CISSP PRACTICE QUESTIONS – 20211022

Effective CISSP Questions

Your organization is a well-known software development organization aiming to improve development processes and deliver quality software. Which of the following is the best instrument to benchmark how well your organization performs against other organizations in terms of security? (Wentz QOTD)
A. Capability Maturity Model Integration (CMMI)
B. Cybersecurity Maturity Model Certification (CMMC)
C. Building Security In Maturity Model (BSIMM)
D. Software Assurance Maturity Model (SAMM)

Continue reading

CISSP PRACTICE QUESTIONS – 20211018

Effective CISSP Questions

Which of the following statements about NFV, SDN, SDP, and Zero Trust is not true? (Wentz QOTD)
A. Network Function Virtualization (NFV) typically uses proprietary servers to run network services for performance.
B. Software-defined networking (SDN) decouples the network control and forwarding functions that communicate through application programming interfaces (APIs).
C. Software Defined Perimeters (SDP) leverages existing technologies, such as VPN, SDN, micro-segmentation, etc. to enforce security.
D. Zero Trust concepts can be implemented using SDP.

Continue reading

CISSP PRACTICE QUESTIONS – 20211017

Effective CISSP Questions

Which of the following processes help ensure the organization’s capability to acquire and supply products or services through the initiation, support, and control of projects and provide resources and infrastructure necessary to support projects? (Wentz QOTD)
A. Agreement processes
B. Organizational project-enabling processes
C. Technical management processes
D. Technical processes

Continue reading

CISSP PRACTICE QUESTIONS – 20211016

Effective CISSP Questions

Attribute-Based Access Control (ABAC) is a logical access control model that is distinguishable because it controls access to objects by evaluating rules against the attributes of the entity’s actions relevant to a request. Which of the following is not a source of attributes used in ABAC? (Wentz QOTD)
A. Security kernel
B. Environment
C. The active party of the request
D. The resource accessed by the subject

Continue reading

CISSP PRACTICE QUESTIONS – 20211015

Effective CISSP Questions

After risk assessment, your company plans to equip laptops used by sales representatives with FIPS 140-2 Level 3 compliant self-encrypting drives as a countermeasure to protect around 10% of confidential data stored on hard drives. You are analyzing the residual risk using a quantitative approach in another iteration of risk assessment after the risk treatment. Which of the following is the primary and direct factor subject to change due to the risk treatment? (Wentz QOTD)
A. Asset value
B. Exposure factor
C. Annual loss expectancy
D. Annualized rate of occurrence

Continue reading