ISC CISSP Exam Practice Questions (P. 2)

GPT-4o - Answer

MPLS, or Multiprotocol Label Switching, indeed simplifies the routing process by using predetermined paths, essentially making routing decisions at the outset of entering the network. This initial decision comprises defining labels that guide the packet through a fixed path, reducing the need for subsequent decision-making by routers along the way. This functionality is analogous to planning a route before embarking on a journey, where once the main roads are determined, there's no need to re-evaluate options at every turn. This results in faster data flow and consistent packet routing across the network.

GPT-4o - Answer

The correct choice for recognizing changes to content, including unauthorized changes, is indeed a File Integrity Checker. This tool is designed specifically to monitor and validate file integrity by comparing the current state of files against a known, good baseline. This comparison includes attributes like file size, timestamps, and checksums, which helps pinpoint unauthorized modifications. While SIEM systems do track and analyze security data, their main role isn't directly focused on file integrity but rather on a broader spectrum of event management and log analysis.

GPT-4o - Answer

User Acceptance Testing (UAT) is an essential component of change management as it ensures that any changes meet the necessary business requirements and are operationally functional before full implementation. UAT minimizes the risks associated with deploying new changes by catching potential issues early, enabling adjustments based on feedback, and confirming system performances meet expectations. While business continuity testing and other options have their roles, UAT stands out for directly engaging with end-user validation and approval in the change management process, aligning closely with its goals to optimize system updates and prevent operational disruptions.

GPT-4o - Answer

Opting for multi-pass wipes ensures that data on hard drives is overwritten multiple times, greatly reducing the likelihood of any data recovery, even with sophisticated tools. This method adheres to strict security guidelines while preserving the drive's functionality, allowing the company to gain maximum resale value from the vendor as the drives remain operational. This choice balances security with economic benefits, making it the best choice for scenarios where both factors are crucial.

GPT-4o - Answer

The correct choice is SOC 2 Type 2. This is because Type 2 not only reviews the design of the controls (as Type 1 does) but importantly also assesses their operational effectiveness over time, typically a twelve-month period. This extended review period provides a more comprehensive understanding of how effectively the vendor manages data security and privacy on an ongoing basis. This type of certification is pivotal for ensuring that stringent data protection standards are maintained consistently, making it the best choice when data security and privacy are critical concerns for your company.

GPT-4o - Answer

Peer-to-Peer (P2P) file sharing applications pose a significant risk due to their open nature, which frequently bypasses traditional network security measures. This type of application offers an easy pathway for the dissemination of malware, including spyware, viruses, Trojan horses, and worms. These security threats exploit the decentralized sharing and downloading of files, making P2P a high-risk application type for network security.