TCSEC addresses confidentiality only and bundles functionality
and assurance. Thus, the other answers are incorrect. By separating
functionality and assurance as in ITSEC, one could specify fewer security functions that have a high level of assurance. This separation carried over into the Common Criteria.

Compensating Controls do not mean that they are not as-good as original intention and should have been already approved in Change Management, so the manager ought to already know what is at stake if you do not apply the Compensating Control.

Reference https://online.concordiA.edu/computer-science/system-development-life-cycle-phases/

Hierarchical Storage Management originated in the mainframe world where it was used to minimize storage costs. The HSM name signifies that the software has the intelligence to move files along a hierarchy of storage devices that are ranked in terms of cost per megabyte of storage, speed of storage and retrieval, and overall capacity limits. Files are migrated along the hierarchy to less expensive forms of storage based on rules tied to the frequency of data access. File migration and retrieval is transparent to users. Two major factors, data access response time and storage costs determine the appropriate combination of storage devices used in HSM. A typical three tier strategy may be composed of hard drives as primary storage on the file servers, rewritable optical as the secondary storage type, and tape as the final tertiary storage location. If faster access is required, a hard drive can be considered as an alternative to optical for secondary storage, and WORM (Write Once, Read Many) optical can also be implemented, in place of tape, as the final storage destination.

Explanation/Reference:
Explanation:
The most critical part of establishing and maintaining a current continuity plan is management support.
Management must be convinced of the necessity of such a plan. Therefore, a business case must be made to obtain this support.
In order to convince Senior Management of the viability of the plan you need to convince them of the business case. The Senior Management usually wants information stated in monetary, quantitative terms, not in subjective, qualitative terms.
Incorrect Answers:
B: Senior Management does not need to attend the Risk Assessment meetings.
C: Senior Management does not need to attend the Business Impact Assessment meetings.
D: The Business Impact Assessment is made after the BCP plan has been approved. To make a Business Impact Assessment the BCP team must sit down and discuss, preferably with the involvement of senior management, qualitative concerns to develop a comprehensive approach that satisfies all stakeholders.

Halon is a compound consisting of bromine, fluorine, and carbon. Halons are used as fire extinguishing agents, both in built-in systems and in handheld portable fire extinguishers. Halon production in the U.S. ended on December 31, 1993, because they contribute to ozone depletion. Bromine being part of Halon is not a safe replacement for
Halon.
The following are some of the EPA-approved replacements for halon:
Several substitutes have been approved by the SNAP program that may be considered as potential candidates for specific use conditions as cited in 40 CFR 82 Appendix A to
Subpart G, Substitutes Subject to Use Restrictions and Unacceptable Substitutes. It should be noted that the following substitutions are merely comments on usage and not conditions. For example, the Army has considered the use of HFC-125 in the crew compartments of its ground combat vehicles. Also, the Army has installed IG-541 in normally occupied areas. The following substitutes are listed:
Total Flooding Agents Acceptable Substitutes
Water Mist Systems using Potable or Natural Sea Water
[Foam] A (formerly identified as Water Mist Surfactant Blend A) This agent is not a clean agent, but is a low-density, short duration foam.
Carbon Dioxide (Must meet NFPA 12 and OSHA 1910.162(b)5 requirements
Water Sprinklers
Total Flooding Agents Substitutes Acceptable Subject To Use Conditions
Normally Occupied Areas
C4F10 (PFC-410 or CEA-410)
C3F8 (PFC-218 or CEA-308)
HCFC Blend A (NAF S-III)
HFC-23 (FE 13)
HFC-227ea (FM 200)
IG-01 (Argon)
IG-55 (Aragonite)
HFC-125
HFC-134a
Normally Unoccupied Areas
Powdered Aerosol C
CF3I
HCFC-22
HCFC-124
HFC-125
HFC-134a
Gelled Halocarbon/Dry Chem. Suspension (PGA)
Inert Gas/Powdered Aerosol Blend (FS 0140)
IG-541 (Inergen)
Unacceptable Substitutes
HFC-32
The following were incorrect answers:
The following are all safe replacement for Halon:
FE-13 is an Halon replacement (Halon 1301) in total flooding and inerting applications where its low toxicity provides for improved safety margins, the protected spaces are large, the cylinder storage area is remote from the protected space, or where the temperatures are likely to go below 0C (32F). Of the clean agents available, DuPont FE-13 has the lowest toxicity and is the safest for protecting areas where people are present. DuPont
FE-13 provides the ultimate in human safety while protecting high-value assets and business continuity with a clean agent.
DuPont FE-13 is:
safe for people
a clean agent that does not leave a residue
electrically nonconductive and noncorrosive
an environmentally preferred alternative to Halon with zero ozone depletion potential (ODP)
FM-200 is a colorless, liquefied compressed gas. It is stored as a liquid and dispensed into the hazard as a colorless, electrically non-conductive vapor that is clear and does not obscure vision. It leaves no residue and has acceptable toxicity for use in occupied spaces at design concentration. FM-200 does not displace oxygen and, therefore, is safe for use in occupied spaces without fear of oxygen deprivation.
INERGEN is a blend of inert atmospheric gases that contains 52% nitrogen, 40% argon,
8% carbon dioxide, used for fire suppression system agent. It is considered a clean agent for use in gaseous fire suppression applications. Inergen does not contain halocarbons, and has no ozone depletion potential. It is non-toxic. Inergen is used at design concentrations of 35-50% to lower the concentration of oxygen to a point that cannot support combustion, but still safe for humans.
Reference(s) used for this quesiton:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 25616-25620). Auerbach Publications. Kindle
Edition.
and
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (pp. 473-474).
McGraw-Hill. Kindle Edition.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 25623-25626). Auerbach Publications. Kindle
Edition.
and
http://en.wikipedia.org/wiki/Inergen
and
http://www.p2sustainabilitylibrary.mil/P2_Opportunity_Handbook/3_III_2.html

