CISSP - DOMAIN 7 QUESTIONS AND
ANSWERS WITH SOLUTIONS 2024
Operations Department - ANSWER Ensuring people, apps, equipment, and overall environment are
properly and adequately secured.
Administrative Management - ANSWER Dealing w/ personnel issues (including separation of duties and
job rotation, mandatory vacations, least privilege, and need-to-know).
Security and Network Personnel - ANSWER security administrator should not report to network
administrator (jobs can be at odds and mutually exclusive).
security administrator jobs:
- implement/maintain security devices and softare
- carry out security assessments
- create/maintain user profiles and implement/maintain access control mechanisms
- config/maintain security labels in MAC environments
- manage PW policies
- review audit logs
Accountability - ANSWER Important to maintain user privileged account management process to enforce
principle of least privilege and avoid authorization creep.
Clipping Level - ANSWER threshold/baseline for violation activities normal user commits before alarms
are raised. once clipping level exceeded, further violations recorded for review.
Physical Security - ANSWER implemented using layered approach, working in two main modes: normal
facility operations and another when facility is closed.
Facility Access Control - Door Locks - ANSWER 'delaying' devices. should be used as part of protection
scheme but not the only one.
,- mechanical locks can be warded and tumbler. warded has spring-loaded bolt and notch cut in it and
wards surrounding keyhole (easiest to pick). tumbler lock has more parts.
* pin tumbler: each pin must be pushed to correct height to allow cylinder to rotate.
* wafer tumbler (aka disc tumbler locks): uses flat discs instead of pins (used often in cars and desks).
* lever tumbler:
- combination locks: require combo of numbers to unlock.
- cipher locks (programmable locks): keypads to control access, possibly swipe card. combos can be
changed, sequence values can be locked out, personnel in trouble or under duress enter specific code
will open door and initiate remote alarm at same time. can have door delay (alarm goes off if door open
too long), key override (emergency code overrides normal procedures), master keying (can change
access codes), hostage alarm (duress code), and usually a visibility shield so others cannot see combo
entered.
* somebody should be designated to manage keys
Facility Access Control - Device Locks - ANSWER - Switch controls: cover on/off switches
- Slot locks: secure system to stationary component w/ steel cable
- Port controls: block access to disk drives or unused serial or parallel ports
- Peripheral switch controls: secure keyboard by inserting an on/off switch btwn system unit and
keyboard input slot
- cable traps: passing cables through lockable unit to prevent removal of I/O device.
Facility Access Control - Circumventing Locks - ANSWER tension wrench: tool shaped like L to apply
tension to cylinder of lock.
lock pick: used to manipulate individual pins of lock.
raking: lock pick pushed to back of lock and quickly slid out while providing upward pressure.
lock bumping: force pins to open position by using bump key.
Lock strengths:
- grade 1: commercial/industrial
- grade 2: heavy-duty residential/light-duty commercial
- grade 3: residential/consumer
, Cylinders w/ in locks fall into 3 categories:
- low security: no pick or drill resistance provided
- medium security: a degree of pick-resistance (can be found w/ in any lock grade above)
- high security: pick-resistance protection through many mechanisms (only used in grade 1 and 2 locks).
Personnel Access Controls - ANSWER identification and authentication can be verified by anatomical
attribute (biometric system), smart or memory cards (swipe cards), presenting photo ID, using key, or
providing card and PIN/PW.
- piggybacking: individual gains unauthorized access by using someone else's credentials or access rights.
- user-activated readers: means user has to do something; swipe card or enter PIN.
- system sensing access control reader (aka transponders): recognize presence of approaching object and
sends interrogating signals, obtains access code from card w/ out user doing anything.
*Electronic access control (EAC) tokens: generic term describing proximity authentication devices which
identify and authenticate users before allowing entrance.
External Boundary Protection Mechanisms - ANSWER - control pedestrian and vehicle traffic
- various levels of protection for diff security zones
- buffers and delaying mechanisms to protect forced entry attempts
- limit and control entry points
All can be done via access control mechanisms (locks and keys, card access system, personnel
awareness), physical barriers, intrusion detection (perimeter sensors, authentication mechanisms),
assessment (guards, CCTV cameras), response (guards, local LE), deterrents (signs, lighting,
environmental design).
External Boundary Protection Mechanisms - Fencing - ANSWER need to consider:
- gauge of the metal correlating to types of physical threats
- height of fencing (3-4ft deters causal trespassers, 6-7ft too high to climb easily, 8+ft w/ barbed/razor
wire for critical areas). barbed wire should be tilted in or out.
