The New CISA 2022 Updated Verified Study Guides & Best Courses [Q143-Q162]

Explanation/Reference:
RSA e-mail standers stands for SMIME envelope. Using tm’s private key to sign messages, users will ensure recipients of message integrity by using sender´s public key for hash decryption and content comparison.
Exam candidates should be aware of e-mail solutions and technologies that addresses confidentiality, integrity and non-repudiation.
The following answers are incorrect:
Implementing PGP and allowing for recipient to receive the private key used to sign e-mail message.
Implementing RSA standard for messages envelope and instructing users to sign all messages using their public key from the PKI digital certificate.
Implementing MIME solutions and providing a footer within each message sent, referencing to policy constraints related to e-mail usage.
The following reference(s) were/was used to create this question:
CISA Review Manual 2010 – Chapter 5 – 5.4.5-Encryption – Digital Envelope

Explanation/Reference:
Explanation:
In a symmetric algorithm, each pair of users needs a unique pair of keys, so the number of keys grows and key management can become overwhelming. Symmetric algorithms do not provide authenticity, and symmetric encryption is faster than asymmetric encryption. Symmetric algorithms require mathematical calculations, but they are not as complex as asymmetric algorithms.

Section: Protection of Information Assets
Explanation:
Parameters allow a standard piece of software to be customized for diverse environments and are
important in determining how a system runs. The parameter settings should be appropriate to an
organization’s workload and control environment, improper implementation and/or monitoring of operating
systems can result in undetected errors and corruption of the data being processed, as well as lead to
unauthorized access and inaccurate logging of system usage. Transaction logs are used to analyze
transactions in master and/or transaction files. Authorization tables are used to verify implementation of
logical access controls and will not be of much help when reviewing control features of an operating
system. Routing tables do not contain information about the operating system and, therefore, provide no
information to aid in the evaluation of controls.

Section: Governance and Management of IT

Explanation/Reference:
Automatic Call distribution allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available For your exam you should know below mentioned PBX features and Risks:
System Features
Description
Risk
Automatic Call distribution
Allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available Tapping and control of traffic Call forwarding Allow specifying an alternate number to which calls will be forwarded based on certain condition User tracking Account codes Used to:
Track calls made by certain people or for certain projects for appropriate billing Dial-In system access (user dials from outside and gain access to normal feature of the PBX) Changing the user class of service so a user can access a different set of features (i.e. the override feature) Fraud, user tracking, non authorized features Access Codes Key for access to specific feature from the part of users with simple instruments, i.e. traditional analog phones.
Non-authorized features
Silent Monitoring
Silently monitors other calls
Eavesdropping
Conferencing
Allows for conversation among several users
Eavesdropping, by adding unwanted/unknown parties to a conference
override(intrude)
Provides for the possibility to break into a busy line to inform another user an important message Eavesdropping Auto-answer Allows an instrument to automatically go when called usually gives an auditor or visible warning which can easily turned off Gaining information not normally available, for various purpose Tenanting Limits system user access to only those users who belong to the same tenant group – useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc Illegal usage, fraud, eavesdropping Voice mail Stores messages centrally and – by using a password – allows for retrieval from inside or outside lines.
Disclosure or destruction of all messages of a user when that user’s password in known or discovered by an intruder, disabling of the voice mail system and even the entire switch by lengthy messages or embedded codes, illegal access to external lines.
Privacy release
Supports shared extensions among several devices, ensuring that only one device at a time can use an extension. Privacy release disables the security by allowing devices to connect to an extension already in use.
Eavesdropping
No busy extension
Allows calls to an in-use extension to be added to a conference when that extension is on conference and already off-hook Eavesdropping a conference in progress Diagnostics Allows for bypassing normal call restriction procedures. This kind of diagnostic is sometimes available from any connected device. It is a separate feature, in addition to the normal maintenance terminal or attendant diagnostics Fraud and illegal usage Camp-on or call waiting When activated, sends a visual audible warning to an off-hook instrument that is receiving another call.
Another option of this feature is to conference with the camped-on or call waiting Making the called individual a party to a conference without knowing it.
Dedicated connections
Connections made through the PBX without using the normal dialing sequences. It can be used to create hot-lines between devices i.e. one rings when the other goes off-hook. It is also used for data connections between devices and the central processing facility Eavesdropping on a line The following were incorrect answers:
Call forwarding – Allow specifying an alternate number to which calls will be forwarded based on certain condition Tenanting – Limits system user access to only those users who belong to the same tenant group useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc Voice Mail – Stores messages centrally and – by using a password – allows for retrieval from inside or outside lines.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 358

A long asymmetric encryption key (public key encryption) increases encryption overhead and cost. All other answers are single shared symmetric keys.

Section: Protection of Information Assets
Explanation:
A fingerprint scanner facilitating biometric access control can provide a very high degree of server access
control.

Explanation/Reference:
This is incorrect, there would be a pair of Security Association (SA) needed for bi directional communication and NOT only one SA. The sender and the receiver would both negotiate an SA for inbound and outbound connections.
The two main concepts of IPSec are Security Associations (SA) and tunneling. A Security Association (SA) is a simplex logical connection between two IPSec systems. For bi-directional communication to be established between two IPSec systems, two separate Security Associations, one in each direction, must be defined.
The security protocols can either be AH or ESP.
NOTE FROM CLEMENT:
The explanations below are a bit more thorough than what you need to know for the exam. However, they always say a picture is worth one thousand words, I think it is very true when it comes to explaining IPSEC and it’s inner working. I have found a great article from CISCO PRESS and DLINK covering this subject, see references below.
Tunnel and Transport Modes
IPSec can be run in either tunnel mode or transport mode. Each of these modes has its own particular uses and care should be taken to ensure that the correct one is selected for the solution:
Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it.
Transport mode is used between end-stations or between an end-station and a gateway, if the gateway is being treated as a host-for example, an encrypted Telnet session from a workstation to a router, in which the router is the actual destination.
As you can see in the Figure 1 graphic below, basically transport mode should be used for end-to-end sessions and tunnel mode should be used for everything else.
FIGURE: 1

