CISSP Question #1375: Real Exam Question with Answer & Explanation

Question

The Chief Information Security Officer (CISO) of a large financial institution is responsible for implementing the security controls to protect the confidentiality and integrity of the organization's Information Systems. Which of the controls below is prioritized FIRST?

Options

• AFirewall and reverse proxy
• BWeb application firewall (WAF) and HyperText Transfer Protocol Secure (HTTPS)
• CEncryption of data in transit and data at rest
• DFirewall and intrusion prevention system (IPS)

Explanation

Protecting confidentiality and integrity of information systems requires prioritizing encryption of data in transit and at rest, as it directly addresses both principles simultaneously across all data states.

Common mistakes.

• A. Firewalls and reverse proxies are network perimeter controls that regulate traffic flow but do not directly encrypt or ensure the integrity of data itself, making them secondary to encryption in protecting confidentiality and integrity.
• B. A WAF and HTTPS protect web application traffic and encrypt data in transit over HTTP, but HTTPS alone does not address data at rest, and a WAF focuses on application-layer attack prevention rather than foundational data confidentiality and integrity.
• D. A firewall combined with an IPS provides perimeter defense and intrusion detection/prevention, but these are detective and preventive network controls that do not directly encrypt or protect the confidentiality and integrity of the underlying data.

Concept tested. Prioritizing encryption controls for confidentiality and integrity

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-111.pdf

No community discussion yet for this question.