About Wentz Wu

Wentz is a co-founder of Amicliens, a company from Taiwan delivering business solutions. He enjoys applying IT technologies to solve business problems and has been working in the IT industry for over 20 years.

CISSP PRACTICE QUESTIONS – 20200806

Effective CISSP Questions

Your company implemented Federated Identity Management (FIM) based on SAML to support Single Sign-On (SSO). Which of the following is not true? (Source: Wentz QOTD)
A. A user may have an identity in each domain and multiple identities across domains.
B. A federated identity is a pseudonym shared between domains to hide a user’s identity.
C. A relying party authorizes access requests based on assertions expressed in XACML.
D. SSO relies on the service provider’s (SP) trust in the Identity Provider (IdP).

Continue reading

CISSP PRACTICE QUESTIONS – 20200805

Effective CISSP Questions

In the Kerberos network authentication system, a client initiates authentication requests to the authentication service (AS) to obtain authentication credentials for a given server. Which of the following is not true? (Source: Wentz QOTD)
A. The AS is subject to the chosen-ciphertext attack.
B. The client sends its own identity to the AS in cleartext when logging in.
C. The AS doesn’t know whether the client sends a genuine identity or not.
D. The client doesn’t send its password or secret key to the AS when logging in.

Continue reading

CISSP PRACTICE QUESTIONS – 20200804

Effective CISSP Questions

In the Kerberos network authentication system, clients, the KDC, and application servers are the well-known three-headed architectural components. Which of the following best describes the operations of Kerberos? (Source: Wentz QOTD)
A. The KDC manages all the keys and is resistant to denial-of-service attacks.
B. Clients on the network interact with the KDC and servers asynchronously.
C. Realms must be organized hierarchically to support cross-realm authentication.
D. Initial ticket requests from clients are handled by the authentication service (AS).

Continue reading

Digest of AICPA SSAE 18

Service Organization Control (SOC)

AICPA SSAE 18

Statement on Standards for Attestation Engagements 18

In addition to complying with this section, a practitioner is required to comply with section 105, Concepts Common to All Attestation Engagements, and section 205, Examination Engagements.

  • 100 Common Concepts
    • 105 Concepts Common to All Attestation Engagements
  • 200 Level of Service
    • 205 Examination Engagements
    • 210 Review Engagements
    • 215 Agreed-Upon Procedures Engagements
  • 300 Subject Matter
    • 305 Prospective Financial Information
    • 310 Reporting on Pro Forma Financial Information
    • 315 Compliance Attestation
    • 320 Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting
    • 395 [Designated for AT Section 701, Management’s Discussion and Analysis
      (AICPA, Professional Standards)]

Continue reading

CISSP PRACTICE QUESTIONS – 20200802

Effective CISSP Questions

You’re implementing IPsec to protect data in transit. Which of the following is the least feasible through IPsec? (Source: Wentz QOTD)
A. Build a virtual data link over frame relay to connect two remote offices
B. Secure TFTP traffic that updates the firmware of network devices
C. Protect traffic between browsers and the enterprise information portal over LAN
D. Authenticate security gateways that establish the tunnel between two remote offices

Continue reading

CISSP PRACTICE QUESTIONS – 20200801

Effective CISSP Questions

You’re implementing an L2TP/IPsec VPN solution to support remote employees. Which of the following is not true? (Source: Wentz QOTD)
A. AH may not be available in IPsec
B. AH ensures integrity only, but not confidentiality through encryption
C. Implementation of ESP is a mandatory requirement of IPsec
D. ESP ensures both confidentiality and the same level of integrity as AH does

Continue reading

What is Assurance?

International Accreditation Forum

The diagram demonstrates the ISO assurance system in terms of management systems. The following are common management systems:

  • Quality Management System (QMS, ISO 9001)
  • Environmental management systems (EMS, ISO 14001)
  • Food Safety Management System (FSMS, ISO 22001)
  • Business Continuity Management System (BCMS, ISO 22301)
  • Information Security Management System (ISMS, ISO 27001)
  • Occupational health and safety management systems (OHSMS, ISO 45001)

Continue reading