CISSP PRACTICE QUESTIONS – 20190922

Effective CISSP Questions

You are the CISO for a global company. After studying the mission vision, strategic goals, the corporate strategy, and business and security requirements, you start to develop the information security strategy. Which of the following should you conduct first?
A. Determine the blueprint and milestones
B. Conduct gap analysis
C. Consider resources and constraints
D. Develop an information security program policy

Continue reading

CISSP PRACTICE QUESTIONS – 20190921

Effective CISSP Questions

Your company decides to engineer an information system in-house to support the new business of selling toys online. The development team is in the process of selecting the compiled programming language to develop the back-end system which deals with the business logic and data access and will be evaluated in terms of performance, availability, scalability, security, maintenance, and extensibility, while security is the most concern. Which of the following is the most appropriate?
A. C++
B. Python
C. Java
D. JavaScript with Node.js

Continue reading

CISSP PRACTICE QUESTIONS – 20190919

Effective CISSP Questions

You are working for a company as the CISO. Your company decided to go for the ISO 27001 certification. After six months of preparation, the external audit by a certain certification body is scheduled for next Monday. If your company passes the audit, it will receive the ISO 27001 certificate. Which of the following is the least common activity conducted by the external auditors?
A. Invite senior management for meeting
B. Consult subject matter experts
C. Conduct penetration testing to validate the security controls
D. Ask for documents before on-site auditing

Continue reading