ANSWERS WITH SOLUTIONS 2024
Operations Department - ANSWER Ensuring people, apps, equipment, and overall environment are
properly and adequately secured.
Administrative Management - ANSWER Dealing w/ personnel issues (including separation of duties and
job rotation, mandatory vacations, least privilege, and need-to-know).
Security and Network Personnel - ANSWER security administrator should not report to network
administrator (jobs can be at odds and mutually exclusive).
security administrator jobs:
- implement/maintain security devices and softare
- carry out security assessments
- create/maintain user profiles and implement/maintain access control mechanisms
- config/maintain security labels in MAC environments
- manage PW policies
- review audit logs
Accountability - ANSWER Important to maintain user privileged account management process to enforce
principle of least privilege and avoid authorization creep.
Clipping Level - ANSWER threshold/baseline for violation activities normal user commits before alarms
are raised. once clipping level exceeded, further violations recorded for review.
Physical Security - ANSWER implemented using layered approach, working in two main modes: normal
facility operations and another when facility is closed.
Facility Access Control - Door Locks - ANSWER 'delaying' devices. should be used as part of protection
scheme but not the only one.
,- mechanical locks can be warded and tumbler. warded has spring-loaded bolt and notch cut in it and
wards surrounding keyhole (easiest to pick). tumbler lock has more parts.
* pin tumbler: each pin must be pushed to correct height to allow cylinder to rotate.
* wafer tumbler (aka disc tumbler locks): uses flat discs instead of pins (used often in cars and desks).
* lever tumbler:
- combination locks: require combo of numbers to unlock.
- cipher locks (programmable locks): keypads to control access, possibly swipe card. combos can be
changed, sequence values can be locked out, personnel in trouble or under duress enter specific code
will open door and initiate remote alarm at same time. can have door delay (alarm goes off if door open
too long), key override (emergency code overrides normal procedures), master keying (can change
access codes), hostage alarm (duress code), and usually a visibility shield so others cannot see combo
entered.
* somebody should be designated to manage keys
Facility Access Control - Device Locks - ANSWER - Switch controls: cover on/off switches
- Slot locks: secure system to stationary component w/ steel cable
- Port controls: block access to disk drives or unused serial or parallel ports
- Peripheral switch controls: secure keyboard by inserting an on/off switch btwn system unit and
keyboard input slot
- cable traps: passing cables through lockable unit to prevent removal of I/O device.
Facility Access Control - Circumventing Locks - ANSWER tension wrench: tool shaped like L to apply
tension to cylinder of lock.
lock pick: used to manipulate individual pins of lock.
raking: lock pick pushed to back of lock and quickly slid out while providing upward pressure.
lock bumping: force pins to open position by using bump key.
Lock strengths:
- grade 1: commercial/industrial
- grade 2: heavy-duty residential/light-duty commercial
- grade 3: residential/consumer
, Cylinders w/ in locks fall into 3 categories:
- low security: no pick or drill resistance provided
- medium security: a degree of pick-resistance (can be found w/ in any lock grade above)
- high security: pick-resistance protection through many mechanisms (only used in grade 1 and 2 locks).
Personnel Access Controls - ANSWER identification and authentication can be verified by anatomical
attribute (biometric system), smart or memory cards (swipe cards), presenting photo ID, using key, or
providing card and PIN/PW.
- piggybacking: individual gains unauthorized access by using someone else's credentials or access rights.
- user-activated readers: means user has to do something; swipe card or enter PIN.
- system sensing access control reader (aka transponders): recognize presence of approaching object and
sends interrogating signals, obtains access code from card w/ out user doing anything.
*Electronic access control (EAC) tokens: generic term describing proximity authentication devices which
identify and authenticate users before allowing entrance.
External Boundary Protection Mechanisms - ANSWER - control pedestrian and vehicle traffic
- various levels of protection for diff security zones
- buffers and delaying mechanisms to protect forced entry attempts
- limit and control entry points
All can be done via access control mechanisms (locks and keys, card access system, personnel
awareness), physical barriers, intrusion detection (perimeter sensors, authentication mechanisms),
assessment (guards, CCTV cameras), response (guards, local LE), deterrents (signs, lighting,
environmental design).
External Boundary Protection Mechanisms - Fencing - ANSWER need to consider:
- gauge of the metal correlating to types of physical threats
- height of fencing (3-4ft deters causal trespassers, 6-7ft too high to climb easily, 8+ft w/ barbed/razor
wire for critical areas). barbed wire should be tilted in or out.
