CISSP PRACTICE QUESTIONS – 20200401

Effective CISSP Questions

Converged protocols are the merging of specialty or proprietary protocols with standard protocols, such as those from the TCP/IP suite. FCoE, MPLS, iSCSI, and VoIP are common converged protocols. Which of the following is the protocol dealing with signaling in VoIP?
A. Real-time Transport Protocol (RTP)
B. Real-Time Streaming Protocol (RTSP)
C. Session Initiation Protocol (SIP)
D. Media Gateway Control Protocol (MGCP)

Continue reading

CISSP PRACTICE QUESTIONS – 20200327

Your company decides to sell toys online and ships globally. An in-house software development team is responsible for developing the online shopping website, and a software testing strategy is under consideration. Which of the following statement about software testing is true?
A. Unit testing is an automated black-box testing technique
B. User interface testing is black-box testing that requires manual data input
C. Fuzzing testing is a passive automated testing technique
D. Synthetic testing is a dynamic automated testing technique

Continue reading

Continuity and Resilience

Continuity of activities and resilience to changes are two distinct levels of organization’s ability.

  • Continuity is the capability to prevent, endure, and recover from disruptions to sustain activities.
  • Resilience is the “ability to absorb and adapt in a changing environment.” (ISO 22300:2018) The DHS Risk Lexicon adds on, “resilience is the ability to quickly adapt and recover from any known or unknown changes to the environment.”

Continuity management is essentially returning a business to ‘business as usual’, and nothing more. Resilience… not only enables organizations to continue with business as usual, but also to learn, progress and flourish… which will likely involve transformation.” (Bhamra, 2015)

“In short, business continuity returns us to where we were before an incident but a resilient organization will evolve and grow from the incident.” (Massie, 2018).

References

CISSP PRACTICE QUESTIONS – 20200325

You bought a new mobile phone and tried to transfer contents from the old one using the transfer utility provided by the manufacturer. It transfers the contents via WIFI peer to peer without an access point. Which of the following is most likely used for wireless identification?
A. Automatic Private IP Addressing (APIPA)
B. Private IP addresses defined in RFC 1918
C. Media Access Control (MAC) Address
D. Manufacturing series number

Continue reading

CISSP PRACTICE QUESTIONS – 20200324

Your company, based in Taiwan and accredited with ISO 27001, sells toys online and ships globally. After conducting penetration testing, as part of the risk assessment, your company finished implementing honeypots solutions as security controls to deter and detect intruders. As a security professional, which of the following upcoming activities will you suggest your company do first?
A. Conduct risk assessment
B. Research applicable laws and regulations
C. Implement consent banners and harden the honeypots to avoid entrapment
D. Create policies that define and clarify the goal of the honeypot system

Continue reading