CISSP PRACTICE QUESTIONS – 20210418

Effective CISSP Questions

Your company establishes an E-Commerce website that sells toys around the world. All traffic is protected by HTTPS. Which of the following is the most feasible approach for the browser to submit the user’s password to the webserver? (Wentz QOTD)
A. Raw password
B. Hashed password
C. Salted password
D. Digital signature

Continue reading

SEMI Standards Program

Image Credit: TSMC (https://www.tsmc.com)

SEMI Standards Program

The SEMI International Standards Program is one of the key services offered by Semiconductor Equipment and Materials International (SEMI) for the benefit of the worldwide semiconductor, photovoltaic (PV), LED, MEMS and flat panel display (FPD) industries. Standards offer a way to meet the challenges of increasing productivity while enabling business opportunities around the globe. The program, started over 40 years ago in North America, was expanded in 1985 to include programs in Europe and Japan, and now also has technical committees in China, Korea and Taiwan.

SEMI Standards and Smart Manufacturing

While the concept of smart manufacturing is receiving increased attention in recent times, the SEMI Standards Program has for many years been developing the fundamental standards that enable today’s highly adaptive, self-diagnosing, and interoperable fabs. Since the initial publication of the original SEMI Equipment Communication Standard (SECS-I), E4, in the early 1980s, the SEMI Standards Information and Control Committee has continuously responded to the needs of the industry. Major cost reductions and efficiency improvements in factory integration were realized through SECS and GEM (Generic Equipment Model) in the 1990s, as equipment behavior became standardized.

More recently, smaller feature sizes and more restrictive tolerances have intensified the need for greater visibility into the entire manufacturing process. Fab manufacturing information must be collected and evaluated in greater amounts than ever before. The overall health of the equipment, performance, and process monitoring are examples of data collected to improve overall equipment efficiency. Continuous monitoring, on-demand data, data security and a single point of control through a single point of command are all required, with the caveat that equipment performance not be impacted.

Source: SEMI

Equipment Data Acquisition (EDA)

  • EDA Interface A: HTTP/1.1 and SOAP/XML
  • EDA Freeze 3: HTTP/2, gRPC™

Fab and Equipment Information Security

  • SEMI 6506: Specification for Cybersecurity of Fab Equipment.
  • SEMI 6566: Specification for Malware Free Equipment Integration

CISSP PRACTICE QUESTIONS – 20210416

Effective CISSP Questions

Your company is considering a proposal that sells or divests a business unit to a conglomerate for financial purposes. Some impacted employees may resign, while other divested employees are concerned with the new work location. As a security professional involved in the transaction, which of the following should your company conduct first? (Wentz QOTD)
A. Exit interview
B. Deprovisioning
C. Data sanitization
D. Security assessment

Continue reading

CISSP PRACTICE QUESTIONS – 20210415

Effective CISSP Questions

As the CISO of a multinational corporation, which of the following least likely belongs to one of your responsibilities? (Wentz QOTD)
A. Formulate the corporate strategy
B. Report to the CFO as your supervisor
C. Support delivery of products and services
D. Establish an information security management system

Continue reading

CISSP PRACTICE QUESTIONS – 20210414

Effective CISSP Questions

Your organization’s PBX has been end-of-support. The Original Equipment Manufacturer (OEM) offered a costly newer model as a replacement. However, secondary market suppliers can provide the same model with lower prices. Which of the following is the most concern if the replacement from a secondary market supplier is selected? (Wentz QOTD)
A. The clause of End-of-Life (EOL)
B. The new clause of End-of-Support (EOS)
C. Product counterfeits
D. Non-compliance with Common Criteria (CC)

Continue reading

CISSP PRACTICE QUESTIONS – 20210413

Effective CISSP Questions

You have provisionally passed the CISSP exam and exercise your due diligence reviewing the (ISC)² Code Of Ethics. Which of the following is correct? (Wentz QOTD)
A. Complaints in the form of a sworn affidavit will not be considered.
B. A jury of peer CISSPs is established on a project basis to hear ethics complaints.
C. Complaints without specifying the violated canon of the Code of Ethics will be considered.
D. Complaints will be accepted only from those who claim to be injured by the alleged behavior.

Continue reading