Exam CISSP topic 1 question 59 discussion

The risk of what? The application being dangerous to the corporate network or the application being vulnerable to external exploits? Either way segmentation makes more sense imo.

I think most confusion comes from the perception of what COTS can be. COTS products can include: motherboards, Windows OS, Microsoft 365, Office, Pfsense, VMware, routers, switches, IoT, etc. So network and endpoint devices, you can segment, but how about productivity suites and application platforms? network segmentation is a common security practice anyway, regardless of COTS. I think the best thing is to research CVE and vendor reputation, and then make sure all DEFAULT configuration, credentials, features, etc. are hardened during implementation.

Even if you put this in a separate network segment it needs to be hardened because it is off the shelf.

I remembered OSG recommended D, harderning config. for COTS. Again, very important, please confine my solution within the context here. A? network segmentation could be an option, but is not the first step I shall do and is out of question context. I choose D.

The question says control . Hardened configuration will mitigate if there is possibility of an attack. I will go with Network segmentation

Answer is D. A COTS application is not necessarily hardened by default. For example, the government uses STIGs to tell admins how to harden some applications.

Refer to CISSP official study guide 9th chapter 20- 20.1.11

I'm saying D. As far as risk from attackers goes, I would lean towards network segmentation, however, general risk includes a lot of other factors like user accessibility, interoperability issues, etc. Segmenting it could introduce a much larger and complex workload and ultimately make it risky in that sense.

Answer D) Hardened configuration This means you remove/change configurations you don't need/want as well as change default usernames/passwords/ports/etc... Segmenting a network won't help as it would still leave the COTS exposed with defaults readily available to be exploited.

A. Network Segmentation - when introducing a new pet into your house, you have to learn the behavior and interaction with other pets before you let him loose. same here, as a security personnel you must know exactly what you introducing before hand and must be on segmented part of the network that shutting an interface can terminate all possible risks on the rest of the network. trust but verify

D. Hardened the system that will host the COTS. Segmenting it will kill the functionality of the solution.

D. Hardening I am hardening security by segmenting and limit access as needed. Segmentation is a part of Hardening.

think like a manager with technical experience and common sense :)

No one knows the configuration of COTS, and it didn't mention, then the best way is the segmentation to lower the exposure.

Harden configuration is important for cots.

D. Hardened configuration. Deploying the COTS application with a hardened configuration is an effective way to mitigate security risks. Hardening involves implementing secure settings, removing unnecessary features and services, and applying security best practices to reduce vulnerabilities and potential attack vectors. By configuring the COTS solution in a hardened manner, security professionals can minimize the potential for exploitation and unauthorized access.

ChatGPT says: D