As an information system owner, you are categorizing the system and collaborating with information owners to scope and tailor the security controls. Which of the following is the best source used to determine the control baseline that meets the minimum security requirements from the perspective of the National Institute of Standards and Technology (NIST)?
A. Policies
B. Standards
C. Procedures
D. Guidelines
As an information system owner, you are categorizing the system and collaborating with information owners to scope and tailor the security controls. Which of the following is the best source used to determine the minimum security requirements from the perspective of the National Institute of Standards and Technology (NIST)?
A. Policies
B. Standards
C. Procedures
D. Guidelines
Censorship is evil.
Don’t be evil, Google!
That’s your paramount promise.
Thank you so much, guys, for your support, active engagement, and contribution to the community! Join the Effective CISSP Facebook group!
You work for a public traded company. Which of the following has the highest risk exposure?
A. The CISO reports to the COO instead of the CEO.
B. The company website gets defaced through SQL injection.
C. The official financial reports for shareholders are disclosed.
D. One of the RAID disks for the core database becomes malfunctioning.
Thank you very much, Prabh, for having me in your webminar!
Your company intends to deploy the E-Commerce system to the cloud. As a security professional, you are exercising due diligence to assess privacy issues. Which of the following is most likely to trigger trans-border data flow and violate privacy laws?
A. Ephemeral storage
B. Content delivery network
C. Instance-level block storage
D. Elastic computing capabilities
Your company outsourced the development of the customer relationship management system. The software development vendor requests customer profiles for stress testing. To simulate the real stress and performance, which of the following is the best testing data?
A. Large amount of actual customer data
B. Small amount of anonymized customer data
C. Large amount of pseudo-anonymized customer data
D. Small amount of tokenized customer data
After working in the IT industry for 26 years or so, I successfully achieved my annual goals in 2018, passing 19 exams in 9 months, which resumed my instructor career.
Wentz QOTD is the essence of my experience and knowledge across business, IT, security, engineering, and management domains. I do my best and spend much time writing each question and justification and controlling quality. They can be hard, but the real value is on my justification and explanation. However, to err is human. My suggested answers won’t always be correct, and that’s why I “suggest” my answer.
Please be patient and don’t be frustrated by my QOTDs. If you can challenge my perspective or learn something from my blog posts, you are an effective learner! I believe you will enjoy the journey and pass the exam as expected.
I hope this group, Effective CISSP (https://www.facebook.com/groups/EffectiveCISSP), will keep growing in momentum. If you feel like it is helpful, please share my group and QOTD with your friends and invite them to join this group.
Thank you very much for your kind support!
Wentz
