Effective CISSP Questions

You are the head of the research and development department in charge of web conferencing products. The development team develops the product using an object-oriented language. Which of the following object-oriented principles or features relies on interfaces to decouple dependencies and exchange messages and achieve loose coupling?
A. Inheritance
B. Middleware
C. Polymorphism
D. Application Programming Interface (API)

Wentz’s Book, The Effective CISSP: Security and Risk Management

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Polymorphism.


Middleware and Application Programming Interface (API) are not Object-oriented programming (OOP) principles or features. Inheritance increases dependency on base or parent classes or interfaces.

Object-Oriented Programming (OOP)

Object-oriented programming (OOP) is a programming paradigm based on the concept of “objects”, which can contain data, in the form of fields (often known as attributes or properties), and code, in the form of procedures (often known as methods).

Source: Wikipedia

Encapsulation, inheritance, and polymorphism are the most well-known fundamental principles of OOP.

  • Access restriction (information hiding) and namespaces are common language constructs for encapsulation.
  • Inheritance is beneficial for code reuse, either implementation or interface inheritance. It increases the dependency on the base or parent classes or interfaces.
  • Polymorphism refers to the ability of different objects to respond to the same message in different ways. It’s commonly implemented through interfaces.

Low Coupling and High Cohesion

  • Coupling is the degree to which a piece of code depends on the other in an unmanaged way.
  • Cohesion is the degree to which related pieces of code depend on one another in a managed way.


  • Dependency or reliance on other pieces of code is unavoidable and necessary. They can not be removed but managed.
  • Decoupling doesn’t cut off the connection or remove dependency completely; if so, pieces of codes cannot communicate with each other.
  • Instead, decoupling reduces dependency to the extent to which changes in one piece of code will not affect the other, or low coupling.

Interfaces and Polymorphism

  • Code Against Interfaces, Not Implementations” is an excellent practice for decoupling implementations (codes).
  • Dependency injection based on interfaces is a popular way or design pattern to manage dependencies.
  • Both of them rely on interfaces and help realize polymorphism.


Middleware is an instance of the software that provides services through software development kit (SDK) or Application Programming Interface (API). It’s not a language feature or programming principle.

Application Programming Interface (API)

Application Programming Interface (API) is a set of specifications or contract exposed by service providers. Service consumers must acquire the contract (API) to communicate with the service providers. APIs can be bound to the service consumer or client statically (compile-time) or dynamically (run time). It’s not a language feature or programming principle.



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

1 thought on “CISSP PRACTICE QUESTIONS – 20200626


Leave a Reply