Which of the following least contributes to access control on the need-to-know basis? (Source: Wentz QOTD)
A. An object with non-hierarchical label
B. A subject’s capability table
C. A subject’s security clearance
D. A compartmented object
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
Your company decides to subscribe to SaaS from a well-known cloud service provider. As a security professional, you are tasked to prepare for a security plan. Which of the following should you do first?
A. Determine data types processed by the SaaS cloud services.
B. Categorize the system based on its impact level
C. Scope and tailor security controls
D. Identify stakeholders
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
As the newly hired CISO for a global company selling toys all over the world, you are reviewing the company’s mission statement and organizational structure and processes, identifying applicable legal and regulatory requirements, and interviewing stakeholders to implement the business continuity management system (BCMS). Which of the following is the most likely activity you will do next?
A. Conduct business impact analysis
B. Determine the scope
C. Assess risk
D. Develop the business continuity plan
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
You are planning the program for security awareness, training, and education. Which of the following is not the primary target audience who needs more knowledge and skills that will enable them to perform their jobs more effectively?
A. All employees
B. End-users
C. Security administrators
D. IT engineers
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
Your company sells toys online worldwide. A web-based E-Commerce system developed by an in-house Integrated Product Team (IPT) supports the business. The development team is considering a solution to protect customer orders in motion. Which of the following is the best solution in terms of security, performance, and cost/benefit ratio?
A. For developers to implement encryption in the business logic layer for full mediation
B. For the architect to incorporate a software encryption module as a cross-cutting aspect
C. For database administrators to implement a secure enclave on the database server
D. For web server administrators to enable secure transmission
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
You are the head of the research and development department in charge of web conferencing products. The development team develops the product using an object-oriented language. Which of the following object-oriented principles or features relies on interfaces to decouple dependencies and exchange messages and achieve loose coupling?
A. Inheritance
B. Middleware
C. Polymorphism
D. Application Programming Interface (API)
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
Your company develops web conferencing products. You are the head of the research and development department. You plan to provide end-to-end protection over user sessions based on the symmetric cipher. An open design, work factor of cryptanalysis, and user acceptance are major evaluation criteria. Which of the following is the least appropriate cipher?
A. Rijndael
B. Skipjack
C. RSA RC6
D. Serpent
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
