Your company is a well-known cloud services provider. You learned about from a threat intelligence report that the Meltdown and Spectre bugs are hardware-level vulnerabilities affecting almost all brands of CPUs. The Meltdown attack allows a rogue process exploiting the race condition to read all memory space and leads to unauthorized access. The Spectre attack is a timing attack employing the speculative execution so that even a scripted malware can read all the process’s memory. After iterations of risk treatments, the latest software patches still hinder the system performance significantly. Supported by considering all the risk treatment options, the senior management decides to accept the risk. Which of the following least reflects the management decision?
A. Monitor and respond to the risk until the risk materializes
B. The risk exposure of inherent risk is lower than the risk acceptance criteria
C. The risk exposure of residual risk is lower than the risk acceptance criteria
D. Leave the risk in the risk register and keep monitoring it
Monthly Archives: April 2020
The Availability of My Book
The Effective CISSP: Security and Risk Management
The availability of my book is planned as the diagram. Printed copies (paperback) should be available in a couple of days.
I’m planning to deliver my book outside the countries and regions that cannot be served by Amazon. I hope it can be put online soon.
Thank you very much for your attention and follow up.🙏😀
Drucker’s The Effective Executive and CISSP
Author Copies Printed in Taiwan
CISSP PRACTICE QUESTIONS – 20200430
You hired an external penetration test team to assess your company’s web sites. After receiving the penetration test report, which of the following should you conduct first?
A. Apply patches to mitigate vulnerabilities
B. Prepare a follow-up report for management review and decision
C. Take corrective actions for correction and improvement
D. Improve the performance and security of the web sites continuously
CISSP PRACTICE QUESTIONS – 20200429
You are planning for a security assessment project to ensure compliance and security. Vulnerability assessment of information systems and the capability of incident response shall be conducted. Which of the following approaches or methodologies best meets your requirements?
A. Threat Modeling with STRIDE
B. NIST RMF (Risk Management Framework)
C. Open Source Security Testing Methodology Manual (OSSTMM)
D. Risk assessment
Amazon KDP Notes
The Effective CISSP: Security and Risk Management
- Paper: ISO B5 (6.93″ x 9.85″)
- Size: 6″ X 9″
- Margins (T/B/L/R): 1.25″, 1.07″, 0.75″,0.75″ with Left Gutter: 0.93″
- Layout:
- Different odd and even: yes
- Different first page: yes
- Header from edge: 0.9″
- Footer from edge: 0.6″
- Cover
- Paperback Cover
- Cover images should be flattened
- Cover Creator
- Finish: Matte vs Glossy
- Image Quality
- PowerPoint Export Resolution: 300 DPI (Modify registry)
- Word Default Resolution: High fidelity (Advanced Word options)
- ISBN
- Adobe Acrobat license has either expired or not been activated
- Kindle
- Kindle Create: Preserve Links (Print Replica)
- Publishing
CISSP PRACTICE QUESTIONS – 20200428

You have engaged in a double-blind pentest contract and get started to conduct testing. After searching the client’s WHOIS DNS data and job vacancies posted on job boards, you decide to proceed to the next stage. Which of the following activities least likely follows what you have completed?
A. Lookup the DNS MX records
B. Masquerade as a job applicant
C. Conduct OSINT (Open-source intelligence)
D. Cloak a port scan with decoys to hide your IP address
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
Navigation In My Kindle eBook
Amazon Links to My Book across Countries
Amazon Links to My Book across Countries
- [US] https://www.amazon.com/dp/B087JL6BXR
- [India] https://www.amazon.in/dp/B087JL6BXR
- [Canada] https://www.amazon.ca/dp/B087JL6BXR
- [UK] https://www.amazon.co.uk/dp/B087JL6BXR
- [Germany] https://www.amazon.de/dp/B087JL6BXR
- [France] https://www.amazon.fr/dp/B087JL6BXR
- [Spain] https://www.amazon.es/dp/B087JL6BXR
- [Italy] https://www.amazon.it/dp/B087JL6BXR
- [Netherlands: https://www.amazon.nl/dp/B087JL6BXR
- [Japan] https://www.amazon.co.jp/dp/B087JL6BXR
- [Brzil] https://www.amazon.com.br/dp/B087JL6BXR
- [Mexico] https://www.amazon.com.mx/dp/B087JL6BXR
- [Australia] https://www.amazon.com.au/dp/B087JL6BXR