A company’s internal investigation uncovers evidence suggesting that an employee may have stolen trade secrets and transmitted them to a competitor. The security team’s forensic analyst, who is not law enforcement, uses packet capture tools to monitor the suspect’s outbound traffic in real time to confirm the leak. The analyst captures the data and presents it to management, who plan to terminate the employee immediately. From a CISSP and legal standpoint, what is the MOST significant concern with how this evidence was obtained? A. The analyst may have violated wiretapping and privacy laws by monitoring live network traffic without proper authorization. B. The analyst exceeded professional scope by performing forensics on corporate assets without a court order. C. The evidence is invalid because the analyst did not use a certified forensic tool for packet capture. D. The company should have notified law enforcement before beginning the internal investigation.

An enterprise recently experienced a targeted attack where an employee unknowingly installed malicious software via a phishing link. The malware bypassed endpoint antivirus and gained limited access to internal systems. The CISO wants to redesign controls to reduce the likelihood of this type of compromise in the future. Which design principle BEST addresses this goal? A. Security through obscurity B. Defense in depth C. Fail-safe defaults D. Least common mechanism

Your company has recently integrated a new software application into its existing system. As a security professional, you are tasked with ensuring that this integration does not introduce vulnerabilities. Which sequence of testing and assessment activities should you prioritize to maintain a secure environment? Options: A. Conduct a syntax-based testing followed by a black-box penetration test B. Initiate a white-box testing, followed by static application security testing and finally conduct vulnerability scanning C. Start with a dynamic application security testing, supplemented by manual testing and conclude with automated security testing D. Perform black-box testing, followed by dynamic testing and checking for zero-day vulnerabilities (Answer tomorrow!) Study more at: cissp.app

A data center houses critical financial systems that must remain online 24/7. The facility must have fire suppression that minimizes damage to equipment while protecting personnel. Which of the following fire suppression methods is the BEST choice? A. Halon-based gas suppression system B. CO₂ gas suppression system C. FM-200 (clean agent) suppression system D. Pre-action dry-pipe sprinkler system

XYZ Corporation is developing a new web application and wants to ensure that it is protected against common security threats like SQL injection and cross-site scripting (XSS). They have decided to implement input validation as a primary security measure. What is the most effective way to implement input validation to mitigate these threats? Options: A. Use client-side validation to check inputs before submission to the server. B. Implement server-side validation to check all inputs against a defined set of rules. C. Rely solely on web application firewalls to detect and block malicious inputs. D. Utilize automated testing tools to identify and fix vulnerabilities during development.