Monthly Archives: August 2020

A Questionnaire from CertificationStation@Discord

Posted on by
Reply

The following are my responses to the questionnaire from CertificationStation@Discord.

Exam Preparation Tips

  1. Set and declare your goals: engage and communicate with stakeholders to support your goals.
  2. Have your weapons ready: exam outline, study guides, question banks, exam registration, CISSP groups and communities check-in, etc.
  3. Stick to the exam outline: consider the test-driven approach (do questions before, during, and after your study)
  4. Maintain a persistent and stable study pace: consider agile caves and commons. Study in your cave to concentrate on reading.
  5. Verify your learning:  take quality questions, explain to others, and write questions.

Continue reading

CISSP PRACTICE QUESTIONS – 20200823

Posted on by
1

Effective CISSP Questions

Your company decides to deploy the CRM system, which is developed by an in-house integrated product team (IPT) located at a remote branch, to PaaS provisioned by a public cloud services provider. As a security professional, you are reviewing the security plan. Which of the following least contributes to cloud security?
A. Enforce granular access control by implementing XACML.
B. Fulfill Zero Trust authorization by incorporating threat intelligence.
C. Deploy the CRM application to the PaaS from the remote branch by DevOps.
D. Trust the cloud services provider but verify by conducting periodic field audits.

Continue reading

CISSP PRACTICE QUESTIONS – 20200822

Posted on by
1

Effective CISSP Questions

The complexity of the local and remote infrastructure and cloud services blurred the enterprise perimeter. It resulted in the emergence of the Zero Trust approach to developing a new security model to address the issue. Which of the following statements about Zero Trust is not true?
A. Zero Trust security assumes remote users are less trustworthy than internal users.
B. Zero Trust security controls access to resources in a dynamic and granular fashion.
C. Zero Trust is a set of guiding principles for workflow, system design, and operations.
D. Zero Trust implementations are in favor of a hybrid Zero Trust/perimeter-based mode.

Continue reading

CISSP PRACTICE QUESTIONS – 20200821

Posted on by
Reply

Effective CISSP Questions

You are the development team leader and recently found your nightly build failed from time to time. Eve was a disgruntled developer in your team and quit last month. She is responsible for part of the solution and not authorized to integrate the solution. She installed a program running under the local system privilege to delete, on Monday midnights, some source code in the local code repository pushed to the central code repository to be integrated. You decide to conclude that Eve is accountable for the failures of the nightly builds. Which of the following is the least important?
A. Authentication
B. Authorization
C. Auditing
D. Non-repudiation

Continue reading