CarlsCloud™

CarlsCloud™ Study Guide Series: CISSP Mock Exam Deep Dive - Questions 11-15 - ANSWERS & EXPLANATIONS

Carl Ballenger, CISSP -

Welcome back to our CISSP mock exam deep dive!

In this post, we'll provide the correct answers and detailed explanations for questions 11-15, along with the relevant CISSP domain for each question.

Question 11: Capability Maturity Model (CMM)

Xavier is reviewing an organization's security program using the CMM and finds that the program operates according to a formal, documented process but does not use quantitative measures to understand that process. What level of the CMM should he assess this organization at?

  • A. Defined
  • B. Repeatable
  • C. Managed
  • D. Optimizing
The Answer: The correct answer is A. Defined
Explanation: The Capability Maturity Model (CMM) has several levels. The "Defined" level indicates that processes are documented and standardized, but not yet measured quantitatively. Organizations at this stage have formalized their processes but haven't started using metrics for analysis and improvement.
Relevant CISSP Domain: This question falls under Domain 5: Identity and Access Management (IAM), specifically regarding security program management and maturity assessments.

Question 12: Secure Storage of Encryption Keys

Which one of the following components is found in many modern end-user devices and allows the secure storage of encryption keys?

  • A. HSM
  • B. CPU
  • C. TPM
  • D. GPU
The Answer: The correct answer is C. TPM
Explanation: A Trusted Platform Module (TPM) is a specialized chip on many devices that provides secure storage for encryption keys, digital certificates, and passwords. This contrasts with CPUs and GPUs which perform processing functions, and with HSMs, which are hardware security modules more often used in larger systems.
Relevant CISSP Domain: This relates to Domain 3: Security Engineering, specifically regarding cryptographic systems and hardware security.

Question 13: Data Ownership Responsibilities

You have recently been assigned data ownership responsibility for a subset of your organization's information. Which one of the following responsibilities is LEAST likely to be associated with this role?

  • A. Decide who has access to the information
  • B. Configure security controls to protect the information
  • C. Establish rules for appropriate use of the information
  • D. Provide input into security requirements for the information

The Answer: The correct answer is B. Configure security controls to protect the information.
Explanation: Data owners are primarily responsible for defining the value, access, and use of their data. They decide who has access, establish usage rules, and input into security requirements. They typically do not configure the actual security controls; this responsibility usually falls to data custodians or system administrators.
CISSP Domain: This question pertains to Domain 4: Communication and Network Security, and Domain 5: Identity and Access Management (IAM), particularly with regards to data governance and access control roles.

Question 14: Network Isolation and Remediation

A user connected a device to your network and, when they open their web browser, are redirected to a website advising them that they have been placed on an isolation network because their system does not meet the organization's security requirements. They are unable to access any network resources until they remediate their device to comply with the organization's security policy. What type of security solution is in use on this network?

  • A. Intrusion Prevention System (IPS)
  • B. Configuration Management (CM) platform
  • C. Network Access Control (NAC)
  • D. Endpoint Detection and Response (EDR) platform

The Answer: The correct answer is C. Network Access Control (NAC).
Explanation: Network Access Control (NAC) systems monitor devices as they connect to a network, and they can enforce security policies. If a device doesn't meet requirements (e.g., missing patches, outdated antivirus), NAC can isolate it on a restricted network until the user takes action to fix the issue.
CISSP Domain: This is associated with Domain 4: Communication and Network Security, concerning network security architecture and enforcement.

Question 15: Digital Forensics and Evidence Handling

You have been asked to assist in the investigation of a security incident that took place in your organization. You are handed a laptop computer that is powered off and asked to analyze the data contained on its hard drive. What action should you take FIRST?

  • A. Remove the hard drive from the device
  • B. Power on the laptop
  • C. Connect to the hard drive with a forensic software package
  • D. Connect a write blocker to the device
The Answer: The correct answer is A. Remove the hard drive from the device.
Explanation: In digital forensics, preserving evidence integrity is essential. The first step is to remove the hard drive to prevent accidental changes. Powering on the device or directly connecting to it could alter the data. After removing the drive, a forensic copy should be created and analyzed, keeping the original evidence intact.
CISSP Domain: This question falls under Domain 8: Security Operations, specifically relating to incident response and digital forensics procedures.

Did you enjoy CarlsCloud™ today and did I help you at all?

If so, buy me a coffee or just shoot me a note via LinkedIn to say thanks it would mean a lot!