Your company is a cloud service provider. Which of the following provides the highest security assurance to customers? (Wentz QOTD)
A. SOC 2 attestation
B. ISO 27001 certification
C. Security Self-Assessment
D. STAR attestation or certification
Fuzz testing is an automated software testing technique that employs a fuzzer to generate test data as inputs to software under test randomly. Which of the following is correct? (Wentz QOTD)
A. Fuzzing test using a smart fuzzer is white-box testing.
B. A smart fuzzer aware of input structure primarily mutates meaningful test data.
C. A generation-based fuzzer relies on modifying existing test data randomly.
D. A dumb fuzzer doesn’t rely on detecting input structure to generate test data.
There exist many perspectives of Zero Trust. Which of the following is correct? (Wentz QOTD)
A. Zero Trust adoption uses the big bang strategy.
B. Zero Trust networks may coexist with legacy networks isolated by firewalls.
C. Zero Trust prevents lateral movement through the castle-and-moat architecture.
D. Zero Trust, aka perimeterless security, doesn’t define any forms of the perimeter.
Which of the following is not one of the common assessment methods used in a risk-based audit? (Wentz QOTD)
A. Examining
B. Interviewing
C. Testing
D. Delphi method
After suffering from an attack of ransomware, the board of directors is concerned with the effectiveness of security function. If the CEO’s time is tied up, which of the following is the best reporting line of the information security head to enforce security? (Wentz QOTD)
A. Report to the CEO to get full commitment and support
B. Report to the CIO to take advantages of cutting edge technologies
C. Report to the COO to fully integrate security into business processes
D. Report to the CAE (chief audit executive) to eradicate uncompliant findings
An asset owner is authorizing user access to resources. Which of the following is the most crucial element that determines the scope of a user’s privileges? (Wentz QOTD)
A. Job description
B. Access control matrix
C. Acceptable use policy (AUP)
D. Information security strategy
Your organization instructs employees to work from home to mitigate the impact of the pandemic of COVID-19. However, some jobs require third-party contractors to work on site. To avoid cluster infection, every contracted individual must report potential contact with confirmed cases whenever possible. Which of the following is the best document that provides the procedure? (Wentz QOTD)
A. Service level agreement
B. Business continuity plan
C. Incident management plan
D. Security awareness and training plan
Your company has a limited budget for information security, resulting in low salaries and a lack of quality security products. As the information security manager, which of the following is the best strategy to earn the management buy-in and increase the budget? (Wentz QOTD)
A. Lay off security staff with poor performance to cut costs
B. Implement the balanced scorecard to measure and present performance
C. Share threat intelligence frequently with executives to increase the sense of risk
D. Prepare incident management reports to demonstrate how much loss is reduced
A software development team of your company is tasked to develop the E-Commerce website. Which of the following is the best time to conduct threat modeling? (Wentz QOTD)
A. When the software has been tested
B. When the solution has been proposed
C. When the integrated product team (IPT) is established
D. When software requirements have been verified and validated
You are evaluating solutions that can mitigate the threat of lateral movement. Which of the following least aligns with the principles of Zero Trust? (Wentz QOTD)
A. Place critical servers in the DMZ for isolation
B. Implement EAP-TLS for mutual authentication
C. Enforce 802.1X for network access control
D. Enable mirroring ports on switch hubs for sniffing
