CISSP PRACTICE QUESTIONS – 20201020

Effective CISSP Questions

You are working for a government agency. Supply Chain Risk Management (SCRM) is a crucial topic in information security. When evaluating a foreign vendor or supplier, which of the following is not a legal or regulatory requirement?
A. Foreign reputation
B. Foreign ownership
C. Foreign control
D. Foreign influence


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Foreign reputation.

32 CFR § 117.56 covers foreign ownership, control, or influence (FOCI), not including foreign reputation.

CISSP is a neutral certification. In theory, questions for country-specific laws and regulations may not be testable. However, the concept of FOCI is crucial, which is introduced in the US regulations, 32 CFR § 117.56 – Foreign ownership, control or influence (FOCI).

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

你是政府的雇員。供應鏈風險管理(SCRM)是信息安全中的關鍵主題。 在評估外國廠商或供應商時,以下哪一項不是法律或監管要求?
A. 國外聲譽
B. 外國所有權
C. 外國控制
D. 外國影響

 

Leave a Reply