CISSP PRACTICE QUESTIONS – 20210729

Effective CISSP Questions

Your organization plans to provision private cloud services based on a type I hypervisor. After evaluation, a virtualization solution provider is selected. Your organization is proceeding to sign a contract with the provider. Which of the following is least critical in the process? (Wentz QOTD)
A. Specify service level and security requirements
B. Exercise audit rights to ensure the supplier meets security requirements
C. Consider indemnity, the governing law, and jurisdiction
D. Define procedures to validate the supplier’s deliverables

Continue reading

Hypothesis Testing and Binary Classification Errors

Null and Alternative Hypotheses (Source: PrepNuggets)

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Continue reading

CISSP PRACTICE QUESTIONS – 20210728

Effective CISSP Questions

Zero Trust architecture emphasizes imposing access control dynamically or just in time. Which of the following is least related to the concept of just in time? (Wentz QOTD)
A. Require using the “sudo” utility for privileged activities
B. Lockdown administrative ports on the firewall and open them only after authentication
C. Provision identities and permissions when users visit service providers for the first time
D. Facilitate authentication so that users can sign on once and access resources across systems

Continue reading

CISSP PRACTICE QUESTIONS – 20210727

Effective CISSP Questions

Your company implemented a biometric system that matches fingerprints against the model database to control access to the computer room. A Type I error occurs when an IT engineer is authorized to enter the computer room by the management but rejected by the system. Which of the following is the best null hypothesis to determine Type I error? (Wentz QOTD)
A. The subject is either an employee or an imposter
B. The false rejection rate is higher than the false acceptance rate
C. The sample fingerprint matches the template in the model repository
D. The sample fingerprint doesn’t match the template in the model repository

Continue reading

CISSP PRACTICE QUESTIONS – 20210725

Effective CISSP Questions

You generated a key pair and created a certificate signing request to apply for a certificate to support HTTPS on your web server. Which of the following is least likely to appear in the certificate signing request? (Wentz QOTD)
A. Your public key
B. A digital signature signed by your private key
C. Subject name in the format of X.500
D. A timestamp by the registry authority

Continue reading

CISSP PRACTICE QUESTIONS – 20210723

Effective CISSP Questions

Your company implemented a biometric system that matches fingerprints against the model database to control access to the computer room. An IT engineer is authorized to enter the computer room by the management but rejected by the system. Which of the following best describes the error? (Wentz QOTD)
A. False negative
B. False positive
C. Type I error
D. Type II error

Continue reading