Which of the following best entails the security capabilities of an information system?
A. Security kernel
B. Enterprise architecture
C. Information security strategy
D. Trusted computing base (TCB)
Monthly Archives: September 2020
CISSP PRACTICE QUESTIONS – 20200930
Alice, an administrator of a standalone web server, activated the login window by pressing the key combination Ctrl+Alt+Del and logged into the server using her local user account through challenge-response authentication protocol. To which of the following attack is the server most subject?
A. Side channel
B. Kerberos exploitation
C. Pass the hash
D. Fault injection
Distributed Denial of Service (DDoS) Attacks

DDoS and Mitigation
- What is a DDoS Attack
- DDoS mitigation (Wikipedia)
- Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response (SEI)
- What is a DDoS Attack? (AWS)
- Types of DDoS Attacks and Their Prevention and Mitigation Strategy (EC-Council)
- DDoS Attacks (Imperva)
- What is DDoS Mitigation? (Cloudflare)
- Best practices to mitigate DDoS attacks
- 7 Best Practices for Preventing DDoS attacks
CISSP PRACTICE QUESTIONS – 20200929
After activating the login window and logging in your PC, you are visiting your bank’s website, https://BankOfEffectiveCISSP.com, and transferring funds from one bank account to the other. The transaction shall be authenticated and authorized by typing in the authentication code and swiping the ATM card. Which of the following does not happen in this scenario?
A. Side channel
B. Covert channel
C. Trusted path
D. Trusted channel
CISSP PRACTICE QUESTIONS – 20200928
In a VoIP network, which of the following is the best protocol to protect the signaling traffic for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications?
A. Session Initiation Protocol (SIP)
B. SRTP
C. TLS/SSL
D. MGCP
A Milestone Achieved!

2019/08 – 2020/09 A milestone achieved!
- My first book is dedicated to my parents and aims to share my perspective on the discipline of Information security.
- The 2nd book is a conclusion/compilation of Wentz QOTD for the past year.
- The 3rd, in Chinese, is my contribution to local CISSP communities in Taiwan.
I believe hard working always pays back.
2019/08 – 2020/09 里程碑達成!
- 我的第一本書是獻給 父母親的, 同時也表達我對資安這門學問的一些看法.
- 第二本書是過去一年我的每日一題的總結/匯整.
- 第三本是中文的,是我對台灣本地CISSP社群的回饋.
我相信努力工作總是會有好的回報.
CISSP PRACTICE QUESTIONS – 20200927
Which of the following cryptographic operations is least applicable in quantum cryptography?
A. Generate a one-time pad
B. Distribute the encryption key
C. Encrypt the plain text
D. Ensure sufficient entropy for encryption
CISSP PRACTICE QUESTIONS – 20200926
Quantum computing is the use of quantum phenomena such as superposition and entanglement to perform computation. Which of the following is most vulnerable to quantum computing?
A. Stream cipher
B. Symmetric encryption
C. Public key infrastructure
D. Lattice-based cryptosystem
Test-Driven Study/Learning

Dear all,
If you’ve bought The Effective CISSP: Practice Questions, please do read my justification on my blog and research to learn from the question. This book and Wentz QOTD are a learning tool instead of an evaluation one.
- Navigation Tutorial: https://youtu.be/R_RJ3b_cLLk
It helps you clarify concepts and learn by topics. If you intend to use it to “evaluate” your performance, please finish the study guide at least once. It’s expected that you will score between 40% to 80%. If you score above 70%, your performance is pretty good. I believe you will feel comfortable with the real exam.
Please don’t feel frustrated, use my book correctly will help you clarify concepts and learn more!
Please don’t hesitate to comment to let me know how my book is helping or discouraging you. Thank you very much for your kind support! I hope you kill the beast as your planned schedule! All the best!!
Best regards,
Wentz

CISSP PRACTICE QUESTIONS – 20200925
Which of the following statements about user and entity behavior analytics (UEBA) is not true?
A. UEBA collects live data from various sources, as SIEM does.
B. UEBA analyzes user behavior only, while SIEM monitors network device activities.
C. UEBA detects potential insider threats and compromised accounts.
D. UEBA sends alerts and reduces false positives.