Effective CISSP Questions

A switching hub in production is receiving a huge amount of traffic that leads to the overflow of context-addressable memory (CAM) table. It begins to flood traffic to all ports and becomes vulnerable to sniffing attacks. Which of the following security principles should have been first implemented to prevent the sniffing attacks?
A. Trusted recovery
B. Secure failure
C. Secure defaults
D. Least privilege

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Secure failure.

The switching hub in the question has been configured and put into production and is operating in a non-secure state in which it floods traffic to all ports and acts like a plain old hub.

  • Secure defaults as the initial (i.e., default) or as-shipped configuration are not a concern because the switching hub has been put into production.
  • The switching hub doesn’t fail securely or render secure failure because of inappropriate configurations. It should be configured to shut down the switch port to maintain a secure state.
  • The switching hub should recover to transit to a secure state after a failure.
Taxonomy of Security Design Principles

Secure Defaults

The principle of secure defaults states that the default configuration of a system (to include its constituent subsystems, components, and mechanisms) reflects a restrictive and conservative enforcement of security policy.

The principle of secure defaults applies to the initial (i.e., default) configuration of a system as well as to the security engineering and design of access control and other security functions that should follow a “deny unless explicitly authorized” strategy.

The initial configuration aspect of this principle requires that any “as shipped” configuration of a system, subsystem, or component should not aid in the violation of the security policy, and can prevent the system from operating in the default configuration for those cases where the security policy itself requires configuration by the operational user.

Source: NIST SP 800-160 V1

Secure Failure

The principle of secure failure indicates that components should fail in a state that denies rather than grants access.

Failure is a condition in which a component’s behavior deviates from its specified or expected behavior for an explicitly documented input. Once a failed security function is detected, the system may reconfigure itself to circumvent the failed component, while maintaining security, and still provide all or part of the functionality of the original system, or completely shut itself down to prevent any (further) violation of security policies.

Source: NIST SP 800-160 V1

Trusted Recovery

Trusted recovery is the ability to effect reactive, responsive, or corrective action to securely transition from a nonsecure state to a secure state (or some less insecure state). The secure state achieved after completion of trusted recovery includes those that limit or prevent any further state transition, and those that constitute some type of degraded mode, operation, or capability. Trusted recovery may be accomplished via a combination of automated and manual processes.

Source: NIST SP 800-160 V1

Least Privilege

The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.

Source: NIST Glossary



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

正式環境中的一台交換式集線器正在接收大量流量,這導致環境定址記憶體(CAM)之表格溢位(overflow)。 它開始將流量泛洪(flood)到所有端口,因而容易受到嗅探(sniffing)攻擊。 以下哪個安全原則應先實施,以防止嗅探攻擊?
A. 可信任回復 (Trusted recovery)
B. 安全失敗 (Secure failure)
C. 安全默認值 (Secure defaults)
D. 最小特權 (Least privilege)


Leave a Reply