Your organization plans to provision private cloud services based on a type I hypervisor. After evaluation, a virtualization solution provider is selected. Your organization is proceeding to sign a contract with the provider. Which of the following is least critical in the process? (Wentz QOTD)
A. Specify service level and security requirements
B. Exercise audit rights to ensure the supplier meets security requirements
C. Consider indemnity, the governing law, and jurisdiction
D. Define procedures to validate the supplier’s deliverables

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Zero Trust architecture emphasizes imposing access control dynamically or just in time. Which of the following is least related to the concept of just in time? (Wentz QOTD)
A. Require using the “sudo” utility for privileged activities
B. Lockdown administrative ports on the firewall and open them only after authentication
C. Provision identities and permissions when users visit service providers for the first time
D. Facilitate authentication so that users can sign on once and access resources across systems

Your company implemented a biometric system that matches fingerprints against the model database to control access to the computer room. A Type I error occurs when an IT engineer is authorized to enter the computer room by the management but rejected by the system. Which of the following is the best null hypothesis to determine Type I error? (Wentz QOTD)
A. The subject is either an employee or an imposter
B. The false rejection rate is higher than the false acceptance rate
C. The sample fingerprint matches the template in the model repository
D. The sample fingerprint doesn’t match the template in the model repository

A software development team is conducting threat modeling. Which of the following is the best instrument used to evaluate the risk exposure of identified threats? (Wentz QOTD)
A. CMMI
B. SAMM
C. STRIDE
D. DREAD

You generated a key pair and created a certificate signing request to apply for a certificate to support HTTPS on your web server. Which of the following is least likely to appear in the certificate signing request? (Wentz QOTD)
A. Your public key
B. A digital signature signed by your private key
C. Subject name in the format of X.500
D. A timestamp by the registry authority

The user interface of your program froze whenever communicating with a remote server. The poor responsiveness affects user satisfaction. Which of the following is the best feature you should implement to solve this problem? (Wentz QOTD)
A. Multiprogramming
B. Multitasking
C. Multithreading
D. Multiprocessing

Your company implemented a biometric system that matches fingerprints against the model database to control access to the computer room. An IT engineer is authorized to enter the computer room by the management but rejected by the system. Which of the following best describes the error? (Wentz QOTD)
A. False negative
B. False positive
C. Type I error
D. Type II error

Which of the following software testing techniques is most commonly conducted by developers or programmers? (Wentz QOTD)
A. Synthetic transactions
B. Fuzzing
C. Continuous integration
D. Unit testing

You are learning about risk management. Which of the following provides the most general concept of risk and applies to the most comprehensive contexts? (Wentz QOTD)
A. NIST Generic Risk Model
B. NIST Risk Management Framework
C. ISO 31000
D. ISO 27005