IPSEC Transport Mode versus Tunnel Mode
Tunnel and transport modes in IPSec.
Figure 1 above displays some examples of when to use tunnel versus transport mode:
Tunnel mode is most commonly used to encrypt traffic between secure IPSec gateways, such as between the Cisco router and PIX Firewall (as shown in example A in Figure 1). The IPSec gateways proxy IPSec for the devices behind them, such as Alice’s PC and the HR servers in Figure 1. In example A, Alice connects to the HR servers securely through the IPSec tunnel set up between the gateways.
Tunnel mode is also used to connect an end-station running IPSec software, such as the Cisco Secure VPN Client, to an IPSec gateway, as shown in example B.
In example C, tunnel mode is used to set up an IPSec tunnel between the Cisco router and a server running IPSec software. Note that Cisco IOS software and the PIX Firewall sets tunnel mode as the default IPSec mode.
Transport mode is used between end-stations supporting IPSec, or between an end-station and a gateway, if the gateway is being treated as a host. In example D, transport mode is used to set up an encrypted Telnet session from Alice’s PC running Cisco Secure VPN Client software to terminate at the PIX Firewall, enabling Alice to remotely configure the PIX Firewall securely.
FIGURE: 2

IPSEC AH Tunnel and Transport mode
AH Tunnel Versus Transport Mode
Figure 2 above, shows the differences that the IPSec mode makes to AH. In transport mode, AH services protect the external IP header along with the data payload. AH services protect all the fields in the header that don’t change in transport. The header goes after the IP header and before the ESP header, if present, and other higher-layer protocols.
As you can see in Figure 2 above, In tunnel mode, the entire original header is authenticated, a new IP header is built, and the new IP header is protected in the same way as the IP header in transport mode.
AH is incompatible with Network Address Translation (NAT) because NAT changes the source IP address, which breaks the AH header and causes the packets to be rejected by the IPSec peer.
FIGURE: 3
IPSEC ESP Tunnel versus Transport modes

ESP Tunnel Versus Transport Mode
Figure 3 above shows the differences that the IPSec mode makes to ESP. In transport mode, the IP payload is encrypted and the original headers are left intact. The ESP header is inserted after the IP header and before the upper-layer protocol header. The upper-layer protocols are encrypted and authenticated along with the ESP header. ESP doesn’t authenticate the IP header itself.
NOTE: Higher-layer information is not available because it’s part of the encrypted payload.
When ESP is used in tunnel mode, the original IP header is well protected because the entire original IP datagram is encrypted. With an ESP authentication mechanism, the original IP datagram and the ESP header are included; however, the new IP header is not included in the authentication.
When both authentication and encryption are selected, encryption is performed first, before authentication.
One reason for this order of processing is that it facilitates rapid detection and rejection of replayed or bogus packets by the receiving node. Prior to decrypting the packet, the receiver can detect the problem and potentially reduce the impact of denial-of-service attacks.
ESP can also provide packet authentication with an optional field for authentication. Cisco IOS software and the PIX Firewall refer to this service as ESP hashed message authentication code (HMAC).
Authentication is calculated after the encryption is done. The current IPSec standard specifies which hashing algorithms have to be supported as the mandatory HMAC algorithms.
The main difference between the authentication provided by ESP and AH is the extent of the coverage.
Specifically, ESP doesn’t protect any IP header fields unless those fields are encapsulated by ESP (tunnel mode).
The following were incorrect answers for this question:
Integrity and authentication for IP datagrams are provided by AH This is correct, AH provides integrity and authentication and ESP provides integrity, authentication and encryption.
ESP provides for integrity, authentication and encryption to IP datagram’s. ESP provides authentication, integrity, and confidentiality, which protect against data tampering and, most importantly, provide message content protection.
In transport mode, ESP only encrypts the data payload of each packet. ESP can be operated in either tunnel mode (where the original packet is encapsulated into a new one) or transport mode (where only the data payload of each packet is encrypted, leaving the header untouched).
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 6986-6989). Acerbic Publications. Kindle Edition.
and
http://www.ciscopress.com/articles/article.asp?p=25477
and
http://documentation.netgear.com/reference/sve/vpn/VPNBasics-3-05.html

Explanation/Reference:
Explanation:
A before-and-after maintenance report is the best answer because a visual review would provide the most positive verification that updating was proper.

Section: Protection of Information Assets
Explanation:
A strength of an IDE is that it expands the programming resources and aids available. The other choices
are IDE weaknesses.

Explanation/Reference:
Explanation:
A screened subnet firewall would provide the best protection. The screening router can be a commercial router or a node with routing capabilities and the ability to allow or avoid traffic between nets or nodes based on addresses, ports, protocols, interfaces, etc. Application-level gateways are mediators between two entities that want to communicate, also known as proxy gateways. The application level (proxy) works at the application level, not just at a package level. The screening controls at the package level, addresses and ports, but does not see the contents of the package. A packet filtering router examines the header of every packet or data traveling between the internet and the corporate network.

Access control software is an active control designed to prevent unauthorized access to data.

Section: Protection of Information Assets
Explanation:
Public key encryption, also known as asymmetric key cryptography, uses a public key to encrypt the
message and a private key to decrypt it.

Section: Protection of Information Assets
Explanation:
Above all else, an IS strategy must support the business objectives of the organization.