CISSP PRACTICE QUESTIONS – 20220127

Effective CISSP Questions

Which of the following is a security assurance requirement class defined in Common Criteria (CC)? (Wentz QOTD)
A. Non-repudiation of receipt
B. Access control policy
C. Trusted path
D. Interactions between composed IT entities


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20220126

Effective CISSP Questions

You are implementing security controls to mitigate threats. Which of the following best describes the target you are treating? (Wentz QOTD)
A. Uncertainty, likelihood, or possibility
B. Effect, consequence, or impact
C. Residual risk
D. Risk exposure


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20220125

Effective CISSP Questions

On August 20, 1998, NIST announced a group of fifteen AES candidate algorithms at the First AES Candidate Conference (AES1) and selected five algorithms from the fifteen as “AES finalists in Round 2 (AES2). Which of the following is least considered in the NIST cryptographic standard selection process? (Wentz QOTD)
A. Kerckhoff’s principle
B. Open design
C. Work factor
D. Locard’s principle of exchange


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20220124

Effective CISSP Questions

You are counting letters in the ciphertext and drawing a histogram for cryptanalysis. Which of the following is least related to the cryptanalysis? (Wentz QOTD)
A. Transposition cipher
B. Frequency analysis
C. Ciphertext-only attack (COA)
D. Side-Channel Analysis


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20220123

Effective CISSP Questions

On August 20, 1998, NIST announced a group of fifteen AES candidate algorithms at the First AES Candidate Conference (AES1) and selected five algorithms from the fifteen as “AES finalists in Round 2 (AES2). Which of the following is not one of the five AES finalists? (Wentz QOTD)
A. MARS
B. RC6
C. Serpent
D. Blowfish


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20220122

Effective CISSP Questions

Which of the following doesn’t support the single sign-on (SSO) feature? (Wentz QOTD)
A. Credential Management Systems
B. Kerberos
C. Scripted access or logon scripts
D. Identity Federation


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20220120

Effective CISSP Questions

You lead an integrated product team to develop a software solution. Which of the following is incorrect about threat modeling? (Wentz QOTD)
A. Threat modeling emphasizes identifying and addressing design flaws before coding.
B. Ideally, threat modeling is applied as soon as an architecture has been established.
C. Threat modeling should be conducted in the initiation phase as mentioned in the NIST SDLC.
D. The express aim of threat modeling is to identify and eliminate architectural and design issues.

Continue reading