CISSP PRACTICE QUESTIONS – 20210421

Effective CISSP Questions

Wi-Fi Protected Access (WPA), superseding Wired Equivalent Privacy (WEP) in 2003, WPA2 (2004), and WPA3 (2018) are security certification programs developed by the Wi-Fi Alliance to secure wireless networks. Which of the following is correct? (Wentz QOTD)
A. TKIP is used in WEP to enforce confidentiality.
B. WPA3 employs HMAC to enforce nonrepudiation.
C. WPA uses RC4 as the underlying cipher for confidentiality.
D. WPA2 uses a stream cipher in CCM mode (counter with CBC-MAC).

Continue reading

CISSP PRACTICE QUESTIONS – 20210420

Effective CISSP Questions

Your company hired a security analyst who got on board today. Which of the following should be conducted first per the identity proofing procedure? (Wentz QOTD)
A. Enroll the biometric template in a model database and provision services
B. Uniquely distinguish the individual among a given population or context
C. Establish the linkage between claimed identity and real-life existence of subject
D. Determine the authenticity, validity, and accuracy of identity information and relate it to a real-life subject

Continue reading

CISSP PRACTICE QUESTIONS – 20210418

Effective CISSP Questions

Your company establishes an E-Commerce website that sells toys around the world. All traffic is protected by HTTPS. Which of the following is the most feasible approach for the browser to submit the user’s password to the webserver? (Wentz QOTD)
A. Raw password
B. Hashed password
C. Salted password
D. Digital signature

Continue reading

SEMI Standards Program

Image Credit: TSMC (https://www.tsmc.com)

SEMI Standards Program

The SEMI International Standards Program is one of the key services offered by Semiconductor Equipment and Materials International (SEMI) for the benefit of the worldwide semiconductor, photovoltaic (PV), LED, MEMS and flat panel display (FPD) industries. Standards offer a way to meet the challenges of increasing productivity while enabling business opportunities around the globe. The program, started over 40 years ago in North America, was expanded in 1985 to include programs in Europe and Japan, and now also has technical committees in China, Korea and Taiwan.

SEMI Standards and Smart Manufacturing

While the concept of smart manufacturing is receiving increased attention in recent times, the SEMI Standards Program has for many years been developing the fundamental standards that enable today’s highly adaptive, self-diagnosing, and interoperable fabs. Since the initial publication of the original SEMI Equipment Communication Standard (SECS-I), E4, in the early 1980s, the SEMI Standards Information and Control Committee has continuously responded to the needs of the industry. Major cost reductions and efficiency improvements in factory integration were realized through SECS and GEM (Generic Equipment Model) in the 1990s, as equipment behavior became standardized.

More recently, smaller feature sizes and more restrictive tolerances have intensified the need for greater visibility into the entire manufacturing process. Fab manufacturing information must be collected and evaluated in greater amounts than ever before. The overall health of the equipment, performance, and process monitoring are examples of data collected to improve overall equipment efficiency. Continuous monitoring, on-demand data, data security and a single point of control through a single point of command are all required, with the caveat that equipment performance not be impacted.

Source: SEMI

Equipment Data Acquisition (EDA)

  • EDA Interface A: HTTP/1.1 and SOAP/XML
  • EDA Freeze 3: HTTP/2, gRPC™

Fab and Equipment Information Security

  • SEMI 6506: Specification for Cybersecurity of Fab Equipment.
  • SEMI 6566: Specification for Malware Free Equipment Integration

CISSP PRACTICE QUESTIONS – 20210416

Effective CISSP Questions

Your company is considering a proposal that sells or divests a business unit to a conglomerate for financial purposes. Some impacted employees may resign, while other divested employees are concerned with the new work location. As a security professional involved in the transaction, which of the following should your company conduct first? (Wentz QOTD)
A. Exit interview
B. Deprovisioning
C. Data sanitization
D. Security assessment

Continue reading