CISSP PRACTICE QUESTIONS – 20200816

Effective CISSP Questions

Your company sells toys around the world. You are developing an EC system supported by an RDBMS and write the following SQL code to create a sales order:
01 Begin Transaction
02 Insert Orders(Id, CustomerId, OrderDate) Values(1, 1, ‘2020/08/15’);
03 Insert OrderItems(Id, OrderId, ProductId, Quantity, Price) Values(1, 1, 1, 1, 9.9);
04 Commit Transaction
Which of the following best describes the primary purpose of the transaction depicted in the SQL code? (Source: Wentz QOTD)

A. To avoid orphan records
B. To enforce semantic integrity
C. To implement the third normal form (3NF) of the data model
D. To create a foreign key constraint to enforce referential integrity

Continue reading

CISSP PRACTICE QUESTIONS – 20200815

Effective CISSP Questions

Your company sells toys around the world. You are developing an EC system supported by an RDBMS and write the following SQL code to create a sales order:
01 Begin Transaction
02 Insert Orders(Id, CustomerId, OrderDate) Values(1, 1, ‘2020/08/15’);
03 Insert OrderItems(Id, OrderId, ProductId, Quantity, Price) Values(1, 1, 1, 1, 9.9);
04 Commit Transaction
From the perspective of the Clark-Wilson model, which of the following best describes the entity, Sales Order, expressed in the SQL code? (Source: Wentz QOTD)

A. Transformation Procedures (TPs)
B. Integrity Verification Procedure (IVP)
C. Constrained Data Item (CDI)
D. Unconstrained Data Item (UDI)

Continue reading

A Letter to My Friend

InfoSec Expertise Blueprint V1.2

Hi, my friend,

Pleased to hear from you!

I won’t use the term “change my career,” instead, I would say, “I’d like to upgrade my career.” As an IT professional, networking, programming, security, and management are foundational skills. Experience, certifications, and degrees are crucial elements to demonstrate your expertise. So, go get what you are passionate about!

CISSP definitely matters. It’s a “baseline” or prerequisite for anyone who intends to make a living in the security industry. Even if you are pursuing pentesting, CISSP makes you outstanding! Who will bring more value? An OSCP or one with OSCP plus CISSP? The hybrid wins!

Don’t change your career. Just upgrade and build your stack of expertise:
networking, programming, security, and management,
backed up by your experience, certifications, and degrees.

Just move forward to make your dream come true!
You can make it! All the best!

Regards,
Wentz

What do You Mean by BCP?

ISO Generic Management Model

A Facebook friend and Discord member, Muhammed, asked me the following question. Because there exist various business continuity perspectives and approaches, this subject is always confusing people and sometimes controversial. I personally prefer PMP and ISO 22301, so I try to answer this question based on project management and BCMS.

67. Which one of the following actions is not normally part of the project scope and planning phase of business continuity planning?
A. Structured analysis of the organization
B. Review of the legal and regulatory landscape
C. Creation of a BCP team
D. Documentation of the plan

Source: Discord/CertificationStation

Continue reading

CISSP PRACTICE QUESTIONS – 20200813

Effective CISSP Questions

Your company sells toys online across the world. A PaaS supports the online EC system that accepts credit cards. The staff and management conduct periodic, proactive reviews of controls to assure stakeholders that the internal control system of the organization is reliable. Which of the following is the best description of this management practice? (Source: Wentz QOTD)
A. SOC-2 audit
B. PCI-DSS audit
C. ISO 27001 audit
D. Self-assessment

Continue reading

CISSP PRACTICE QUESTIONS – 20200812

Effective CISSP Questions

Your company is evaluating a physical access control system (PACS) solution. As a security professional, which of the following is the weakest authentication mechanism that you won’t recommend? (Source: Wentz QOTD)
A. ID card using the default PIN code
B. Unattended iris scanning with a high FAR
C. Fingerprint scanning with the default threshold
D. Security guards conducting visual authentication

Continue reading