ISC2-CISSP Domain 3: Security Architecture and Engineering Welcome to your ISC2-CISSP Domain 3: Security Architecture and Engineering 1. CISSP: Security Architecture and Engineering In the context of secure cryptographic design, which of the following is MOST critical for ensuring the security of a block cipher mode of operation? A. The complexity of the key generation algorithm. B. The size of the block processed by the cipher. C. The randomness of the initialization vector (IV). D. The throughput rate of the encryption process. None 2. CISSP: Security Architecture and Engineering When implementing a security control for a new software development project, which of the following principles is MOST important to ensure the effectiveness of the security control? A. Least privilege. B. Open design. C. Defense in depth. D. Fail-safe defaults. None 3. CISSP: Security Architecture and Engineering In the field of digital forensics, which of the following is the MOST crucial aspect when considering the admissibility of digital evidence in court? A. The encryption algorithm used to secure the data. B. The chain of custody documentation. C. The storage capacity of the device containing the evidence. D. The brand of the digital forensics software used. None 4. CISSP: Security Architecture and Engineering In secure system design, which of the following is the MOST effective measure to protect against side-channel attacks? A. Implementing strict access controls. B. Using hardware-based encryption modules. C. Ensuring constant-time execution of cryptographic algorithms. D. Regularly updating the system's firmware. None 5. CISSP: Security Architecture and Engineering In the deployment of an Intrusion Detection System (IDS), which of the following considerations is MOST critical for its effectiveness in a high-security environment? A. The geographic distribution of the sensors. B. The integration with existing network infrastructure. C. The selection between signature-based or anomaly-based detection. D. The rate of false positives generated by the system. None 6. CISSP: Security Architecture and Engineering When designing a Public Key Infrastructure (PKI), which of the following is the MOST significant factor to ensure the reliability and trustworthiness of the system? A. The length of the cryptographic keys used. B. The robustness of the Certificate Revocation List (CRL) mechanism. C. The physical security of the Certificate Authority (CA). D. The policies governing the issuance of certificates. None 7. CISSP: Security Architecture and Engineering In the implementation of a secure network architecture, which of the following is the MOST effective strategy to isolate sensitive systems from the internet? A. Deploying antivirus software on all endpoints. B. Implementing a demilitarized zone (DMZ). C. Using a network-based Intrusion Prevention System (IPS). D. Segmenting the network with firewalls. None 8. CISSP: Security Architecture and Engineering When considering the deployment of a biometric authentication system, which of the following metrics is MOST important in evaluating the system's performance? A. User acceptance rate. B. False acceptance rate (FAR). C. Enrollment time per user. D. Template storage requirements. None 9. CISSP: Security Architecture and Engineering In the context of mobile device security, which of the following is the MOST critical consideration to protect sensitive corporate data on employee-owned devices 'BYOD'? A. The implementation of a strong password policy. B. The encryption of data stored on the device. C. The ability to remotely wipe the device if it is lost or stolen. D. The use of antivirus software on the device. None 10. CISSP: Security Architecture and Engineering In the context of secure system architecture, which of the following concepts is MOST critical for ensuring data confidentiality and integrity in a multi-tenant cloud environment? A. Data deduplication efficiency. B. Mandatory access control (MA C. implementation. C) Network throughput optimization. D. Virtual machine (VM) snapshot frequency. None 11. CISSP: Security Architecture and Engineering When designing a secure communication protocol, which of the following is MOST important for protecting against man-in-the-middle (MITM) attacks? A. Session token validity period. B. Mutual authentication mechanism. C. Packet routing optimization. D. Compression algorithm efficiency. None 12. CISSP: Security Architecture and Engineering In the development of a secure operating system, which of the following is the MOST crucial feature to prevent privilege escalation attacks? A. Customizable user interfaces. B. Kernel-level access controls. C. Memory swap file encryption. D. Dynamic link library (DLL) signing. None 13. CISSP: Security Architecture and Engineering When integrating an intrusion detection system (IDS) into a corporate network, which of the following is MOST critical for minimizing the impact on network performance? A. Signature database size. B. Analysis engine throughput. C. Update frequency. D. Sensor distribution strategy. None 14. CISSP: Security Architecture and Engineering In the application of cryptography to secure data at rest, which of the following factors is MOST important for balancing security and performance? A. Encryption algorithm block size. B. Key management lifecycle complexity. C. Use of hardware security modules (HSMs). D. Choice of symmetric or asymmetric encryption. None 15. CISSP: Security Architecture and Engineering In ensuring the security of embedded systems, which of the following practices is MOST effective in preventing firmware tampering? A. Regular firmware updates. B. Use of non-executable memory areas. C. Firmware signing with a digital signature. D. Implementation of watchdog timers. None 16. CISSP: Security Architecture and Engineering When assessing the risk of side-channel attacks on a cryptographic system, which of the following is the MOST significant factor to consider? A. The cryptographic algorithm's computational complexity. B. The physical access control to the cryptographic system. C. The timing information leaked during cryptographic operations. D. The size of the encryption key. None 17. CISSP: Security Architecture and Engineering In the context of digital rights management (DRM) systems, which of the following is MOST important for ensuring the confidentiality of protected content? A. The complexity of the content access policies. B. The encryption method used for content protection. C. The user authentication protocol. D. The distribution mechanism for the content. None 18. CISSP: Security Architecture and Engineering In the deployment of secure cloud storage services, which of the following is MOST critical for protecting data integrity? A. Data deduplication strategies. B. Client-side encryption. C. Redundant storage across multiple locations. D. Implementation of cryptographic hash functions. None 19. CISSP: Security Architecture and Engineering When evaluating the security of a virtualized environment, which of the following factors is MOST important for isolating virtual machines (VMs) from each other? A. The physical server's CPU utilization. B. The type of hypervisor used. C. The network bandwidth allocated to each VM. D. The implementation of virtual machine introspection (VMI) tools. None 20. CISSP: Security Architecture and Engineering In securing an Internet of Things (IoT) ecosystem, which of the following is MOST effective in mitigating the risk of device compromise due to outdated software? A. Network segmentation. B. Regular device auditing. C. Automated over-the-air (OTA) updates. D. Strong device authentication mechanisms. None 1 out of 20 Time is Up! Time's up