CISSP PRACTICE QUESTIONS – 20200501

Effective CISSP Questions

Your company is a well-known cloud services provider. You learned about from a threat intelligence report that the Meltdown and Spectre bugs are hardware-level vulnerabilities affecting almost all brands of CPUs. The Meltdown attack allows a rogue process exploiting the race condition to read all memory space and leads to unauthorized access. The Spectre attack is a timing attack employing the speculative execution so that even a scripted malware can read all the process’s memory. After iterations of risk treatments, the latest software patches still hinder the system performance significantly. Supported by considering all the risk treatment options, the senior management decides to accept the risk. Which of the following least reflects the management decision?
A. Monitor and respond to the risk until the risk materializes
B. The risk exposure of inherent risk is lower than the risk acceptance criteria
C. The risk exposure of residual risk is lower than the risk acceptance criteria
D. Leave the risk in the risk register and keep monitoring it

Continue reading

The Availability of My Book

GlobalShipping

The Effective CISSP: Security and Risk Management

The availability of my book is planned as the diagram. Printed copies (paperback) should be available in a couple of days.

I’m planning to deliver my book outside the countries and regions that cannot be served by Amazon. I hope it can be put online soon.

Thank you very much for your attention and follow up.🙏😀

CISSP PRACTICE QUESTIONS – 20200430

Effective CISSP Questions

You hired an external penetration test team to assess your company’s web sites. After receiving the penetration test report, which of the following should you conduct first?
A. Apply patches to mitigate vulnerabilities
B. Prepare a follow-up report for management review and decision
C. Take corrective actions for correction and improvement
D. Improve the performance and security of the web sites continuously

Continue reading

CISSP PRACTICE QUESTIONS – 20200429

Effective CISSP Questions

You are planning for a security assessment project to ensure compliance and security. Vulnerability assessment of information systems and the capability of incident response shall be conducted. Which of the following approaches or methodologies best meets your requirements?
A. Threat Modeling with STRIDE
B. NIST RMF (Risk Management Framework)
C. Open Source Security Testing Methodology Manual (OSSTMM)
D. Risk assessment

Continue reading

Amazon KDP Notes

The Effective CISSP: Security and Risk Management

CISSP PRACTICE QUESTIONS – 20200428

Effective CISSP Questions

You have engaged in a double-blind pentest contract and get started to conduct testing. After searching the client’s WHOIS DNS data and job vacancies posted on job boards, you decide to proceed to the next stage. Which of the following activities least likely follows what you have completed?
A. Lookup the DNS MX records
B. Masquerade as a job applicant
C. Conduct OSINT (Open-source intelligence)
D. Cloak a port scan with decoys to hide your IP address

Continue reading

Amazon Links to My Book across Countries

The Effective CISSP - SRM_Cover

Amazon Links to My Book across Countries