ISC Updated CISSP Exam Questions and Answers by andrew

A challenge response is an authentication system that prompts the user for a different response each time the user logs on, based on a challenge that is generated by the system or the user. The challenge can be a random number, a question, a passphrase, or a biometric feature. The response can be a one-time password, a secret answer, a hash value, or a biometric verification. A challenge response system provides a higher level of security than a static password, as it prevents replay attacks and password guessing. A personal identification number (PIN) is a type of password that consists of a numeric code. A secondary password is another type of password that is used in addition to the primary password. A voice authentication is a type of biometric authentication that uses the voice characteristics of a user.

The classification of the data on the asset is the primary security consideration for how an organization should handle Information Technology (IT) assets. An IT asset is any hardware, software, or data that is owned or used by the organization. The classification of the data on the asset indicates the level of sensitivity, confidentiality, and criticality of the data, and determines the appropriate security measures and controls to protect the asset. The classification of the data on the asset also guides the handling, storage, transmission, and disposal of the asset, as well as the access rights and responsibilities of the users. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 2: Asset Security, page 50; [Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 2: Asset Security, page 112]

Assuming an individual has taken all of the steps to keep their internet connection private, such as using encryption, VPN, and secure protocols, the best option to browse the web privately is to prevent information about browsing activities from being stored on the personal device. This can be achieved by using the private or incognito mode of the web browser, which does not save the browsing history, cookies, cache, or other temporary files on the device. This can help protect the individual’s privacy from other users who may have access to the device, or from malware that may compromise the device. The other options are not as good as preventing information from being stored on the device. Preventing information from being stored in the cloud may not be possible or effective, as some web services or applications may still collect or store the user’s data on their servers, regardless of the user’s preferences. Storing information in the cloud or on the device may expose the user’s browsing activities to unauthorized access or disclosure, unless the data is encrypted and protected by strong authentication and authorization mechanisms. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5: Communication and Network Security, page 608. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 5: Communication and Network Security, page 609.

The roles within a scrum methodology are product owner, scrum master, and scrum team. Scrum is an agile framework for developing, delivering, and sustaining complex products. The product owner is the person who represents the stakeholders and the business value of the product. The product owner is responsible for defining the product vision, managing the product backlog, and prioritizing the features. The scrum master is the person who facilitates the scrum process and ensures that the scrum team adheres to the scrum values, principles, and practices. The scrum master is responsible for removing impediments, coaching the team, and ensuring collaboration and communication. The scrum team is the group of people who work together to deliver the product increments. The scrum team is self-organizing, cross-functional, and accountable for the quality and timeliness of the product. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8: Software Development Security, page 393; [Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 8: Software Development Security, page 533]