New Ideas - 18 - Domain 3

CISSP Defense-in-Depth Question Pattern

When CISSP asks for the BEST balance of security and practical constraints, the preferred answer is often the one that adds reasonable layered protections or secondary validation checks, especially for sensitive systems or PII.

CISSP assumes that real-world controls may be implemented imperfectly, weakened over time, or fail in unexpected ways, so layered controls are preferred over relying on a single control to work perfectly forever. Phrases like “secondary check,” “defense in depth,” and “layered validation” are strong indicators of the preferred answer when operational overhead remains reasonable.

CH: CISSP assumes controls eventually fail, so layered protections usually beat single-control elegance.

CISSP Multi-Clause Architecture Question Pattern

When CISSP architecture questions contain multiple descriptive clauses, the clauses often describe different aspects of the SAME solution rather than separate requirements.

Phrases like: “logical isolation” “inside a public cloud” “customizable network configuration” may collectively define a single concept such as a Virtual Private Cloud (VPC). A common exam trap is mentally separating the clauses and drifting toward a broader architecture category like hybrid cloud.

CH: Keep related clauses together before mapping to an architecture term.

Quantum Key Distribution (QKD) — CISSP Core Concept

Quantum Key Distribution uses quantum physics to securely exchange encryption keys in a way that allows eavesdropping attempts to be detected. Its primary advantage is that security does not depend on the attacker’s computational power, making it resistant to future quantum computing threats against traditional asymmetric cryptography.

QKD still requires classical communication channels and separate authentication mechanisms.

CH: QKD relies on physics, not hard math problems.

Blockchain — Hash Functions vs Digital Signatures

Hash functions maintain blockchain integrity and immutability by linking blocks together through hashes of previous blocks. Any modification changes the hash and breaks the chain, making tampering detectable. Digital signatures authenticate transactions and verify ownership, but they do not provide the chained immutability of the ledger itself.

CH: Hashes protect the chain, signatures protect the transaction sender.

Differential vs Linear Cryptanalysis

• Differential cryptanalysis studies how small differences in plaintext affect differences in ciphertext through the encryption process.

• Linear cryptanalysis uses statistical and approximate linear relationships between plaintext, ciphertext, and key bits to analyze a cipher.

Both are cryptanalytic attacks against block ciphers at a mathematical analysis level.

CH: Differential compares changes, linear finds statistical patterns.

ITSEC vs TCSEC — User Documentation Focus

TCSEC (Orange Book) primarily emphasizes defined security functions, classification levels, and technical evaluation criteria. ITSEC places greater emphasis on operational assurance and detailed documentation explaining secure system operation and usage.

CH: TCSEC focuses on security functions, ITSEC focuses more on secure operation guidance.

Aspirating Smoke Detection System

A fire detection system that continuously draws air through pipes to detect extremely small amounts of smoke particles before visible smoke, flames, or major heat buildup occur. Provides the earliest warning of fire among common detection technologies and is commonly used in critical infrastructure environments such as data centers.

CH: Aspirating = actively “breathing in” air to detect trace smoke early.

CISSP Contextual Definition Question Pattern

CISSP questions often depend not on the general definition of a concept, but on which property or role of the concept is most relevant in the scenario.

For a Trusted Computing Base (TCB), the relevant aspect may shift between: the total collection of trusted security components or the centralized trusted enforcement and security policy mechanism. When paired with decentralized technologies such as blockchain, CISSP is often testing the conflict between centralized policy enforcement and distributed trust models.

CH: CISSP tests the relevant property of a concept in context, not just the base definition.

Containers vs Virtual Machines (CISSP context)

Containers provide lightweight application isolation by packaging applications with their required runtime libraries and dependencies while sharing the host operating system kernel. Virtual machines provide stronger isolation by running separate full operating systems, but with significantly greater resource overhead. Containers are often preferred when applications require different dependencies but minimal overhead.

CH: Containers isolate applications and dependencies efficiently, VMs isolate entire operating systems.