Effective CISSP Questions

Your organization consumed cloud services provisioned by a well-known cloud service provider. Which of the following security principles best applies to the decision? (Wentz QOTD)
A. Zero Trust
B. Trust but verify
C. Separation of duties
D. Never trust, always verify

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Trust but verify.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Zero Trust as Access Control 2.0
Zero Trust as Access Control 2.0

Zero Trust abandons the physical network perimeter (no inherent trust because of network locations) and applies complete mediation. That said, never trust, always verify. Separation of duties is a principle considered and followed when designing a job position.

When evaluating cloud services and providers, we often cannot exercise audit rights but rely on assurance (e.g., SOC, ISO 27001, CSA STAR, etc.) rendered by third-party auditors. In other words, we trust cloud service providers to some extent and verify cloud security through third-party auditors.


您的組織使用了知名雲服務提供商提供的雲服務。 以下哪項安全原則最適用於決策? (Wentz QOTD)
A. 零信任
B. 信任但驗證
C. 職責分離
D. 從不信任,始終驗證

Leave a Reply