Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The development team is evaluating the secure transmission solution between browsers and the webserver to protect data in motion. Which of the following the best strategy?
A. Security through obscurity
B. Web of trust
C. Chain of trust
D. Shared key encryption

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Chain of trust.

Thanks to Chaudhary Darvin for the sound justification to this question:

  • I will use TLS Certificate. I will purchase certificate from well known third party so that client web browser can validate full chain of certificate from Root CA till Server Certificates. That’s call chain of trust.
  • Web of Trust: It is generally use to validate sender in mail tool like PGP. But, I am not able to conceptualize in web client and never heard of it’s use in web security.
  • Security by Obscurity is not a tool but, false perception of security came from no one know location of Object, protocol or algorithm.
  • Shared Keys: It will be hard to distribute shared Keys to client on Internet.


Leave a Reply