Exam CISSP topic 1 question 390 discussion

It's not that hard guys. We're after CONFIDENTIALITY and INTEGRITY. A: A firewall and reverse proxy (sort-of) address confidentiality in that they BOTH filter out unwanted connections. B: A WAF and HTTPS will enable availability (WAFs protect from malicious requests that could take the app down) and confidentiality (HTTPS ensures private communicates). C: Encryption ensures that data is confidential (unreadable unless you have the key) and has integrity (you cannot tamper with encrypted data without destroying it). D: Firewall and IPS--Same as A, they both address confidentiality but do nothing to guarantee integrity.

Must be C. Other options: A. Firewall and reverse proxy focus on perimeter defense, but they don't inherently guarantee data confidentiality or integrity. B. WAF and HTTPS help protect web applications and data in transit, but they do not cover data at rest, leaving stored data vulnerable. D. Firewall and IPS help with network-level threats but don't protect the content of the data itself.

C. Encryption of data in transit and data at rest Explanation: The CISO’s primary responsibility is to protect the confidentiality and integrity of the organization’s information systems. Encryption of data in transit and data at rest is the FIRST priority because it directly addresses these goals. Why Encryption (C) is Prioritized First: Confidentiality: Encryption ensures that even if data is intercepted (in transit) or accessed (at rest), it remains unreadable without the decryption key. Integrity: Modern encryption methods (e.g., AES, TLS) include mechanisms to detect tampering, ensuring data integrity. Regulatory Compliance: Financial institutions are often required by regulations (e.g., PCI DSS, GDPR) to encrypt sensitive data.

Went with C but I am not fully confident in it. Main thing I pulled out is that it is a financial organization so there are likely strict regulations on the encryption of that data over anything else.

ChatGPT says: In the context of protecting the confidentiality and integrity of information systems, the control that should be prioritized FIRST is: C. Encryption of data in transit and data at rest

This is a classic CISSP test of semantics, imo. The answer that correlates to the question is WAF and HTTPS. You have to pay attention to the solution that fits the exact question.

WAF for integrity and HTTPS for confidentiality

This is because encryption provides an additional layer of protection to sensitive data, making it more difficult for attackers to access or steal. Firewall, WAF, HTTPS, and IPS are also important security controls, but encryption should be prioritized first to ensure the confidentiality and integrity of the organization's information systems.

Encryption only protects confidentiality; hashing protects integrity so it can't be C. D does seem the best answer.

Agree with C