The Effective CISSP: Security and Risk Management

The CISSP exam tests not only your technical foundation but also your management concepts. Many CISSP aspirants fail in Domain 1, 2, 6, or 7. It can be an indicator that they may not have connected the dots, e.g., information security governance, risk management, strategic management, project/program management, business continuity, etc.

My book, The Effective CISSP: Security and Risk Management, introduces those concepts that can help you build a solid foundation of information security from the perspective of information systems, business processes, and the organization.

If you have just started your CISSP or CISM (yes, CISM) journey, lost in the jungle of knowledge, or even failed in any of the domains mentioned above, The Effective CISSP: Security and Risk Management will make it straight.

Click the following book to get a copy to kill the beast!

The Effective CISSP: Security and Risk Management
The Effective CISSP: Security and Risk Management

CISSP PRACTICE QUESTIONS – 20201127

Effective CISSP Questions

You started a software house two years ago that builds and implements custom software solutions for clients. As there existed no organizational project management standard and unified processes, your company relied on senior project managers capable of managing projects and delivering software to clients based on their own approaches and experience. Which of the following is the maturity level that best describes your company in terms of CMMI?
A. Initial
B. Repeatable
C. Managed
D. Defined

Continue reading

CISSP PRACTICE QUESTIONS – 20201125

Effective CISSP Questions

An unknown vulnerability is discovered after conducting a vulnerability scanning against your company’s official web site. You are analyzing it and calculating its score based on CVSS v3.1. Which of the following is not a mandatory metric?
A. Attack Vector (AV)
B. Exploit Code Maturity (E)
C. User Interaction (UI)
D. Privileges Required (PR)

Continue reading

CISSP PRACTICE QUESTIONS – 20201124

Effective CISSP Questions

You are conducting a vulnerability assessment against your company’s official web site. Which of the following should be scanned first?
A. Known weaknesses in the CWE List
B. Known vulnerabilities in the CVE List
C. Undiscovered or unknown vulnerabilities
D. The attack surface determined after the threat modeling

Continue reading

CISSP PRACTICE QUESTIONS – 20201123

Effective CISSP Questions

In a threat modeling meeting, the development team identified a couple of attack vectors. Most of them appear in the OWASP Top 10. Which of the following should be done first to address the attack surface?
A. Prioritize and sort the attack vectors
B. Calculate the risk exposure of each attack vector
C. Submit a change request to revise the architectural design
D. Evaluate and determine the scope of the attack surface to be addressed

Continue reading