Negative testing is a method of software testing that involves providing invalid, unexpected, or erroneous input to the system or sub-system and verifying that it can handle it gracefully, without crashing, freezing, or producing incorrect results. Negative testing helps to identify the boundary conditions, error handling, and exception handling of the system or sub-system, and to ensure its robustness, reliability, and security. Negative testing is the best method among the given options to ensure that systems and sub-systems gracefully handle invalid input. Integration testing is a method of software testing that involves combining two or more components or modules of the system and verifying that they work together as expected. Integration testing helps to identify the interface, compatibility, and communication issues between the components or modules, and to ensure their functionality, performance, and quality. Integration testing does not focus on how the system or sub-system handles invalid input, but rather on how it interacts with other parts of the system. Unit testing is a method of software testing that involves testing each individual component or module of the system in isolation and verifying that it performs its intended function. Unit testing helps to identify the logic, syntax, and functionality errors of the component or module, and to ensure its correctness, completeness, and efficiency. Unit testing does not focus on how the system or sub-system handles invalid input, but rather on how it performs its own function. Acceptance testing is a method of software testing that involves testing the system or sub-system by the end users or customers and verifying that it meets their requirements and expectations. Acceptance testing helps to identify the usability, suitability, and satisfaction issues of the system or sub-system, and to ensure its acceptance, delivery, and deployment. Acceptance testing does not focus on how the system or sub-system handles invalid input, but rather on how it satisfies the user or customer needs.
References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8: Software Development Security, p.
823-824. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 8: Software Development Security, p.
1004-1005.

Explanation/Reference:
Explanation:
For security reasons, the firewall should be tested offline.
Incorrect Answers:
A: A firewall may take the form of either software installed on a regular computer using a regular operating system or a dedicated hardware appliance that has its own operating system. The second choice is usually more secure.
B: It is important to make a backup of the configuration of the firewall.
C: All unneeded ports should be closed, and all unneeded services should be denied.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 643

The three primary requirements for a penetration test are a defined goal, a limited time period, and an approval of management. A penetration test is a type of security assessment that simulates a malicious attack on an information system or network, with the permission of the owner, to identify and exploit vulnerabilities and evaluate the security posture of the system or network. A penetration test requires a defined goal, which is the specific objective or scope of the test, such as testing a particular system, network, application, or function. A penetration test also requires a limited time period, which is the duration or deadline of the test, such as a few hours, days, or weeks. A penetration test also requires an approval of management, which is the formal authorization and consent from the senior management of the organization that owns the system or network to be tested, as well as the management of the organization that conducts the test. A general objective, unlimited time, and approval of the network administrator are not the primary requirements for a penetration test, as they may not provide a clear and realistic direction, scope, and authorization for the test.

The concept of need-to-know means that, in addition to whatever specific object or role rights a user may have on the system, the user has also the minimum amount of information necessary to perform his job function.
* Answer “Need-to-know ensures that no single individual (acting alone) can compromise security controls.” is separation of duties, assigning parts of tasks to different personnel. *Answer “Need-to-know grants each user the lowest clearance required for their tasks.” is least privilege, the user has the minimum security level required to perform his job function. *Answer “Need-to-know limits the time an operator performs a task.” is rotation of duties, wherein the amount of time an operator is assigned a security-sensitive task is limited before being moved to a different task with a different security classification.

The steps of a risk assessment are identification, analysis, and evaluation. Identification is the process of finding and listing the assets, threats, and vulnerabilities that are relevant to the risk assessment. Analysis is the process of estimating the likelihood and impact of each threat scenario and calculating the level of risk.
Evaluation is the process of comparing the risk level with the risk criteria and determining whether the risk is acceptable or not. Mitigation is not part of the risk assessment, but it is part of the risk management, which is the process of applying controls to reduce or eliminate the risk. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1: Security and Risk Management, page 36; Official (ISC)2 Guide to the CISSP CBK, Fifth Edition, Chapter 1: Security and Risk Management, page 28.

Section: Software Development Security

Section: Asset Security

Explanation/Reference:
Explanation:
The presentation layer is not concerned with the meaning of data, but with the syntax and format of the data. It works as a translator, translating the format an application is using to a standard format used for passing messages over a network.
Incorrect Answers:
A: The session layer provides the mechanism for opening, closing and managing a session between end- user application processes, i.e., a semi-permanent dialogue. Communication sessions consist of requests and responses that occur between applications.
B: The transport layer provide host-to-host communication services for applications. It provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing.
D: The application layer as the user interface responsible for displaying received information to the user.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 522

The retina, a thin nerve (1/50th of an inch) on the back of the eye, is the part of the eye which senses light and transmits impulses through the optic nerve to the brain – the equivalent of film in a camera. Blood vessels used for biometric identification are located along the neural retina, the outermost of retina’s four cell layers.