CISSP PRACTICE QUESTIONS – 20210101

You are evaluating alternatives to the physical access control system of the computer room. Which of the following provides the highest level of security?
A. Press PIN code on the keypad
B. Input Employee ID and password to the keypad
C. Swipe a contact ID card and input the PIN code
D. Input Employee ID first, then scan the fingerprint

Continue reading

What Is Engineering?

Image Credit: City of Gastonia

Engineering refers to applying knowledge and skills to understand and manage stakeholders’ requirements, propose and implement a solution to address those requirements, and utilize and support that solution to create value persistently until its retirement.
~ Wentz Wu

Systems Engineering

interdisciplinary approach governing the total technical and managerial effort required to transform a set of stakeholder needs, expectations, and constraints into a solution and to support that solution throughout its life.

Source: ISO/IEC/IEEE 15288:2015 Systems and software engineering — System life cycle processes

Software Engineering

application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software; that is, the application of engineering to software.

Source: ISO/IEC/IEEE 12207:2017 Systems and software engineering — Software life cycle processes

CISSP PRACTICE QUESTIONS – 20201231

You are a member of the software development team following the waterfall model. The customer has signed off the user requirements specification. Your team has finished and is reviewing the architectural and detailed designs. To identify security flaws, which of the following is the best vehicle?
A. Common Weakness Enumeration (CWE)
B. Security Content Automation Protocol (SCAP)
C. Common Vulnerabilities and Exposures (CVE)
D. Common Vulnerability Scoring System (CVSS)

Continue reading

CISSP PRACTICE QUESTIONS – 20201230

Your company has 400 employees. One-fourth of them are assembly workers; Alice is responsible for calculating their wages and storing them in the relational database table, Payrolls, which contains all the employees’ salaries. Alice learned that she received the lowest salary among all employees by submitting the SQL query, SELECT MIN(Salary) FROM Payrolls. She is complaining about this to her boss. Which of the following is the primary cause of the confidentiality issue?
A. Inference
B. Partitioning
C. Aggregation
D. Improper database normalization

Continue reading

CISSP PRACTICE QUESTIONS – 20201227

Your company starts an in-house software development project for the customer relationship management solution. Which of the following activities is least likely conducted during the software development life cycle?
A. Resale the solution to external entities
B. Develop the business case for the project
C. Implement the solution without threat modeling
D. Reject the solution after user acceptance testing

Continue reading

CISSP PRACTICE QUESTIONS – 20201225

As the architect of the software development team, you and your team are conducting threat modeling. Which of the following is the first action you should take?
A. Calculate residual risk.
B. Prepare use cases and data flow diagrams.
C. Implement input validation, error handling, and logging.
D. Identify threats per OWASP Top 10 Web Application Security Risks.

Continue reading