Your company sells toys online through a large-scale web-based E-commerce system. You are applying for an X.509 certificate to support secure transmission. Which of the following is most feasible? (Wentz QOTD)
A. Submit a PKCS #10 file containing the key pair to the registration authority.
B. Install the issued certificate on the load balancer instead of the web servers.
C. Download a validated X.509 certificate in a .pfx file from the validation authority.
D. Authenticate to the certification authority for the approval of the certificate signing request.
Monthly Archives: May 2021
CISSP PRACTICE QUESTIONS – 20210531
Which of the following is an incorrect statement about cryptographic functions? (Wentz QOTD)
A. Collision makes a one-way function vulnerable and reversible.
B. The confusion property of a cipher reduces occurrences of key clustering.
C. A key schedule is an algorithm calculating round keys from the key in a product cipher.
D. Manually rotating a key typically occurs when the key is subject to being compromised.
CISSP PRACTICE QUESTIONS – 20210530
Which of the following is an incorrect statement about discretionary access control (DAC)? (Wentz QOTD)
A. Granting read access is transitive.
B. DAC policy is vulnerable to Trojan horse attacks.
C. DAC can effectively assure the flow of information in a system.
D. The owner of the object decides the privileges for accessing objects.
Discretionary and Non-Discretionary Access Control Policies
Access control policies drive the implementation of access control mechanisms (safeguards) to mitigate risks.
Continue readingCISSP PRACTICE QUESTIONS – 20210529
As an end-user of the ERP system developed in-house, you accidentally came across a system error when typing some combination of data; the system then recovered and redirected you to a new page with an unexpected privilege escalation, a system vulnerability nobody knows before. Which of the following is the best instrument for you to handle this situation? (Wentz QOTD)
A. Acceptable use policy
B. Incident report procedure
C. Responsible disclosure policy
D. Vulnerability classification standard
CISSP PRACTICE QUESTIONS – 20210528
Your web server responds to the customer’s browser with a raw HTTP 500 message. To avoid disclosing too much system information and improve user experience, which of the following is the best solution? (Wentz QOTD)
A. Input validation
B. Bound checking
C. Exception handling
D. Change management
CISSP PRACTICE QUESTIONS – 20210527
As the head of cybersecurity, you are concerned with security incidents that may degrade the quality of business processes. You decide to manage the incident response quantitatively to improve process quality and reduce business loss. Which of the following is the best means? (Wentz QOTD)
A. CMMI
B. COBIT
C. Six Sigma
D. Common Criteria
CISSP PRACTICE QUESTIONS – 20210526
You work for a nationwide telecommunications company subject to GDPR. Customers often exercise their right to data portability to request their subscriptions to be transferred from one telco to another. Which of the following is the best measure to support the transfer request? (Wentz QOTD)
A. Build lock-in mechanisms
B. Implement an opt-in regime
C. Enforce the acceptable use policy
D. Standardize data representation through XML
CISSP PRACTICE QUESTIONS – 20210525
When it comes to data protection or privacy, where processing personal data is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. Which of the following is the least likely action the controller might take? (Wentz QOTD)
A. Receive consent through an opt-out
B. Implement safeguards against ‘function creep’
C. Exercise the right to withdraw consent anytime
D. Avoid inappropriate influence which could affect the outcome of consent
CISSP PRACTICE QUESTIONS – 20210524
You are working for a public company and evaluating an initiative to subscribe to cloud services to host an information system for financial reporting. The independent auditor is concerned with compliance requirements and the suitability of the design and operating effectiveness of the controls at the cloud service provider. Which of the following provides the best assurance to address the concern? (Wentz QOTD)
A. SOC 1 Type 1 Report
B. SOC 1 Type 2 Report
C. SOC 2 Type 1 Report
D. SOC 2 Type 2 Report