CISSP PRACTICE QUESTIONS – 20200125

Effective CISSP Questions

As a CISSP working for a direct bank based in Taiwan that relies entirely on internet banking, you are participating in a development meeting for threat modeling the customer relationship management (CRM) system, a web application. A member identifies an attack vector that malicious users might manipulate query parameters in the URL resulting in a server buffer overflow. Which of the following should be conducted first?
A. Replace the static array as the buffer with a dynamic one
B. Refer to OWASP Top 10 for suggested solutions
C. Evaluate how easy for a malicious user to make it
D. Authenticate every user input
Continue reading

CISSP PRACTICE QUESTIONS – 20200124

Effective CISSP Questions

As a CISSP working for a direct bank based in Taiwan that relies entirely on internet banking that involves credit card business, you are reviewing compliance requirements. Which of the following is least related to the compliance issue?
A. Customer’s contracts
B. Foreign laws
C. (ISC)² Code of Ethics
D. Due diligence in mergers and acquisitions
Continue reading

CISSP PRACTICE QUESTIONS – 20200123

Effective CISSP Questions

As a CISSP working for a direct bank based in Taiwan that relies entirely on internet banking, you are collaborating with the software development team of the customer relationship management (CRM) system to address security concerns. Which of the following approaches or standards will you least likely to employ?
A. Security function
B. XP (eXtreme Programming)
C. ISO 15288
D. The Sherwood Applied Business Security Architecture (SABSA)
Continue reading

Enterprise Architecture Frameworks

Enterprise Architecture Frameworks

Enterprise architecture is a structural expression of an enterprise from various perspectives, such as:

  • Business: products and services
  • Structure: organizational units and people
  • Processes: value chains and information and material flow
  • Technologies: infrastructure, systems, and data

As a result, enterprise architecture helps in 1) realizing an organization and its operations, 2) communicating needs and requirements, and 3) designing and developing systems.

An enterprise architecture framework provides principles and practices for creating and using the architecture description of an enterprise.

Zachman (1987), TOGAF (1995), and the Federal Enterprise Architecture Framework (1999) are well-known enterprise architecture frameworks.

References

 

CISSP PRACTICE QUESTIONS – 20200122

Effective CISSP Questions

As a CISO working for a direct bank based in Taiwan that relies entirely on internet banking, you are collaborating with the Human Resources (HR) department to improve personnel security. Which of the following will you suggest to review first?
A. Role-based access control mechanisms
B. Background investigation procedures
C. Implementation of separation of duties
D. Effectiveness and correctness of job descriptions
Continue reading

CISSP PRACTICE QUESTIONS – 20200121

Effective CISSP Questions

The system administrator found a logic bomb installed on a back-end server. It was alleged that the disgruntled former system administrator got involved. As a security professional, which of the following will you suggest first to prevent it from reoccurring?
A. Ask 5-Whys to investigate in-depth for the solution
B. Reinstall the server using the CD media
C. Conduct thorough reference check and background investigation
D. Apply lessons learned for continuous improvement
Continue reading

CISSP PRACTICE QUESTIONS – 20200120

Effective CISSP Questions

You are the CISO working for a direct bank based in Taiwan that relies entirely on internet banking. Your bank is considering outsourcing the customer relationship management (CRM) system to an offshore software development vendor. Which of the following action should your bank take first?
A. Conduct the threat scenario analysis
B. Describe threat sources that are relevant to the organization
C. Develop and select threat events for analysis
D. Determine applicable controls
Continue reading

CISSP PRACTICE QUESTIONS – 20200119

Effective CISSP Questions

You are the CISO working for a direct bank based in Taiwan that relies entirely on internet banking. You want to evaluate if security controls are implemented correctly, operating as intended, and producing the desired outcome. Which of the following should you conduct?
A. Risk assessment
B. Third-party audit
C. Business impact analysis
D. Security control assessment
Continue reading

CISSP PRACTICE QUESTIONS – 20200118

Effective CISSP Questions

You are the CISO working for a direct bank based in Taiwan that relies entirely on internet banking. The software development team is developing a customer relationship management (CRM) system. You are drafting the privacy policy for customer data. Which of the following behavior of the system will concern you most?
A. It shows the privacy policy with the opt-in option to consent
B. It provides an “unsubscribe” link to opt-out of receiving marketing emails
C. It constrains the customer from updating personal data to meet the use limitation principle
D. It opens to the customer to update personal data online
Continue reading