and reservation of domain names, and that maintains the records of the domain names and their corresponding DNS servers. A DNS server is a server that stores and provides the DNS records for a domain name, such as the IP address, the mail server, or the name server. In a disaster recovery scenario, where the primary website or service is unavailable or inaccessible due to a disaster, such as a fire, a flood, or a cyberattack, the DRP may involve switching to a backup or an alternate website or service that is hosted on a different location or a different provider. In order to do that, the DRP must update the DNS server addresses with the domain registrar, so that the domain name of the website or service points to the new IP address of the backup or the alternate website or service. However, this step may take a long time, as it depends on the propagation or the update of the DNS records across the internet, which may vary from a few minutes to a few days. Therefore, this step will list the greatest duration of time for the service to be fully operational, as it may cause a significant delay or downtime for the users or the customers. Updating the Network Address Translation (NAT) table, the Border Gateway Protocol (BGP) autonomous system number, or the web server network adapter configuration are not the steps in the DRP that will list the greatest duration of time for the service to be fully operational, as they are not related to the DNS server addresses or the domain registrar. NAT is a technique that converts or maps the private IP addresses of the internal network devices, such as 192.168.1.1, to the public IP addresses of the internet, such as 203.0.113.1, and vice versa. NAT enables the internal network devices to communicate with the external network devices, and to share a single public IP address.
BGP is a protocol that exchanges or advertises the routing information or the paths between different autonomous systems or networks on the internet, such as ISPs, cloud providers, or enterprises. BGP enables the optimal and efficient routing of the network traffic across the internet. A web server network adapter is a hardware device that connects the web server to the network, and that enables the web server to send or receive the network packets, such as HTTP requests or responses. Updating the NAT table, the BGP autonomous system number, or the web server network adapter configuration may be part of the DRP, but they will not list the greatest duration of time for the service to be fully operational, as they can be done quickly or locally, and they do not depend on the propagation or the update of the DNS records across the internet.
References: Official (ISC)2 Guide to the CISSP CBK, Fifth Edition, Chapter 19: Security Operations, page
1869.

Section: Software Development Security

Explanation/Reference:
Explanation:
RAID Level 1 is commonly called mirroring. It mirrors the data from one disk or set of disks by duplicating the data onto another disk or set of disks. This is often implemented by a one-for-one disk to disk ratio:
Each drive is mirrored to an equal drive partner that is continually being updated with current data. If one drive fails, the system automatically gets the data from the other drive. The main issue with this level of RAID is that the one-for-one ratio is very expensive - resulting in the highest cost per megabyte of data capacity. This level effectively doubles the amount of hard drives you need, therefore it is usually best for smaller capacity systems.
Incorrect Answers:
B: Striping is used in other RAID levels, but not in RAID level 1.
C: Clustering is not a RAID level.
D: RAID Level 1 is not called hamming. Hamming is code used to create parity data in RAID level 2.
References:
Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 144