CISSP PRACTICE QUESTIONS – 20191029

Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The development team is designing the data model for the SQL database based on the entity-relationship diagram. It splits the comma-separated values (CSV) data stored in a field into multiple fields. Which of the following best describes the process?
A. Split horizon
B. Normalization in 1NF
C. Normalization in 2NF
D. Key clustering

Continue reading

Data Dictionary as a Metadata Repository

abap-data-dictionary

Metadata

Metadata is “data that provides information about other data”. In short, it’s data about data.

Source: Wikipedia

Schema

Database Schema

The database schema of a database is its structure described in a formal language supported by the database management system (DBMS). The term “schema” refers to the organization of data as a blueprint of how the database is constructed (divided into database tables in the case of relational databases).

Source: Wikipedia

A database generally stores its schema in a data dictionary. (Wikipedia)

Snowflake Schema

In computing, a snowflake schema is a logical arrangement of tables in a multidimensional database such that the entity relationship diagram resembles a snowflake shape.

Source: Wikipedia

XML Schema

An XML schema is a description of a type of XML document, typically expressed in terms of constraints on the structure and content of documents of that type, above and beyond the basic syntactical constraints imposed by XML itself.

Source: Wikipedia

Data Dictionary

A data dictionary is used to standardize a definition of a data element and enable
a common interpretation of data elements.

A data dictionary is used to documentstandard definitions of data elements, their
meanings, and allowable values. A data dictionary contains definitions of each
data element and indicates how those elements combine into composite data
elements. Data dictionaries are used to standardize usage and meanings of data
elements between solutions and between stakeholders.

Data dictionaries are sometimes referred to as metadata repositories and are used
to manage the data within the context of a solution. As organizations adopt data
mining and more advanced analytics, a data dictionary may provide the metadata
required by these more complex scenarios. A data dictionary is often used in
conjunction with an entity relationship diagram (see Data Modelling (p. 256)) and
may be extracted from a data model.

Data dictionaries can be maintained manually (as a spreadsheet) or via automated
tools.

Source: IIBA/CBAP BABOK v3

Summary

  • Metadata is data about data. It’s not the data itself.
  • Schema is one type of metadata that describes how the data is organized.
  • Data Dictionary details may include definitions, relationships with other data, origin, format, and usage.
  • A data dictionary is a collection of metadata conceptually and a repository of metadata physically.

Goals and Objectives

Goals and Objectives

The Hierarchy of Objectives

“Goals” and “Objectives” are often used interchangeably. However, we can use them in a more specific way to communicate effectively.

A goal is a written statement of desired outcomes or future state. It is typically broken down into objectives that are then broken down further to a reasonable level and organized hierarchically. The hierarchy is not limited to two levels. From this point of view, a goal is an upper-level objective (parent) relative to the lower-level ones (children) broken down from it.

Goals

Objectives

  • Broad
  • Long-term
  • Upper-level
  • Measured by KPIs or KGIs
    (Key Goal Indicators)
  • Specific
  • Short-term
  • Lower-level
  • Measured by KPIs
    (Key Performance Indicators)

Performance

Success is the result of achieving the goal that is measured by key performance indicators (KPIs) or key goal indicators (KGIs). The term KGI comes from COBIT. It distinguishes KGI as a lagging indicator from KPI as a leading indicator. However, it’s not uncommon to use KPI only.

Performance is the progress to the objective or goal through execution.

CISSP PRACTICE QUESTIONS – 20191028

Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The project team identified some risks as follows:
R001 – The company’s reputation might be damaged.
R002 – The business process of shipping might be disrupted.
R003 – The attackers might initiate distributed denial of services (DDOS).
Aa a security professional, which of the following should be mitigated first?

A. R001
B. R002
C. R003
D. None of the above

Continue reading

CISSP PRACTICE QUESTIONS – 20191027

Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The development team is developing the front-end user experience (UX) using JavaScript and evaluating solutions to protect the client scripts from being comprehended or investigated. Which of the following is the best to do so?
A. Native code compiler
B. Obfuscator
C. Symmetric cipher
D. Code signing

Continue reading

CISSP PRACTICE QUESTIONS – 20191026

Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The system shall support an App on the iOS platforms. The development team is complaining about repeated rejections when uploading App onto the App Store operated by Apple because of security issues. Which of the following is most likely employed to test the uploaded APPs on the App Store?
A. Static Application Security Testing
B. Dynamic Application Security Testing
C. Code Review
D. V-Model Testing

Continue reading