Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house by an integrated product team (IPT). In a meeting, the COO is concerned with performance issues resulting in loss of customer orders because of transaction timeout or customer impatience. Which of the following is the most appropriate to address this concern?
A. Use client scripts to simulate customer’s behavior
B. Conduct Fagan analysis to ensure source code is optimal
C. Install a debugger to monitor the performance of the production system
D. Implement a content distribution network to offload web server performance

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Use client scripts to simulate customer’s behavior.


Monitoring Mechanisms

Synthetic Transactions as Active/Proactive Monitoring

Synthetic transactions as a monitoring mechanism work by using client scripts to simulate customer’s behavior. These scripts may be run on agents installed on various locations to test the application’s performance or availability.

The Microsoft System Center Operations Manager (SCOM) provides the following types of synthetic transactions to monitor performance or availability:

  • Web site monitoring
    uses synthetic transactions to perform HTTP requests to check availability and to measure the performance of a Web page, Web site, or Web application.
  • Database monitoring
    uses synthetic transactions to monitor the availability of a database.
  • TCP Port Monitoring
    uses synthetic transactions to measure the availability of your Web site, service, or application.

Real User Monitoring (RUM) as Passive monitoring

Real User Monitoring records all user interaction with a website by deploying client scripts injected into the web page to provide feedback from the browser.

Debugging and SOD

A software bug is an error, flaw, failure or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. The process of finding and fixing bugs is termed “debugging“.

Source: Wikipedia

The tool used to find and fix the bugs is called debugger. A debugger typically is not used for improving performance.

Besides, installing a debugger on the production system for debugging violates the security principle, separation of duty.

Conduct Fagan analysis to ensure source code is optimal

Content Distribution Network (CDN)

A content distribution network is basically a distributed cache featured by the auto-synchronization of content. It is used to improve web performance by downloading the content from the cache that is closest to the client. It won’t improve the performance of database transactions.


  • Transaction timeout or customer impatience implies the performance issue can be caused by the download speed of web content or the processing speed of database transactions. A CDN improves the download speed of web content only.
  • A debugger is used to fix bugs, not improve performance. Debugging on the production system violates the principle of separation of duty.
  • Fagan analysis is a formal review. To apply Fagan analysis on the review code may be too rigid to justify the costs and benefits. Performance issue typically involves dynamic testing techniques.
  • To solve a problem, one should define the problem, analyze it to find out the root cause, work out a solution, and implement the solution to solve the problem.
  • COO’s concern should be defined and analyzed first. Using Synthetic transactions is a simulation as an effective measure to define and analyze the performance problem.

3 thoughts on “CISSP PRACTICE QUESTIONS – 20191007

  1. My Suggested Answer is D.

    Reason is that rest all options are time consuming and would lead to further loss of orders. The foremost priority should be to improve performance.

  2. My answer is D
    As it talks about performance issue and transaction time out which directly relates to Availability. As an CDN we can distribute the load to solve COO concern.

Leave a Reply