You have provisionally passed the CISSP exam and started the online endorsement application to earn the certification (as a privilege) and obtain your credential. To commit to fully supporting the (ISC)² Code of Ethics, you are exercising due diligence and reviewing the code online. Which of the following is not an ethics canon that you might violate?
A. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
B. Act honorably, honestly, justly, responsibly, and legally.
C. Provide diligent and competent service to principles.
D. Advance and protect the profession.
Monthly Archives: February 2021
CISSP PRACTICE QUESTIONS – 20210228
To mitigate lateral movement, your company is implementing technical access controls per zero trust principles. Which of the following is least related to the implementation of zero trust?
A. XACML
B. De-perimeterisation
C. Separation of duties
D. Complete mediation
CISSP PRACTICE QUESTIONS – 20210227
Your company is developing an E-Commerce web system. As a software tester, you would like to prepare test data to verify if the back-end API is vulnerable in terms of data integrity. Which of the following is the best tool?
A. zzuf
B. Nmap
C. Nessus
D. Metasploit
Top BSIMM Activities
- Ensure host and network security basics are in place
- Implement life cycle governance
- Review security features
- Use external penetration testers to find problems
- Identify personally identifiable information (PII) obligations
- Perform security feature review.
- Create or interface with incident response
- Ensure QA performs edge/boundary value condition testing
- Integrate and deliver security features
- Identify software defects found in operations monitoring and feed them back to development
- Use automated tools along with manual review
- Feed results to the defect management and mitigation system
- Feed results to the defect management and mitigation system
Source: https://www.bsimm.com/about.html
CISSP PRACTICE QUESTIONS – 20210226
Your organization suffered from data compromise. A local hacker group was identified during the incident response process and regarded responsible based on collected evidence. If your organization decides to prosecute the hacker group, which of the following is most critical?
A. Timely e-discovery
B. Sound information governance
C. Compliance with CPTED principles
D. Effective administrative investigation
CISSP PRACTICE QUESTIONS – 20210225
A subject is authenticating to the ID provider. Which of the following is not a cryptographic function or cipher and provides the lowest level of security in the authentication process?
A. Base64 for the encoding of ID and password in HTTP basic authentication
B. Electronic Codebook (ECB) that produces repeated patterns
C. Hash-based message authentication code (HMAC)
D. Cipher block chaining message authentication code (CBC-MAC)
CISSP-ISSEP Preparation
ISSEP is a concentration exam of CISSP. It is not that hard but intimidating because of the limited number of exam prep materials. The following official sources are crucial.
PRIMARY MATERIALS
ISSEP CBK SUGGESTED REFERENCES
- IATF is obsolete.
- NIST SP 800-160 volumes 1 & 2
- INCOSE System Engineering Handbook
- NIST SP 800-37 (RMF)
- NIST SP 800-161 (Supply Chain Risk Management)
- PMI PMBOK (Free for PMI members)
- The ISSEP CBK book is outdated but good to have
CISSP PRACTICE QUESTIONS – 20210224
Your organization set up a new position, CISO, which reports to the CIO, to be in charge of cybersecurity. As the CISO, you aim to support the business effectively. Which of the following is the most critical task for you?
A. Integrate security into IT processes
B. Implement comprehensive network access control
C. Sponsor and direct the business continuity program
D. Develop an information security management system
CISSP PRACTICE QUESTIONS – 20210223
You are applying for a certificate from a certificate authority (CA) to support the secure transmission on the E-Commerce website that serves global customers. Which of the following actions exposes the least risk?
A. Randomly generate an asymmetric key pair on the portal of the CA.
B. Use a utility to create the certificate request on the local workstation
C. Upload the key pair to the CA server for approval and signing
D. Download and install the certificate containing the key pair onto the webserver
CISSP PRACTICE QUESTIONS – 20210222
Which of the following provides the highest level of safety in storefront or shopping windows?
A. Tempered glass
B. Laminated glass
C. Wired glass
D. Annealed glass