CISSP 2024 Practice Questions (Scenario-Based) - Domain 7: Security Operations

Рет қаралды 4,064

Күн бұрын

Пікірлер: 13

@anupanu-yc5kq 3 ай бұрын

Qun 4, I can not agree with the answer,,, Network traffic analysis can help identify whether the employee transferred sensitive data to external parties. While important for tracking exfiltration, this step would be more effective after securing the digital evidence from the employee’s work computer. It is typically used to complement forensic analysis on the employee's machine but does not replace the need to preserve physical evidence. The most critical step in any digital forensic investigation is to ensure that the integrity of the evidence is maintained. Using a write blocker to create a forensic image of the employee’s computer ensures that the original data remains unchanged during the investigation. This allows the security team to perform subsequent analysis on the forensic image, preserving the chain of custody and ensuring the evidence can be used in court if necessary. If the data is gone, no point of jumping into NW traffic analysis as 1st step, It can be done later after securing the evidence.

@Tradmos 11 ай бұрын

Question 5 specifically asks which action should be taken FIRST when investigating activities in the SIEM logs and there was no mention of the company using firewalls. If you claim a security company implements a SIEM solution to monitor and manage security events, all eyes will go to the SIEM if there is a breach. Checking the firewall logs is a correct answer but the questions should be made very clear in this situation.

@InfoSecGuardians 10 ай бұрын

You're absolutely right. The question should indeed provide clearer guidance on the specific actions to take when investigating suspicious activities in the SIEM logs. While analyzing firewall logs is a crucial step, the question could have been clearer to avoid any ambiguity. Thank you for highlighting this point.

@faboge 10 ай бұрын

I agree! I got the question right but it maybe just by luck! My eyes went right to the SIEM first!

@Tradmos 11 ай бұрын

Question 6. Establishing a recovery site is a long term recovery plan and may not be an immediate priority for restoration. A more correct answer should have been implementing an already existing recovery site. The choice of words can often mislead the student to pick the wrong answer.

@InfoSecGuardians 10 ай бұрын

Thanks for your review. The question talks about strategy and not solution. Secondly, " implementing an already existing recovery site" is not part of the available choices. Establishing a recovery site strategy (Option B) should be prioritized for the organization because it ensures business continuity by providing an alternate location for restoring critical systems and data in the event of a cyberattack. While other options such as implementing backup storage strategies, enhancing system resilience, and implementing fault tolerance measures are important, they may not directly address the need for a recovery site to quickly restore operations and minimize the impact of the cyberattack.

@Tradmos 11 ай бұрын

Question 1. If the attackers are already exploiting the vulnerability, I think the organization would enter the incident response phase and no longer be in the Defense phase.

@InfoSecGuardians 10 ай бұрын

While incident response and management (Option B) are critical components of a comprehensive security program, the primary focus of a secure email gateway in this scenario is on implementing a defense-in-depth strategy (Option C) to mitigate the risk of phishing attacks. A secure email gateway adds a layer of security to the organization's email system by inspecting incoming and outgoing emails for malicious content, filtering out phishing emails, and blocking suspicious attachments. This approach aligns with the defense-in-depth concept, which involves implementing multiple layers of security controls to protect against various types of threats. While incident response and management are essential for responding to security incidents, including phishing attacks, the implementation of a secure email gateway is a proactive measure to prevent such attacks from being successful in the first place, making defense in depth the more appropriate concept to address in this context.

@yujiro6347 2 ай бұрын

I just stopped at question 2 and i hard disagree with your answer, for a multinational company you do not want to involve law enforcement in your investigation as it will cause an upset and uproar in the public community which can heavily affect your organization. For the answers mentioned only B was the closest to the right answer. I am just curious did you make up these questions and answers or is this made up from AI?