Effective CISSP Questions

Your organization plans to provision private cloud services based on a type I hypervisor. After evaluation, a virtualization solution provider is selected. Your organization is proceeding to sign a contract with the provider. Which of the following is least critical in the process? (Wentz QOTD)
A. Specify service level and security requirements
B. Exercise audit rights to ensure the supplier meets security requirements
C. Consider indemnity, the governing law, and jurisdiction
D. Define procedures to validate the supplier’s deliverables

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Exercise audit rights to ensure the supplier meets security requirements.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

To preserve audit rights in the contract to ensure the contractor meets the minimum security requirements is one of the major considerations when signing a contract. It’s not feasible to exercise audit rights before the contract is signed and effected.


您的組織想要提供基於 I 類虛擬機管理程序(hypervisor)的私有雲服務。 經過評估,一家虛擬化解決方案提供商被選為供應商。 您的組織正在與該供應商簽訂合同。 以下哪項在該過程中最不重要? (Wentz QOTD)
A. 指定服務級別和安全要求
B. 行使審核權以確保供應商滿足安全要求
C. 考慮賠償、管轄法律和管轄權
D. 定義驗證供應商可交付成果的程序

Leave a Reply