Your organization is considering employing open source components in a software development project. Which of the following is the least concern? (Wentz QOTD) A. Costs B. Back doors C. Test coverage D. Intellectual property
Your organization implemented an X.509-based public key infrastructure. Which of the following is the most efficient way to identify a service endpoint to validate a certificate using online certificate status protocol? (Wentz QOTD) A. Lookup extensions in the certificate itself B. Retrieve the first entry in the certificate revocation list C. Query the TXT record, _ocsp_crl, on the DNS server D. Query the SRV record, _ocsp, on the DNS server
Your organization plans to provision private cloud services based on a type I hypervisor. After evaluation, a virtualization solution provider is selected. Your organization is proceeding to sign a contract with the provider. Which of the following is least critical in the process? (Wentz QOTD) A. Specify service level and security requirements B. Exercise audit rights to ensure the supplier meets security requirements C. Consider indemnity, the governing law, and jurisdiction D. Define procedures to validate the supplier’s deliverables
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Zero Trust architecture emphasizes imposing access control dynamically or just in time. Which of the following is least related to the concept of just in time? (Wentz QOTD) A. Require using the “sudo” utility for privileged activities B. Lockdown administrative ports on the firewall and open them only after authentication C. Provision identities and permissions when users visit service providers for the first time D. Facilitate authentication so that users can sign on once and access resources across systems
“Simple” is an objective property of things. “Easy” is one’s subjective perception of things. “Straightforward” refers to one can easily complete a simple thing.
Is CISSP simple? Most CISSP or security principles and concepts are simple and easy to be aware of or learn, but some are complicated, and still, some others are complex or even chaotic. The Cynefin framework or Stacey model explains the concept of simple, complicated, complex, and chaotic quite well.
Is CISSP easy? It depends because it’s your subjective perception. I encourage students to treat it as easy preemptively but prepare for it cautiously and diligently.
Is CISSP straightforward? It’s absolutely not. CISSP is not just cramming, studying, and learning; integrity, life-long learning, sharing, practicing, and walking what you’re talking about are indisposable ingredients.
Your company implemented a biometric system that matches fingerprints against the model database to control access to the computer room. A Type I error occurs when an IT engineer is authorized to enter the computer room by the management but rejected by the system. Which of the following is the best null hypothesis to determine Type I error? (Wentz QOTD) A. The subject is either an employee or an imposter B. The false rejection rate is higher than the false acceptance rate C. The sample fingerprint matches the template in the model repository D. The sample fingerprint doesn’t match the template in the model repository
A software development team is conducting threat modeling. Which of the following is the best instrument used to evaluate the risk exposure of identified threats? (Wentz QOTD) A. CMMI B. SAMM C. STRIDE D. DREAD
You generated a key pair and created a certificate signing request to apply for a certificate to support HTTPS on your web server. Which of the following is least likely to appear in the certificate signing request? (Wentz QOTD) A. Your public key B. A digital signature signed by your private key C. Subject name in the format of X.500 D. A timestamp by the registry authority
The user interface of your program froze whenever communicating with a remote server. The poor responsiveness affects user satisfaction. Which of the following is the best feature you should implement to solve this problem? (Wentz QOTD) A. Multiprogramming B. Multitasking C. Multithreading D. Multiprocessing