CISSP Practice Questions

You are the development team leader and recently found your nightly build failed from time to time. Eve was a disgruntled developer in your team and quit last month. She is responsible for part of the solution and not authorized to integrate the solution. She installed a program running under the local system privilege to delete, on Monday midnights, some source code in the local code repository pushed to the central code repository to be integrated.

1. What is the program installed by Eve called?
A. Encapsulation
B. Maintenance hook
C. Multipartite
D. Logic bomb

2. You decide to conclude that Eve is accountable for the failures of the nightly builds. Which of the following is the least important?
A. Authentication
B. Authorization
C. Auditing
D. Non-repudiation

Continue reading

What is Discovery in a Civil Case?


Discovery is the pre-trial phase in a lawsuit in which each party investigates the facts of a case, through the rules of civil procedure, by obtaining evidence from the opposing party and others by means of discovery devices including requests for answers to interrogatories, requests for production of documents and things, requests for admissions, and depositions.


  1. Requests for answers to interrogatories
  2. Requests for production of documents and things
  3. Requests for admissions
  4. Depositions

Electronic discovery

Electronic discovery or “e-discovery” refers to discovery of information stored in electronic format (often referred to as Electronically Stored Information, or ESI).




Information Security Governance



Information Security Governance

As a CISO, how do you govern information security? What are governance, risk, and compliance?

The Amicliens InfoSec Conceptual Model is a blueprint for you to prepare for the CISSP exam, while the Information Security Governance blueprint guides you through your CISM journey.

Both blueprints cover the topic of GRC. To nurture your business mindset, think about operations, management, and governance.



CISSP Practice Questions

After risk assessment, your company assigned you to prepare a disaster recovery plan to handle the identified disasters. A hot site, warm site, and cold site are common alternatives to the primary site. You are considering the backup site alternatives when preparing the disaster recovery plan. Which of the following will be your most concern?
A. Risk Appetite
B. Management Buy-in
C. Maximum Tolerable Downtime
D. Recovery Time Objective

Continue reading

Effective CISSP

Effective CISSP

Effective CISSP

It doesn’t matter how much you have read,
what really matters is how much you have learned.

  1. Understand every single term in the CISSP Exam Outline.
  2. Use the ISC2 official study guide. (comprehension over memorization)
  3. Read NIST and references suggested by ISC2. (a mile wide, an inch deep)
  4. Do at least 2500 practice questions. (quality over quantity)
  5. Follow Wentz’s blog and join his Effective CISSP Facebook group.
  6. Take the exam within 6 months.

Controls, Security Controls, and Access Controls?

Controls, Security Controls, and Access Controls?

Security Controls are grouped into 18 families according to NIST SP800-53, 14 categories in ISO 27002, and 3 categories (Administrative, Technical, and Physical) by HIPAA.

The official CISSP study guide, Sybex 8th Edition, defines 7 types of what? Types of “controls” or types of “access controls”? “Controls” are different from “Access Controls”. Access Control is just one of the families or categories in terms of NIST or ISO.

Please refer to page 79 and 582 in the Sybex 8th. You will find out the inconsistent materials.

Related Posts

Manage to Succeed in Your CISSP Exam

What is Management?

Critical Success Factors

The CISSP exam is undoubtedly challenging, but you can manage to succeed as I did.
The following are the critical success factors:
  1. Discipline and Commitment
  2. SMART Goals and Study Plan
  3. Effective Study Materials
  4. Effective and Efficient Study Approach

Discipline and Commitment

  • Keep studying every day. It’s more effective to study constantly than intermittently.
  • Reserve enough funds for your CISSP.

SMART Goals and Study Plan

  • Determine your exam date. You don’t have to register and pay for the exam immediately, but I encourage you to do so in the beginning. If you feel that you are not well prepared one week before your exam date, reschedule it.
  • Evaluate how many study hours you will spend preparing for the CISSP exam. In my opinion, 250-hour is a ballpark figure for your reference. Work experience related to general management, project management, ITIL foundation, and network essentials helps.

Effective Study Materials

  • Get one and only one study guide as your primary source; If you are affordable, a second source isn’t a bad idea. I recommend the ISC2 official study guide from Sybex as the primary.
  • Make good use of the practice questions and other resources companioned with the study guide. Typically, you can register the book online to get access to the online practice questions.
  • Get a reliable source of questions for more practice.
  • Before you sit for the CISSP exam, practice at least 2500 questions.

Effective and Efficient Study Approach

  • Keep a constant and stable pace of study.
  • Use the top-down approach. Building the high-level conceptual model of information security (your study blueprint) in the first one or two weeks is crucial. Don’t dive into the details in the beginning.
  • Weigh concepts over the facts. Please do understand how the principles, processes, lifecycles, and frameworks work and how to apply them in practice. Rote learning or memorizing everything doesn’t work.
  • Study information security with a business mindset. Relate what you have learned to your job; that is, study to solve problems and deliver values.

My Journey to Success

Get Started Your CISSP Journey!

Please refer to the CISSP Starter Page to start your CISSP journey, and join Wentz’s Effective CISSP Facebook group to learn and share together!

Days Spent in My Exam Preparation

CISSP Exam Outline

Book Collections of 2018



Information Security with Business Mindset

InformationSecurityDefinitionInfoSec with Business Mindset

The PeacockCISSP_Domains

Information Security is a discipline to protect information and information systems from threats through security controls to achieve the objectives of confidentiality, integrity, and availability (Tier 3), or CIA for short, support the organizational mission and processes (Tier 2) and create and deliver values (Tier 1).

Information security shouldn’t be a silo or managed with tunnel vision. Security is pervasive and ubiquitous. It has no border or the border of security should be removed if any.

A CISSP is a certified security professional of “Information Systems”. He or she should protect the underling information systems that support business processes and the organization as the diagram shows.

PS. An information system may support one or more different business processes, but the relationship between them in the diagram is simplified.