CISSP PRACTICE QUESTIONS – 20210601

Effective CISSP Questions

Your company sells toys online through a large-scale web-based E-commerce system. You are applying for an X.509 certificate to support secure transmission. Which of the following is most feasible? (Wentz QOTD)
A. Submit a PKCS #10 file containing the key pair to the registration authority.
B. Install the issued certificate on the load balancer instead of the web servers.
C. Download a validated X.509 certificate in a .pfx file from the validation authority.
D. Authenticate to the certification authority for the approval of the certificate signing request.

Continue reading

CISSP PRACTICE QUESTIONS – 20210531

Which of the following is an incorrect statement about cryptographic functions? (Wentz QOTD)
A. Collision makes a one-way function vulnerable and reversible.
B. The confusion property of a cipher reduces occurrences of key clustering.
C. A key schedule is an algorithm calculating round keys from the key in a product cipher.
D. Manually rotating a key typically occurs when the key is subject to being compromised.

Continue reading

CISSP PRACTICE QUESTIONS – 20210529

As an end-user of the ERP system developed in-house, you accidentally came across a system error when typing some combination of data; the system then recovered and redirected you to a new page with an unexpected privilege escalation, a system vulnerability nobody knows before. Which of the following is the best instrument for you to handle this situation? (Wentz QOTD)
A. Acceptable use policy
B. Incident report procedure
C. Responsible disclosure policy
D. Vulnerability classification standard

Continue reading

CISSP PRACTICE QUESTIONS – 20210526

You work for a nationwide telecommunications company subject to GDPR. Customers often exercise their right to data portability to request their subscriptions to be transferred from one telco to another. Which of the following is the best measure to support the transfer request? (Wentz QOTD)
A. Build lock-in mechanisms
B. Implement an opt-in regime
C. Enforce the acceptable use policy
D. Standardize data representation through XML

Continue reading

CISSP PRACTICE QUESTIONS – 20210525

When it comes to data protection or privacy, where processing personal data is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. Which of the following is the least likely action the controller might take? (Wentz QOTD)
A. Receive consent through an opt-out
B. Implement safeguards against ‘function creep’
C. Exercise the right to withdraw consent anytime
D. Avoid inappropriate influence which could affect the outcome of consent

Continue reading

CISSP PRACTICE QUESTIONS – 20210524

You are working for a public company and evaluating an initiative to subscribe to cloud services to host an information system for financial reporting. The independent auditor is concerned with compliance requirements and the suitability of the design and operating effectiveness of the controls at the cloud service provider. Which of the following provides the best assurance to address the concern? (Wentz QOTD)
A. SOC 1 Type 1 Report
B. SOC 1 Type 2 Report
C. SOC 2 Type 1 Report
D. SOC 2 Type 2 Report

Continue reading