Effective CISSP Questions

Bob is suffering from allegations of sexual harassment by Alice. His company receives the complaint and is considering an investigation to determine if he is responsible. If so, disciplinary action will be taken. As an investigator, which of the following is least likely to happen in the investigation?
A. Dismiss the case
B. Determine powers of investigation
C. Ask for Bob’s legal representation
D. Gather evidence

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Ask for Bob’s legal representation.

An administrative investigation is NOT a legal investigation, e.g., criminal or civil investigation, so there’s no need to engage legal representation. It’s about investigating misconduct or wrongdoing and informing disciplinary decisions in an organization.

Who is responsible for investigation depends on the organization. It can be the management or supervisors, neutral or independent delegates/investigators, or the investigation authority. It’s not uncommon that investigation is conducted by a supervisor who is not a trained or professional investigator.

The following is a reference investigation process:

  1. Receiving complaints
    One typically can make complaints, with attribution or anonymously, to the internal investigation authority, supervisors/the management, or management representatives, with no need to include firm evidence of the alleged misconduct or wrongdoing. However, they should be grounded in reasonably reliable information.
  2. Preliminary investigation
    Not every complaint requires investigation. The investigator shall assess the credibility of the allegation and determine whether a full investigation is warranted. A case or complaint can be dismissed at this stage by the investigator or other authorities.
  3. Notifying subject of the investigation
  4. Conducting investigation
  5. Completing investigation and reporting



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

鮑勃(Bob)遭受了愛麗絲(Alice)性騷擾的指控。 他的公司收到投訴並正在考慮調查以確定他是否為此事負責。 如果性騷擾屬實,將採取紀律處分。 作為調查員,以下哪項最不可能發生在調查中?
A. 駁回案件
B. 確定調查權力
C. 要求鮑勃的法律代表
D. 收集證據


Leave a Reply