Notice of Wentz QOTD

Dear all,

I just received the “Notice of Infringement” from ISC2, as the screenshot shows.

As you may know, I’ve been quite actively contributing to the community, helping others, and strictly following the rules and compliance requirements.

I’ve also spent much time “100% originally writingCISSP practice questions and explaining my suggested answers to help CISSP aspirants and contribute to the community, as most instructors have done. However, ISC2 officially expresses its concern and claims its copyright.

I am communicating with ISC2. If they insist that I shall follow its request to remove my QOTDs immediately and stop writing practice questions. I will do so per the request. If QOTDs are removed in the end, I hope discussions will continue!

Thank you for your active engagement!

Best regards,
Wentz, @Taiwan


Evidence of My Original Work


You are a developer of the Agile team that develops the customer relationship management system for your company. Which of the following is least likely for you to do? (Wentz QOTD)
A. Configure the database connection setting
B. Write unit tests before the production code are done
C. Interact with customers directly for software requirements
D. Respond to customer’s bug report directly to restore service level in time

Continue reading


As an ID provider, Taiwan Airline federated with a chain of a car rental company and a five-star chain hotel. Customers can log into the airline website supported by single sign-on (SSO) and reserve hotels or rent a car. Which of the following is least likely to happen? (Wentz QOTD)
A. Assertions or claims about a customer may be described in the JSON format.
B. A customer typically has a user account on each airline, car rental, and hotel domain.
C. If the airline system goes down, customers cannot log into other federated systems.
D. Car rental and hotel systems may send a query to the airline for customer data.

Continue reading

Internet Key Exchange (IKE) and Security Association (SA)

I came across this post about IKE and ISAKMP on Luke’s group and found it deserves further study. My suggested answers would be A (IKE) for the first question and D (ISAKMP) for the second because IKE is the implementation of ISAKMP. RFC 7296 “describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations

Continue reading


Your company is publicly traded. A ransomware attack has materialized and is threatening to publish confidential customer data unless a ransom is paid. The board of directors is concerned that the ransomware attack will compromise shareholders’ confidence and stock price. Which of the following is the best plan that addresses the concern? (Wentz QOTD)
A. Disaster recovery plan
B. Business continuity plan
C. Crisis communication plan
D. Information system contingency plan

Continue reading


Your organization suffers from a ransomware attack, threatening to publish confidential customer data unless a ransom is paid. The incident has been escalated to a problem. Which of the following is least likely to happen next? (Wentz QOTD)
A. Restore files
B. Perform forensics investigation
C. Validate if the incident is genuine
D. Conduct security awareness training

Continue reading