
Monthly Archives: December 2020
CISSP PRACTICE QUESTIONS – 20210101

You are evaluating alternatives to the physical access control system of the computer room. Which of the following provides the highest level of security?
A. Press PIN code on the keypad
B. Input Employee ID and password to the keypad
C. Swipe a contact ID card and input the PIN code
D. Input Employee ID first, then scan the fingerprint
What Is Engineering?

Engineering is an approach that involves a set of processes of applying knowledge and skills to understand and manage stakeholders’ requirements, propose and implement a solution to address those requirements, and utilize and support that solution to create value persistently until its retirement.
~ Wentz Wu
Systems Engineering
interdisciplinary approach governing the total technical and managerial effort required to transform a set of stakeholder needs, expectations, and constraints into a solution and to support that solution throughout its life.
Source: ISO/IEC/IEEE 15288:2015 Systems and software engineering — System life cycle processes
Software Engineering
application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software; that is, the application of engineering to software.
Source: ISO/IEC/IEEE 12207:2017 Systems and software engineering — Software life cycle processes
CISSP PRACTICE QUESTIONS – 20201231

You are a member of the software development team following the waterfall model. The customer has signed off the user requirements specification. Your team has finished and is reviewing the architectural and detailed designs. To identify security flaws, which of the following is the best vehicle?
A. Common Weakness Enumeration (CWE)
B. Security Content Automation Protocol (SCAP)
C. Common Vulnerabilities and Exposures (CVE)
D. Common Vulnerability Scoring System (CVSS)
CISSP PRACTICE QUESTIONS – 20201230

Your company has 400 employees. One-fourth of them are assembly workers; Alice is responsible for calculating their wages and storing them in the relational database table, Payrolls, which contains all the employees’ salaries. Alice learned that she received the lowest salary among all employees by submitting the SQL query, SELECT MIN(Salary) FROM Payrolls. She is complaining about this to her boss. Which of the following is the primary cause of the confidentiality issue?
A. Inference
B. Partitioning
C. Aggregation
D. Improper database normalization
CISSP PRACTICE QUESTIONS – 20201229

Your web application received a token from a subject, Alice@WentzWu.com, issued by a SAML-like ID provider. Which of the following is an assertion that best supports attribute-based access control?
A. Role
B. XACML
C. MaritalStatus=False
D. Alice@WentzWu.com
CISSP PRACTICE QUESTIONS – 20201228

Which of the following Agile approaches or frameworks provides the most programming practices?
A. The waterfall model
B. Scrum
C. Extreme Programming (XP)
D. Kanban
CISSP PRACTICE QUESTIONS – 20201227

Your company starts an in-house software development project for the customer relationship management solution. Which of the following activities is least likely conducted during the software development life cycle?
A. Resale the solution to external entities
B. Develop the business case for the project
C. Implement the solution without threat modeling
D. Reject the solution after user acceptance testing
CISSP PRACTICE QUESTIONS – 20201226

Voice and data messages in telecommunication are encrypted for security concerns. Which of the following cryptographic algorithms was designed to protect confidentiality while preserved a back door for law enforcement?
A. Rijndael
B. Clipper
C. Skipjack
D. Twofish
CISSP PRACTICE QUESTIONS – 20201225

As the architect of the software development team, you and your team are conducting threat modeling. Which of the following is the first action you should take?
A. Calculate residual risk.
B. Prepare use cases and data flow diagrams.
C. Implement input validation, error handling, and logging.
D. Identify threats per OWASP Top 10 Web Application Security Risks.