CISSP PRACTICE QUESTIONS – 20210609

Effective CISSP Questions

Engineering is an approach that involves a set of processes to develop a solution, which can be a system, software, or any deliverable, transformed from stakeholders’ requirements and support the solution throughout its life. Which of the following is the most generally accepted correct statement? (Wentz QOTD)
A. ISO/IEC 15288 prescribes six stages in the system life cycle (SLC).
B. The software development life cycle differs from the one of a system.
C. Verification and validation processes are not applied other than the testing stage.
D. A development life cycle addresses the construction of a system instead of acquisition.

Continue reading

CISSP PRACTICE QUESTIONS – 20210608

Effective CISSP Questions

After receiving the bill, Adam insists a hacker logged into an online jewelry store with his credentials and bought a ring using his credit card without his consent. He denied the transaction and refused to pay. Which of the following is the best strategy for the online store to prevent this situation from recurring? (Wentz QOTD)
A. Implement the Digital Signature Algorithm (DSA)
B. Encrypt the hash of the transaction using Adam’s private key
C. Establish a trustworthy enterprise-wide trusted root certification authority
D. Protect Adam’s credentials using hash-based message authentication code (HMAC)

Continue reading

CISSP PRACTICE QUESTIONS – 20210607

Effective CISSP Questions

Your company manufactures sports shoes for a worldwide big label and initiates a business continuity program to support the continuous delivery of products and services. Which of the following should be done first? (Wentz QOTD)
A. Identify critical activities and their maximum tolerable downtime
B. Identify, analyze, and evaluate risk relevant to business continuity
C. Determine the list of products and services to be protected from disruption
D. Define RTO and RPO for critical IT services subject to business requirements

Continue reading

CISSP PRACTICE QUESTIONS – 20210606

Effective CISSP Questions

Your company initiates a project to develop a customer relationship management (CRM) system. As a security professional, you are invited to join the project. Which of the following will you suggest first so that the project manager can incorporate it into the project schedule? (Wentz QOTD)
A. Identify stakeholders and security roles
B. Assess the business impact of the system
C. Identify information types processed by the system
D. Conduct a risk-based review of the system’s design

Continue reading

Project Management 101

Governance

Strategic management is a vital part of governance; projects and operations are the core concerns of a strategy.

Information Security Governance
Information Security Governance

Strategy

An organizational strategy typically comprises a portfolio of initiatives to achieve long-term goals and fulfill the vision and mission.

PMI OPM Strategy Execution Framework
PMI OPM Strategy Execution Framework
Continue reading