CISSP PRACTICE QUESTIONS – 20210630

Posted on June 30, 2021 by Wentz Wu

You are applying for a certificate to support HTTPS on a webserver for E-Commerce. Which of the following should you submit to the registration authority? (Wentz QOTD)
A. The openssl utility and 3072 bits key.
B. The key pair and government-issued ID.
C. The certificate signing request only.
D. The certificate signing request and the private key.

Continue reading →

Free ZeroSSL for 3 Months

Posted on June 30, 2021 by Wentz Wu

Continue reading →

CISSP PRACTICE QUESTIONS – 20210629

Posted on June 29, 2021 by Wentz Wu

You are evaluating cryptographic functions to encrypt data transmitted on networks. Which of the following is incorrect? (Wentz QOTD)
A. Triple DES3-EEE means three keys are involved.
B. AES uses a larger block size than DES.
C. AES may not involve an initiation vector.
D. AES specifies block and key sizes that may be any multiple of 32 bits.

Continue reading →

CISSP PRACTICE QUESTIONS – 20210628

Posted on June 28, 2021 by Wentz Wu

You are encrypting data using a well-known block cipher in CBC mode with a randomly generated symmetric key, yHj7rXtKd/Q4EdIIEDifQFrid2w=, to communicate with a peer host on an 802.3 Ethernet. A middle man captured the traffic and happened to decrypt the ciphertext using another key, zycATbEloWRKFo5C9MfgrjXeCTk=, during the cryptanalysis process. Which of the following best describes the phenomenon? (Wentz QOTD)
A. Collision detection
B. Server pharming
C. Key clustering
D. Hash collision

Continue reading →

CISSP PRACTICE QUESTIONS – 20210627

Posted on June 27, 2021 by Wentz Wu

You are collecting and eliciting stakeholders’ security needs and requirements in a software development project. Which of the following is the least likely tool or technique used? (Wentz QOTD)
A. Fuzzer
B. Misuse case
C. Data flow diagram
D. Requirement traceability matrix

Continue reading →

CISSP PRACTICE QUESTIONS – 20210626

Posted on June 26, 2021 by Wentz Wu

You are developing a server that collects data from branches. To ensure data in transit is not tampered with and the identity of data origin is authentic, which of the following is the best cryptographic function that meets the security requirement? (Wentz QOTD)
A. SHA
B. 802.1X
C. Skipjack
D. CBC-MAC

Continue reading →

WUSON Practice Field POC Completed!

Posted on June 26, 2021 by Wentz Wu

WUSON Practice Field, A Simple Test Engine for CISSP

A simple test engine is about to support my QOTDs:)Technologies used:

Cloud Services (API, Docker, SQL) on Azure
Web API and Auth0 (OIDC/OAuth2)
Microservices-based design
Microsoft .NET 5.0
Legacy Windows Forms App

WUSON Practice Field for CISSP Screenshots

CISSP考試心得 – Lorenzo Yang

Posted on June 26, 2021 by Wentz Wu

一個契機、一個動力、竭盡回應。
~ Lorenzo Yang, 志工教練, CISSP, ISO27001 LAC, BS10012 LAC, CEH, JCCP

Continue reading →

CISSP PRACTICE QUESTIONS – 20210625

Posted on June 25, 2021 by Wentz Wu

Which of the following is the least reasonable pairing relationship in terms of network access control? (Wentz QOTD)
A. Supplicants and the Authentication Server per 802.1X
B. Network Access Servers and the Authentication Server per RADIUS
C. VPN clients and the Network Access Server per L2TP
D. Wireless devices and the Access Point per PEAP

Continue reading →

Flying To The Cloud

Posted on June 24, 2021 by Wentz Wu

The Cloud Computing Conceptual Reference Model (credit: NIST)

Continue reading →

Wentz Wu

ISSAP, ISSEP, ISSMP CISSP, CCSP, CSSLP, CGRC, SSCP, CC, CISM, CISA, CRISC, CGEIT, PMP, ACP, PBA, RMP, CEH, ECSA

Monthly Archives: June 2021

CISSP PRACTICE QUESTIONS – 20210630

Free ZeroSSL for 3 Months

CISSP PRACTICE QUESTIONS – 20210629

CISSP PRACTICE QUESTIONS – 20210628

CISSP PRACTICE QUESTIONS – 20210627

CISSP PRACTICE QUESTIONS – 20210626

WUSON Practice Field POC Completed!

CISSP考試心得 – Lorenzo Yang

CISSP PRACTICE QUESTIONS – 20210625

Flying To The Cloud