exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam

Exam CISSP topic 1 question 59 discussion

Actual exam question from ISC's CISSP
Question #: 59
Topic #: 1
[All CISSP Questions]

A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in place?

  • A. Network segmentation
  • B. Blacklisting application
  • C. Whitelisting application
  • D. Hardened configuration
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Nickolos
Highly Voted 2 years, 3 months ago
The risk of what? The application being dangerous to the corporate network or the application being vulnerable to external exploits? Either way segmentation makes more sense imo.
upvoted 11 times
dev46
2 years, 3 months ago
True. Network Segmentation makes sense. It minimize the exposure. How can you harden COTS? It's a ready-made product.
upvoted 5 times
stickerbush1970
2 years, 3 months ago
I would think this mean hardening the OS, not COTS
upvoted 4 times
Nickolos
2 years, 3 months ago
Exactly - ensuring no unnecessary ports or services are running, access to the internet is configured properly (if at all needed), proper acl is setup, etc.
upvoted 1 times
DeepCyber
1 year, 6 months ago
Even if you harden the configuration It will not help If there is vulnerability in the software code which is exploited by attacker. Attacker may access your network through legitimate way to exploits your network If network segmentation is not in the place.
upvoted 1 times
...
...
...
...
...
deeden
Most Recent 4 months, 3 weeks ago
Selected Answer: D
I think most confusion comes from the perception of what COTS can be. COTS products can include: motherboards, Windows OS, Microsoft 365, Office, Pfsense, VMware, routers, switches, IoT, etc. So network and endpoint devices, you can segment, but how about productivity suites and application platforms? network segmentation is a common security practice anyway, regardless of COTS. I think the best thing is to research CVE and vendor reputation, and then make sure all DEFAULT configuration, credentials, features, etc. are hardened during implementation.
upvoted 3 times
...
Ramye
6 months, 1 week ago
Selected Answer: D
Even if you put this in a separate network segment it needs to be hardened because it is off the shelf.
upvoted 1 times
...
jieaws
8 months, 2 weeks ago
I remembered OSG recommended D, harderning config. for COTS. Again, very important, please confine my solution within the context here. A? network segmentation could be an option, but is not the first step I shall do and is out of question context. I choose D.
upvoted 2 times
...
ajike
9 months, 2 weeks ago
The question says control . Hardened configuration will mitigate if there is possibility of an attack. I will go with Network segmentation
upvoted 1 times
...
Kyanka
9 months, 3 weeks ago
Answer is D. A COTS application is not necessarily hardened by default. For example, the government uses STIGs to tell admins how to harden some applications.
upvoted 1 times
...
Hongjun
9 months, 4 weeks ago
Selected Answer: D
Refer to CISSP official study guide 9th chapter 20- 20.1.11
upvoted 3 times
...
Hackermayne
11 months, 3 weeks ago
Selected Answer: D
I'm saying D. As far as risk from attackers goes, I would lean towards network segmentation, however, general risk includes a lot of other factors like user accessibility, interoperability issues, etc. Segmenting it could introduce a much larger and complex workload and ultimately make it risky in that sense.
upvoted 1 times
...
YesPlease
1 year ago
Selected Answer: D
Answer D) Hardened configuration This means you remove/change configurations you don't need/want as well as change default usernames/passwords/ports/etc... Segmenting a network won't help as it would still leave the COTS exposed with defaults readily available to be exploited.
upvoted 1 times
...
Moose01
1 year, 1 month ago
Selected Answer: A
A. Network Segmentation - when introducing a new pet into your house, you have to learn the behavior and interaction with other pets before you let him loose. same here, as a security personnel you must know exactly what you introducing before hand and must be on segmented part of the network that shutting an interface can terminate all possible risks on the rest of the network. trust but verify
upvoted 2 times
...
homeysl
1 year, 2 months ago
Selected Answer: D
D. Hardened the system that will host the COTS. Segmenting it will kill the functionality of the solution.
upvoted 2 times
...
Moose01
1 year, 2 months ago
D. Hardening I am hardening security by segmenting and limit access as needed. Segmentation is a part of Hardening.
upvoted 3 times
...
Wz21
1 year, 3 months ago
think like a manager with technical experience and common sense :)
upvoted 1 times
...
sebseba
1 year, 3 months ago
Selected Answer: A
No one knows the configuration of COTS, and it didn't mention, then the best way is the segmentation to lower the exposure.
upvoted 1 times
...
win610
1 year, 5 months ago
Selected Answer: D
Harden configuration is important for cots.
upvoted 1 times
...
Bach1968
1 year, 5 months ago
Selected Answer: D
D. Hardened configuration. Deploying the COTS application with a hardened configuration is an effective way to mitigate security risks. Hardening involves implementing secure settings, removing unnecessary features and services, and applying security best practices to reduce vulnerabilities and potential attack vectors. By configuring the COTS solution in a hardened manner, security professionals can minimize the potential for exploitation and unauthorized access.
upvoted 2 times
...
ded
1 year, 6 months ago
ChatGPT says: D
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago