Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. A team in-house is in charge of developing an E-Commerce system that supports the new business. The procurement manager requests that the original purchase cost of products shall not be disclosed to other departments except procurement staff. Which of the following is the least feasible?
A. Implement views for different roles
B. Display constrained user interface for unauthorized users
C. Enable the table that contains records with the same primary keys to implement polyinstantiation
D. Develop a specific program dedicated to the procurement staff

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Enable the table that contains records with the same primary keys to implement polyinstantiation.


  • Views and constrained user interface are typical ways to enforce confidentiality.
  • “Develop a specific program dedicated to the procurement staff” is also a common practice. A specific program doesn’t necessarily refer to a complete software application. It can be a unit of code in any size. For example, another .aspx web form can be developed and dedicated to the procurement staff to support the requirement.
  • Polyinstantiation doesn’t hide the data but fakes the data; it may cause confusion as Chaudhary Darvin mentioned in his justification. Besides, polyinstantiation is a specialized feature and uncommon in civilian or business database systems. DBMS that supports polyinstantiation is used in the military where mandatory access control is enforced.

The following is the justification from Chaudhary Darvin; he has a great explanation:

C, I will select because:
Polyinstantiation is good in top secret case where revealing wrong information is fine. Confidentiality is biggest motif in such program. But, in business organization biggest motif is always consider Integrity. Polyinstantiation can create huge confusion between stakeholders and vendors. It’s better to obfuscate information at the place of showing incorrect information. Think about a Program manager, who find wrong information and he directly contacted vendor about illogical price quoted by him. It can create unnecessary dispute.
Option D is also not a great choice but I am not selecting that most of organization have separate program for procurement staff.


Leave a Reply