CISSP PRACTICE QUESTIONS – 20211022

Effective CISSP Questions

Your organization is a well-known software development organization aiming to improve development processes and deliver quality software. Which of the following is the best instrument to benchmark how well your organization performs against other organizations in terms of security? (Wentz QOTD)
A. Capability Maturity Model Integration (CMMI)
B. Cybersecurity Maturity Model Certification (CMMC)
C. Building Security In Maturity Model (BSIMM)
D. Software Assurance Maturity Model (SAMM)

Continue reading

CISSP PRACTICE QUESTIONS – 20211018

Effective CISSP Questions

Which of the following statements about NFV, SDN, SDP, and Zero Trust is not true? (Wentz QOTD)
A. Network Function Virtualization (NFV) typically uses proprietary servers to run network services for performance.
B. Software-defined networking (SDN) decouples the network control and forwarding functions that communicate through application programming interfaces (APIs).
C. Software Defined Perimeters (SDP) leverages existing technologies, such as VPN, SDN, micro-segmentation, etc. to enforce security.
D. Zero Trust concepts can be implemented using SDP.

Continue reading

CISSP PRACTICE QUESTIONS – 20211017

Effective CISSP Questions

Which of the following processes help ensure the organization’s capability to acquire and supply products or services through the initiation, support, and control of projects and provide resources and infrastructure necessary to support projects? (Wentz QOTD)
A. Agreement processes
B. Organizational project-enabling processes
C. Technical management processes
D. Technical processes

Continue reading

CISSP PRACTICE QUESTIONS – 20211016

Effective CISSP Questions

Attribute-Based Access Control (ABAC) is a logical access control model that is distinguishable because it controls access to objects by evaluating rules against the attributes of the entity’s actions relevant to a request. Which of the following is not a source of attributes used in ABAC? (Wentz QOTD)
A. Security kernel
B. Environment
C. The active party of the request
D. The resource accessed by the subject

Continue reading