CISSP PRACTICE QUESTIONS – 20201219

Effective CISSP Questions

A loyal customer called the service center to order a product on promotion with 50% off. He visited the company’s website to order the same product again but received no discount. He is complaining about it. Which of the following is the best role that should address this problem?
A. Data owner
B. Data steward
C. Data custodian
D. Information system owner

Continue reading

CISSP PRACTICE QUESTIONS – 20201217

Effective CISSP Questions

You are one of the business continuity team members and sitting in a meeting conducting business impact analysis. Critical or prioritized activities that support the delivery of products and services are identified and under discussion. Which of the following metrics is most likely not defined for each activity?
A. The time within which the impacts of not resuming activities would become unacceptable
B. The time frames for resuming activities at specified minimum acceptable capacities
C. The minimum business continuity objective (MBCO) or service delivery objective (SDO)
D. The point up to which information and data used by an activity is appropriately current

Continue reading

CISSP PRACTICE QUESTIONS – 20201216

Effective CISSP Questions

You work for a system integrator based in the US that provides consulting and maintenance services to banks issuing credit cards. Your company is subject to contractual obligations being certified by a third-party auditor to provide security assurance. Which of the following is the primary contractual compliance requirements your company shall comply with?
A. Payment Card Industry Data Security Standard (PCI DSS)
B. Service Organization Control (SOC)
C. Gramm-Leach-Bliley Act (GLBA)
D. General Data Protection Regulation (GDPR)

Continue reading

Bell-LaPadula (BLP) Model

Bell-LaPadula (BLP) model is a formal model for access control based on the finite state machine and lattice (partially ordered set) to control simple operations (read) and all other operations (*, e.g., write) that cause information flow from the high level to the low level to enforce confidentiality.

The mandatory access control (MAC) mechanism of the TCSEC, aka the Orange book, is based on the BLP model.

CISSP PRACTICE QUESTIONS – 20201215

Effective CISSP Questions

A newly hired CISO got onboard recently. He proposed a grand information security strategy called “zero risks.” As the CEO, which of the following should you do?
A. Approve the strategy and report to the board
B. Reject the strategy and ask for detailed risk assessment
C. Invite feedback from the senior management team and the board
D. Issue a program policy to initiate the information security program

Continue reading

Security Engineering 101

  • Systems Engineering is a discipline of applying knowledge to create or acquire a system that is composed of interrelated elements collaborating for a common purpose throughout the system development life cycle (SDLC), or system life cycle (SLC). A life cycle is a collection of predefined stages and processes.
  • Security Engineering is a specialty discipline of systems engineering. It addresses the protection needs or security requirements throughout the system life cycle.

Source: The Effective CISSP: Security and Risk Management

Continue reading

CISSP PRACTICE QUESTIONS – 20201214

Effective CISSP Questions

A divestiture (or divestment) is the disposal of a company’s assets or a business unit through a sale, exchange, closure, or bankruptcy; it is also a way to stay focused and remain profitable as companies grow and get involved in too many business lines. As a security professional, which of the following should you consider first to facilitate a divestiture?
A. Assets in scope
B. Business disruption
C. Leaks of intellectual property
D. Data privacy non-compliance

Continue reading