CISSP PRACTICE QUESTIONS – 20200202

Effective CISSP Questions

Your company is implementing solutions to support salespeople as road warriors and boost sales. Laptops, mobile phones, VPN, wireless networks, and customer relationship management (CRM) systems are parts of the selected solution. As a security professional, you are helping review vendors. Which of the following vendor or provider is the least trusted?
A. The software provider providing self-assessed security results
B. The integration service provider registered in a well-known industrial directory
C. The vendor specified or mandated by the senior management
D. The maintenance service provider having provided services for years

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. The integration service provider registered in a well-known industrial directory.

A vendor can pay to register in a well-know industrial directory for advertisement or commercial. A vendor registered or listed in a directory cannot prove it is trustworthy.

“A. The software provider providing self-assessed security results” is a validated trust model. The provider provides some evidence. It may not be sufficient, but it provides some sort of trustworthiness.

“C. The vendor specified or mandated by the senior management” is the mandated trust model.

“D. The maintenance service provider having provided services for years” is the direct historical trust model.

 

1 thought on “CISSP PRACTICE QUESTIONS – 20200202

  1. My suggested answer is A.
    Software providers should get third party security assessment.
    The maintenance service provider isn’t going to be providing any of the services in these solutions

Leave a Reply