About Wentz Wu

Wentz is a co-founder of Amicliens, a company from Taiwan delivering business solutions. He enjoys applying IT technologies to solve business problems and has been working in the IT industry for over 20 years.

CISSP PRACTICE QUESTIONS – 20200810

Effective CISSP Questions

Your company initiates a business continuity program to support the continuous delivery of products and services. You’re in charge of the reliability and availability of the power system, including UPS and the power generator. Which of the following is the least concern for you? (Source: Wentz QOTD)
A. The default failure mode configuration
B. The mean time to repair (MTTR)
C. The mean time to failure (MTTF)
D. Service level agreement (SLA)

Continue reading

CISSP PRACTICE QUESTIONS – 20200809

Effective CISSP Questions

You are implementing a mantrap to control the access to a highly regulated lab for the research of the COVID-19 vaccine to prevent piggybacking and tailgating. It uses two-pass authentication: an ID card for the external door and facial recognition for the other. Which of the following should be the concern at priority and addressed first? (Source: Wentz QOTD)
A. Refer to the product manual for the mean time to failure (MTTF)
B. Refer to the product manual for the default failure mode configuration
C. Refer to the product manual for low false rejection rate (FRR) configuration
D. Refer to the product manual for low false acceptance rate (FAR) configuration

Continue reading

Effective CISSP Facebook Group

IMAG3392

Effective CISSP is a Facebook group hosted by Wentz Wu on the CISSP exam and cybersecurity stuff to help CISSP aspirants succeed and advance the profession.

Wentz’s blog provides more details:

  1. CISSP Starter Page: https://wentzwu.com/cissp
  2. Wentz QOTD: https://wentzwu.com/qotd
  3. About Wentz: https://wentzwu.com/about

Please exercise your due diligence to read and consent to the group rules. Requests to join this group will be accepted if and only if you agree to the group rules.

Thank you for your attention and welcome to join the Effective CISSP!

 

Best regards,
Wentz Wu, CISSP,CISM,CEH,PMP,CBAP,MCSD

CISSP-ISSMP,ISSEP,ISSAP/CCSP/CSSLP
CGEIT/CISM/CRISC/CISA
CEH/ECSA/AWS-CSAA/MCSD/MCSE/MCDBA
CBAP/PMP/ACP/PBA/RMP
SCRUM:PSM I/PSPO I/PSD
Training:ISO 27001 LA/ISO 27552 LA

CISSP PRACTICE QUESTIONS – 20200808

Effective CISSP Questions

You are conducting user acceptance testing against the fingerprint-based physical access control to the computer room. System administrators and engineers report that they are often blocked outside the door. Which of the following is the most feasible solution to solve this problem? (Source: Wentz QOTD)
A. Lower the error rate of the CER
B. Lower the slope of the FRR curve to reduce Type I error
C. Lower the slope of the FAR curve to reduce Type II error
D. Ask the vendor to replace the fingerprint reader with a new one having lower EER

Continue reading

CISSP PRACTICE QUESTIONS – 20200807

Effective CISSP Questions

You are developing an in-house application with an authentication requirement that user passwords shall not be transmitted on the network. Which of the following is the best solution for clients to authenticate to the server? (Source: Wentz QOTD)
A. Clients encrypt credentials using the server’s public key.
B. The server sends a nonce encrypted by the client’s public key.
C. Clients negotiate a dynamic key with the server through Diffie-Hellman.
D. The server sends a TGT encrypted by its secret key after receiving the client’s ID.

Continue reading

Strategy, Policy, Objective, and Risk

CIA as Security Objectives V2

The following question discussed in Discord is short and seems simple, but it deserves more thinking. So, I wrote this post to share my perspectives.

Determining which element of the confidentiality, integrity and availability (CIA) triad is MOST important is a necessary task when:
A. assessing overall system risk.
B. developing a controls policy.
C. determining treatment options.
D. developing a classification scheme.

Source: Discord/Certification Station

Continue reading

CISSP PRACTICE QUESTIONS – 20200806

Effective CISSP Questions

Your company implemented Federated Identity Management (FIM) based on SAML to support Single Sign-On (SSO). Which of the following is not true? (Source: Wentz QOTD)
A. A user may have an identity in each domain and multiple identities across domains.
B. A federated identity is a pseudonym shared between domains to hide a user’s identity.
C. A relying party authorizes access requests based on assertions expressed in XACML.
D. SSO relies on the service provider’s (SP) trust in the Identity Provider (IdP).

Continue reading

CISSP PRACTICE QUESTIONS – 20200805

Effective CISSP Questions

In the Kerberos network authentication system, a client initiates authentication requests to the authentication service (AS) to obtain authentication credentials for a given server. Which of the following is not true? (Source: Wentz QOTD)
A. The AS is subject to the chosen-ciphertext attack.
B. The client sends its own identity to the AS in cleartext when logging in.
C. The AS doesn’t know whether the client sends a genuine identity or not.
D. The client doesn’t send its password or secret key to the AS when logging in.

Continue reading