CISSP PRACTICE QUESTIONS – 20210302

Effective CISSP Questions

According to FISMA, which of the following is the security objective primarily impacted by the unauthorized destruction of information?
A. Accountability
B. Integrity
C. Confidentiality
D. Availability

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Integrity.

There has been a debate on “the destruction of information itself” and “the disruption of access to or use of information or an information system.” However, the FISMA and FIPS 199 explicitly and precisely distinguish the two.

The following slide is an excerpt about security objectives from the FIPS 199, which aligns with the FISMA:

CIA as Security Objectives
CIA as Security Objectives

Integrity

The following is an excerpt about integrity from the FISMA:

“Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity…” [44 U.S.C., Sec. 3542]

Availability

  • AVAILABILITY is about “Ensuring timely and reliable access to and use of information…” [44 U.S.C., SEC. 3542]
  • FIPS 199 reads “A loss of availability is the disruption of access to or use of information or an information system.”

Data Sanitization Methods

“Destroy” is a data sanitization method introduced in the NIST SP 800-88 R1, while “Destruction” is a technique (e.g., destructive techniques) that can “destroy” the media. However, destructive techniques typically can “destroy” the media, but they don’t guarantee the media can be completely destroyed.

Destroy, destruction, and disruption may have similar meanings, but they may refer to different things in various contexts.

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

根據FISMA,以下哪個安全目標主要受到未經授權的信息破壞(destruction)的影響?
A. Accountability
B. Integrity
C. Confidentiality
D. Availability

Leave a Reply