Which of the following best protects source code owned by your organization and stored in an internal code repository from being copied? (Wentz QOTD)
A. Copyright
B. Patent
C. Trade secret
D. Trademark

The original Rijndael documentation, as an Advanced Encryption Standard (AES) candidate, submitted to the NIST dates from June 11, 1998, and the AES standard, FIPS 197, issued by the NIST was approved on November 26, 2001. Which of the following is incorrect? (Wentz QOTD)
A. Rijndael allows the specification of variants with the block length and key length.
B. The number of rounds of Rijndael can be modified in case of security problems.
C. The block length in AES is 128 bits, while the key length can be 128, 192, or 256 bits.
D. AES specifies using the Feistel structure to transpose the intermediate state.

You are working for a US-based public company and evaluating cloud solutions that hos the ERP system involving financial reporting by referring to the website of one of the most well-known cloud services providers for more information. As a website guest visitor, which of the following is the best SOC report available that informs your evaluation? (Wentz QOTD)
A. SOC 1
B. SOC 2 Type 1
C. SOC 2 Type 2
D. SOC 3

Which of the following is the most critical element of mandatory access control? (Wentz QOTD)
A. Acceptable use policy (AUP)
B. Competencies
C. Background check
D. Bell-LaPadula (BLP) model

As a software developer using C-like programming languages, you received a credential in JSON format, {username: “cissp_aspirant@wonderworld.com”, password: “P@$$w0rd”}, from a client and invoked the function, int authenticate (char username[20], char password[10]), to validate the identity. Which of the following is most likely to compromise your code? (Wentz QOTD)
A. SQL Injection
B. Heap overflow
C. Stack overrun
D. Address space layout randomization (ASLR)

You are implementing networks per the Zero Trust principles. Which of the following authentication mechanisms will happen earliest? (Wentz QOTD)
A. Authentication based on RESTful API
B. Mutually authentication based on X.509 certificates
C. Single Packet Authorization (SPA) based on HOTP
D. Network access control based on 802.1X

Which of the following is least related to the discretionary access model (DAC)? (Wentz QOTD)
A. Need-to-know
B. Take-grant protection model
C. An object’s access control list
D. A subject’s security clearance

Your organization classifies data into four classes: confidentiality, private, sensitivity, and public. Which of the following is the primary concern behind the classification scheme? (Wentz QOTD)
A. Disclosure
B. Alternation
C. Destruction
D. Disruption

Exchanging information between systems begins with a planning phase in which the participating organizations perform preliminary activities and examine the relevant technical, security, and administrative issues. Which of the following should be conducted first? (Wentz QOTD)
A. Conduct security assessments
B. Conduct risk assessments
C. Define the business case
D. Document the memoranda of understanding/agreement (MOU/A).

Your organization is a cloud service provider and intends to assure security to customers. which of the following entities conduct security assessments based on public security standards and provide the highest level of assurance? (Wentz QOTD)
A. The audit function within an organization
B. Certification Bodies (CB) accredited by an International Accreditation Forum (IAF) member or Accreditation Body (AB)
C. Certified Public Accountants (CPA) designated by the American Institute of Certified Public Accountants (AICPA)
D. Big or first-class customers