You are conducting threat modeling based on the Microsoft approach. Which of the following stages will you apply the categorized threat list, STRIDE? (Wentz QOTD)
A. Identify threats
B. Document & validate
C. Diagram application architecture
D. Identify, prioritize & implement controls

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Which of the following best assures the origin of network packets? (Wentz QOTD)
A. Kerberos
B. Diffie-Hellman
C. Galois/Counter Mode (GCM)
D. CCMP

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

You are implementing the enterprise network based on Zero Trust principles. Which of the following best supports security requirements for authentication? (Wentz QOTD)
A. VXLAN
B. DMZ
C. EAP-TLS
D. XACML

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

According to RFC 5280, CA certificates may be further divided into three classes: cross-certificates, self-issued certificates, and self-signed certificates. Which of the following certificate classes is used to convey a public key for use to begin certification paths? (Wentz QOTD)
A. Certificates in which the issuer and subject are different entities.
B. Certificates in which the issuer and subject are the same entity.
C. Certificates where the digital signature may be verified by the public key bound into the certificate.
D. Certificates that are issued to subjects not authorized to issue certificates.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

According to RFC 5280, which of the following is not a basic certificate field specified in the X.509 v3 certificate? (Wentz QOTD)
A. Validity
B. Signature
C. Subject Key Identifier
D. Subject Public Key Info

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Which of the following programming statements belongs to the highest programming language generation? (Wentz QOTD)
A. System.out.println(“Hello, World!”);
B. SELECT N’hello world’
C. printf(“hello world”);
D. MOV AX, [0500]

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Which of the following is not a key risk indicator? (Wentz QOTD)
A. Mean time to repair (MTTR)
B. Mean time between failure (MTBF)
C. Average resolution time of resolved incidents
D. Percentage of devices not covered by monitoring solutions

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Which of the following factors least affects the determination of the recovery time objective? (Wentz QOTD)
A. Backup verification
B. Asset inventory level
C. Business requirements
D. Types of alternative sites

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

You evaluate cloud computing solutions provisioned by well-known top cloud service providers and review the customer agreement. Which of the following clauses or terms is least expected? (Wentz QOTD)
A. Acceptable use
B. Indemnification
C. Second-party audit rights
D. Intellectual property license

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

According to Bruce Schneier, which of the following attacks is primarily applicable to public-key algorithms? (Wentz QOTD)
A. Ciphertext-only attack
B. Known-plaintext attack
C. Chosen-plaintext attack
D. Chosen-ciphertext attack

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.