CISSP PRACTICE QUESTIONS – 20210916

Effective CISSP Questions

As a security professional, you have to ensure the effectiveness of information security and comply with requirements such as laws, regulations, industrial standards, contracts, organizational policies, code of ethics, etc. Which of the following should you follow when compliance requirements are not consistent? (Wentz QOTD)
A. Laws
B. Regulations
C. Industry standard
D. Organizational policies

Continue reading

CISSP PRACTICE QUESTIONS – 20210915

Effective CISSP Questions

The board of directors is discussing the organization of security function and its relation with the audit function. Which of the following is the most accepted practice? (Wentz QOTD)
A. The security function should comprise internal audits
B. The audit function should include the security function
C. The audit committee shall govern the security function
D. The security function may be managed by engineers or other staff

Continue reading

CISSP PRACTICE QUESTIONS – 20210913

Effective CISSP Questions

The CEO set out a grand growth strategy that involves a portfolio of mergers and acquisitions. As a CISO, which of the following is most crucial to align the information security strategy with the grand strategy? (Wentz QOTD)
A. Neutrality of the security function
B. Independence of audit function
C. Exercise of due diligence
D. Use of due care

Continue reading

CISSP PRACTICE QUESTIONS – 20210912

Effective CISSP Questions

Which of the following least likely enforces integrity in a mandatory access control environment? (Wentz QOTD)
A. Assign an attribute as the primary key in a relation
B. Encrypt the digest of a document using the recipient’s public key as the digital signature
C. Generate the message authentication code using a block cipher
D. Prevent a subject at a lower security level from writing information to a higher level object

Continue reading

CISSP PRACTICE QUESTIONS – 20210911

Effective CISSP Questions

You are conducting penetration testing against servers on perimeter networks. Which of the following is the most likely step that comes immediately before the step that applies Common Vulnerabilities and Exposures (CVE) to scan vulnerability? (Wentz QOTD)
A. Discover hosts and IP addresses
B. Enumerate available services and resources
C. Exploit identified vulnerabilities
D. Compile and report findings

Continue reading

CISSP PRACTICE QUESTIONS – 20210909

Effective CISSP Questions

Your team is developing a user experience that invokes a RESTful API developed by the other in-house team using the federated identity. The API requires authentication invoked through GET https://api.WentzWu.com/user/{username}/{password}. Which of the following is correct? (Wentz QOTD)
A. The API is compliant with the RESTful style.
B. The API shall employ HTTP POST to enforce confidentiality.
C. The API shall not use the username and password for authentication.
D. The API has a vulnerability that can be identified only as early as in the testing phase.

Continue reading

CISSP PRACTICE QUESTIONS – 20210908

Effective CISSP Questions

You are the system owner of the ERP system and have selected baseline controls from a security control framework. A security control specified in the baseline needs to be modified based on system-specific requirements. Which of the following is the best means to justify the adjustment? (Wentz QOTD)
A. Information security policy
B. The result of risk assessment
C. The impact level of the system
D. The high watermark of the information types processed by the system

Continue reading