CISSP PRACTICE QUESTIONS – 20210308

Effective CISSP Questions

Which of the following best describes a chronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security-relevant transaction from inception to the final result?
A. Audit trail
B. Accountability
C. User and Entity Behavior Analytics
D. Security information and event management (SIEM)

Continue reading

CISSP PRACTICE QUESTIONS – 20210307

Effective CISSP Questions

Your company implemented a couple of private branch exchanges (PBXs) connected through ISDN trunks for voice communication. As a system architect, you are designing a SIP-based system that incorporates VoIP and web conferencing and provides end-to-end encryption. To prevent cooperating entities from exfiltrating data, which of the following infra system flaws should be verified and mitigated?
A. D channel
B. Side channel
C. Covert channel
D. Out-of-band overt channel

Continue reading

CISSP PRACTICE QUESTIONS – 20210306

Effective CISSP Questions

You are conducting penetration testing against a website supported by a relational database by creating an identity equation as a login input to manipulate and bypass the authentication procedure. Which of the following tactics, techniques, and procedures (TTP) you most likely used?
A. Polyinstantiation
B. Reflected cross-site scripting
C. Data manipulation language
D. Noise and perturbation data

Continue reading

CISSP PRACTICE QUESTIONS – 20210305

Effective CISSP Questions

You are learning about IPv6 addressing. Which of the following is not correct?
A. There are no broadcast addresses in IPv6.
B. IPv6 nodes boot with the default address (::0) and use multicast to contact the DHCP server.
C. An anycast must not be used as the source address and can be assigned only to a router.
D. A link-local address is automatically configured using the prefix FE80::/10 and the modified EUI-64 format.

Continue reading

OWASP SAMM

What is OWASP SAMM?

The following is a summary from the OWASP SAMM:

  • SAMM stands for Software Assurance Maturity Model.
  • Our mission is to provide an effective and measurable way for all types of organizations to analyze and improve their software security posture.
  • We want to raise awareness and educate organizations on how to design, develop, and deploy secure software through our self-assessment model.
  • SAMM supports the complete software lifecycle and is technology and process agnostic.
  • We built SAMM to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations.
Continue reading

CISSP PRACTICE QUESTIONS – 20210303

Effective CISSP Questions

Your organization initiated a project to develop an E-Commerce web system. As a security professional, you have to research, implement and manage engineering processes using secure design principles. Which of the following is the first principle you are most likely to employ in terms of the SDLC?
A. Trust but verify
B. Threat modeling
C. Privacy by design
D. Shared responsibility

Continue reading

CISSP PRACTICE QUESTIONS – 20210301

Effective CISSP Questions

You have provisionally passed the CISSP exam and started the online endorsement application to earn the certification (as a privilege) and obtain your credential. To commit to fully supporting the (ISC)² Code of Ethics, you are exercising due diligence and reviewing the code online. Which of the following is not an ethics canon that you might violate?
A. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
B. Act honorably, honestly, justly, responsibly, and legally.
C. Provide diligent and competent service to principles.
D. Advance and protect the profession.

Continue reading