@@EngAyyad I use LinkedIn learning with Mike

Sure. We are working on it.

Thanks for your review. Let us understand the rationale. For the First comment:- Risk Acceptance is always decided by Business. While may rate the Issue / Vulnerability as Critical, Business nay still continue with the Risk to cease opportunity. Classic example is WFH during Pandemic. Security is a support function to Business and not a Business in itself. Second Comment:- Organizations today operate in a hybrid environment where Organizational Devices and BYOD go hand in hand. Enforcing the BYOD policy and providing a secure, approved device for the executive is the most appropriate action because it ensures security compliance, mitigates risks, maintains consistency in policy enforcement, and helps the executive understand the importance of security practices. In practice, Senior Executives are provided with secure devices (eg. Mobile, iPad etc) while they also use BYOD for ease of business.

That's a fair point. Given that the employees are already reporting suspicious emails, the most immediate need might be to block known phishing emails using email content filtering (option A). However, conducting security awareness training (option C) remains crucial for improving the overall security posture and empowering employees to identify and respond to phishing attempts effectively in the long term. Hence a CISSP - Think Like a Manager - response would be Option C. Do Remember - The Biggest threat and Toughest Defense in any Organization are their employees.

I would also add that option A would only be effective in blocking known phishing email addresses and not new ones that may pop-up. Option D in this case makes the most sense

Glad you enjoyed it

Sure

Thanks. Welcome aboard!

Thank you 🙌

Glad you enjoyed

Thanks for your review. The question talks about strategy and not solution. Secondly, " implementing an already existing recovery site" is not part of the available choices. Establishing a recovery site strategy (Option B) should be prioritized for the organization because it ensures business continuity by providing an alternate location for restoring critical systems and data in the event of a cyberattack. While other options such as implementing backup storage strategies, enhancing system resilience, and implementing fault tolerance measures are important, they may not directly address the need for a recovery site to quickly restore operations and minimize the impact of the cyberattack.

You're absolutely right. The question should indeed provide clearer guidance on the specific actions to take when investigating suspicious activities in the SIEM logs. While analyzing firewall logs is a crucial step, the question could have been clearer to avoid any ambiguity. Thank you for highlighting this point.

I agree! I got the question right but it maybe just by luck! My eyes went right to the SIEM first!

While incident response and management (Option B) are critical components of a comprehensive security program, the primary focus of a secure email gateway in this scenario is on implementing a defense-in-depth strategy (Option C) to mitigate the risk of phishing attacks. A secure email gateway adds a layer of security to the organization's email system by inspecting incoming and outgoing emails for malicious content, filtering out phishing emails, and blocking suspicious attachments. This approach aligns with the defense-in-depth concept, which involves implementing multiple layers of security controls to protect against various types of threats. While incident response and management are essential for responding to security incidents, including phishing attacks, the implementation of a secure email gateway is a proactive measure to prevent such attacks from being successful in the first place, making defense in depth the more appropriate concept to address in this context.

Organizations today operate in a hybrid environment where Organizational Devices and BYOD go hand in hand. Enforcing the BYOD policy and providing a secure, approved device for the executive is the most appropriate action because it ensures security compliance, mitigates risks, maintains consistency in policy enforcement, and helps the executive understand the importance of security practices. In practice, Senior Executives are provided with secure devices (eg. Mobile, iPad etc) while they also use BYOD for ease of business.

Considering the criticality of application for daily operation, Business may accept the Risk. While accepting the risk is not always the best long-term solution, in some cases, it may be a pragmatic approach to managing the immediate impact of a critical vulnerability until a permanent fix can be implemented. This approach may be accompanied by temporary measures to mitigate the risk and a plan to implement a permanent fix as soon as feasible.

In this scenario the organization may be in compliance with PCI DSS but that doesn't guarantee a protection against a breach. Whenever a business is performed, there are always certain risk involved which in this case was vulnerability in payment system. There is always a time lag between vulnerability identification to its remediation and during this time, the system will be at a risk.

yes, i also agree, Option should be "A" more over question does not dictate to donate computer

Agree too, wiping data in not enough to securely erase them. Or you must specify how data are erased depending of the support (HDD or SSD)

Thanks for your review. This is a real world question and you may appreciate the common practice. Here's how Option B stands as a potential approach: Data Wipe: Performing a data wipe is a standard practice to remove all data from a storage device, including servers. While it's true that data remnants may remain after a standard wipe, using specialized wiping software that complies with recognized standards such as NIST SP 800-88 for data sanitation can significantly reduce the risk of data recovery. Secure Deletion of Operating System: Securely deleting the operating system ensures that no residual data is left on the server's storage devices. This step is crucial to prevent any potential data recovery efforts from accessing sensitive information. Donation to a Local School: Donating the server to a local school after performing the above steps can be a socially responsible and environmentally friendly way to dispose of the server. However, it's essential to ensure that the school understands the nature of the donation and agrees to handle the server appropriately. While physically destroying the server (Option A) is a more secure method, it may not be the most environmentally friendly option. In cases where environmental concerns are a priority, securely wiping the data and donating the server to a trusted organization can be a viable alternative.

@@InfoSecGuardians Right. But the question doesn't mention the company is environmentally minded. The CISSP is about choosing the BEST option to solving the problem/in the best interest of the business. Proper physical destruction is the only sure way that there will be no way data can be recovered.

I believe the correct answer is A. The question does not mention the company's environmental friendliness or any aspect of Corporate Social Responsibility.

Thanks @danielumeh3610 for your review. Could you please imagine the same car carrying a critical patient to hospital ? Risk is always proportionate to the Reward. The question mentions "application is critical for daily operations". Always remember, as a CISSP you are only consulted (RACI matrix) but the actual decision will be with the Business. t.me/CisspInfosecGuardians

I disagree too. I think the question lacks details to be sure about an accurate answer. Even in your answer you say the organisation "may" choose ... The answer depends on how "critical" the vulnerability is (software is internet reachable, easy to find/exploit vulnerability, ...etc), and what risks it presents (e.g. attacker might overtaken the whole internal network or just one server, reputation can be ruined, all customer data can be compromised, ..etc). For example, if the risk cost is higher than the "daily operations" disruption costs on the company, avoiding the risk (until the issue is mitigated) could be a better decision. Also "mitigating the risk" could be good, for example, if a FW or a WAF can help controlling some of the risk.

you can also imagine arround a danger zone whereby you need to drive temporarily to save avoid the danger zone... this is what is meant by accepting the risk in the short term while working arround mitigation on the long term.

Thanks, Mohammed! Best wishes to you and your family.