In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain. What could be done on this device in order to obtain proper connectivity?
Correct Answer: B
Network Access Control (NAC) is a technology that enforces security policies and controls on the devices that attempt to access a network. NAC can verify the identity and compliance of the devices, and grant or deny access based on predefined rules and criteria. NAC can also place the devices into different domains or segments, depending on their security posture and role. One of the domains that NAC can create is the isolated domain, which is a restricted network segment that isolates the devices that do not meet the security requirements or pose a potential threat to the network. The devices in the isolated domain have limited or no access to the network resources, and are subject to remediation actions. Remediation is the process of fixing or improving the security status of the devices, by applying the necessary updates, patches, configurations, or software. Remediation can be performed automatically by the NAC system, or manually by the device owner or administrator. Therefore, the best thing that can be done on a device that is placed into an isolated domain by NAC is to apply remediation's according to the security requirements, which can restore the device's compliance and enable it to access the network normally.
CISSP Exam Question 22
An Internet software application requires authentication before a user is permitted to utilize the resource. Which testing scenario BEST validates the functionality of the application?
Correct Answer: C
Web session testing is the testing scenario that best validates the functionality of an Internet software application that requires authentication before a user is permitted to utilize the resource. Web session testing is a type of software testing that verifies the behavior and the performance of a web application when it interacts with the user through a web browser. Web session testing can check various aspects of a web application, such as the user interface, the navigation, the functionality, the security, the usability, and the compatibility. Web session testing can also validate the authentication and the authorization mechanisms of a web application, such as the login process, the session management, the access control, and the logout process. Web session testing can help ensure that the web application provides a secure and reliable service to the user, and that the user can access the web application resources only after being authenticated and authorized.
CISSP Exam Question 23
Which layer of the Open systems Interconnection (OSI) model is being targeted in the event of a Synchronization (SYN) flood attack?
Correct Answer: B
A Synchronization (SYN) flood attack is a type of denial-of-service (DoS) attack that exploits the three-way handshake mechanism of the Transmission Control Protocol (TCP), which operates at the transport layer of the Open Systems Interconnection (OSI) model. In a SYN flood attack, the attacker sends a large number of SYN packets to the target server, but does not respond to the SYN-ACK packets sent by the server. This causes the server to exhaust its resources and become unable to accept legitimate requests. The session, network, and presentation layers of the OSI model are not directly involved in this attack.
CISSP Exam Question 24
The 802.1x standard provides a framework for what?
Correct Answer: B
The 802.1x standard provides a framework for network authentication for wired and wireless networks. The 802.1x standard defines the Extensible Authentication Protocol (EAP), which is a protocol that enables the exchange of authentication information between a supplicant (a device that wants to access the network), an authenticator (a device that controls the access to the network), and an authentication server (a device that verifies the identity and credentials of the supplicant). The 802.1x standard supports various authentication methods, such as passwords, certificates, tokens, or biometrics.
CISSP Exam Question 25
The PRIMARY purpose of accreditation is to:
Correct Answer: B
According to the CISSP CBK Official Study Guide, the primary purpose of accreditation is to allow senior management to make an informed decision regarding whether to accept the risk of operating the system. Accreditation is the process of formally authorizing a system to operate based on the results of the security assessment and the risk analysis. Accreditation is a management responsibility that involves evaluating the security posture, the residual risk, and the compliance status of the system, and determining if the system is acceptable to operate within the organization's risk tolerance. Accreditation does not necessarily mean that the system complies with applicable laws and regulations, protects the organization's sensitive data, or verifies that all security controls have been implemented properly and are operating in the correct manner, although these may be factors that influence the accreditation decision.