An asset owner is authorizing user access to resources. Which of the following is the most crucial element that determines the scope of a user’s privileges? (Wentz QOTD)
A. Job description
B. Access control matrix
C. Acceptable use policy (AUP)
D. Information security strategy
“All information security professionals who are certified by (ISC)² recognize that such certification is a privilege that must be both earned and maintained.”
Source: (ISC)² Code Of Ethics
I’m honored to be part of the CISSP community. Integrity and reputation matter a lot to me. As a CISSP, I’ve been actively contributing to the community, helping others, and strictly following the rules and compliance requirements. However, (ISC)² sent me a notice of infringement on April 28, 2021. I took immediate actions to clarify the situation and prove the originality of my CISSP practice questions (aka Wentz QOTD) upon receiving the notice.
The (ISC)² Assistant General Counsel, Alex H. Rosenfeld, Esq., replied to me on May 7, 2021, which states, “I have confirmed with our team that your questions are original, and you may disregard the notice that was sent.” I’m grateful for the efficient response and confirmation from (ISC)² and will continue to develop Wentz QOTD.
I sincerely appreciate firm supports from my students of WUSON CISSP classes, members of the Effective CISSP group, and the community. You guys have been motivating and inspiring me to move forward!
Special thanks go to the (ISC)² board director, Aloysius Cheang, for his facilitation of my case and deep support for the Taipei Chapter in Taiwan.
Special thanks go to the Lead trainer at ThorTeaches, Thor Pedersen, for his warm guidance on how to address this issue adequately.
Special thanks go to professors and members of the Certification Station on Discord for your attention and support for my case.
Best regards,
Wentz Wu
CISSP-ISSMP,ISSEP,ISSAP/CCSP/CSSLP
CISM/CISA/CRISC/CGEIT/ISO 27001/27701 LA
PMP/ACP/PBA/RMP/SCRUM:PSM I/PSPO I/PSD
CEH/ECSA/MCSD/MCSE/MCDBA
Your organization instructs employees to work from home to mitigate the impact of the pandemic of COVID-19. However, some jobs require third-party contractors to work on site. To avoid cluster infection, every contracted individual must report potential contact with confirmed cases whenever possible. Which of the following is the best document that provides the procedure? (Wentz QOTD)
A. Service level agreement
B. Business continuity plan
C. Incident management plan
D. Security awareness and training plan
Your company has a limited budget for information security, resulting in low salaries and a lack of quality security products. As the information security manager, which of the following is the best strategy to earn the management buy-in and increase the budget? (Wentz QOTD)
A. Lay off security staff with poor performance to cut costs
B. Implement the balanced scorecard to measure and present performance
C. Share threat intelligence frequently with executives to increase the sense of risk
D. Prepare incident management reports to demonstrate how much loss is reduced
A software development team of your company is tasked to develop the E-Commerce website. Which of the following is the best time to conduct threat modeling? (Wentz QOTD)
A. When the software has been tested
B. When the solution has been proposed
C. When the integrated product team (IPT) is established
D. When software requirements have been verified and validated
You are evaluating solutions that can mitigate the threat of lateral movement. Which of the following least aligns with the principles of Zero Trust? (Wentz QOTD)
A. Place critical servers in the DMZ for isolation
B. Implement EAP-TLS for mutual authentication
C. Enforce 802.1X for network access control
D. Enable mirroring ports on switch hubs for sniffing
This is a video from YouTube for collection.
Employees complained about the inconvenience of the biometric-based physical access control system for delaying their entrance to the office too long, even though you had optimized the sensitivity of the biometric system. Which of the following is the most feasible solution? (Wentz QOTD)
A. Revise the information security policy.
B. Update the information security strategy.
C. Raise the clipping level or equal error rate (EER).
D. Replace a new biometric system with a lower crossover error rate (CER).
I, Wentz Wu, am not affiliated, associated, or in any way connected with the fake Facebook account, its page, or any of its affiliates.
How disgraceful this fake Facebook account illegally used my photo, infringed copyright, and conducted illegal activities. I’ve reported this fake account, and Facebook has removed it.