CISSP PRACTICE QUESTIONS – 20210923

Effective CISSP Questions

A web server sends an authentication code to the user’s mobile phone through short messages after validating the user credential. To reduce the web server’s workload, the architect has the stateless web server send a cookie containing authentication code to shift authentication code validation to browsers. To validate the authentication code input by the user, which of the following is the best design to protect the authentication code in the cookie responded by the web server in terms of the economy of mechanism principle? (Wentz QOTD)
A. Send the authentication code in plain text to boost performance and scalability
B. Encrypt the authentication code using a proprietary encryption algorithm designed by a security expert
C. Encrypt the authentication code using the Advanced Encryption Standard (AES)
D. Send the unencrypted hash of the authentication code

Continue reading

CISSP PRACTICE QUESTIONS – 20210922

Effective CISSP Questions

One of the security framework’s purposes is to guide the selection of controls based on security requirements to secure information systems. Which of the following is correct about security frameworks? (Wentz QOTD)
A. A framework sets the standard for organizations to follow
B. A framework should be as exhaustive as possible
C. A framework may lead to mandatory practices
D. Various frameworks should not be adopted simultaneously

Continue reading

CISSP PRACTICE QUESTIONS – 20210917

Effective CISSP Questions

Alice wants to send a contract with a digital signature that enforces nonrepudiation to Bob. Which of the following best describes the process of generating the digital signature? (Wentz QOTD)
A. Generate a message authentication code of the contract using SHA
B. Generate the contract digest encrypted by Bob’s public key
C. Encrypt the hash value of the contract using Alice’s private key
D. Produce a ciphertext of the contract digest using a secret key agreed by Diffie-Hellman

Continue reading

CISSP PRACTICE QUESTIONS – 20210916

Effective CISSP Questions

As a security professional, you have to ensure the effectiveness of information security and comply with requirements such as laws, regulations, industrial standards, contracts, organizational policies, code of ethics, etc. Which of the following should you follow when compliance requirements are not consistent? (Wentz QOTD)
A. Laws
B. Regulations
C. Industry standard
D. Organizational policies

Continue reading