CISSP PRACTICE QUESTIONS – 20200706

Effective CISSP Questions

An offboarding sales representative downloaded customer profiles owned by the head of the sales department from the file server onto a USB dongle on the day he left and sold it online. This data breach occurred because of the miscommunication between the HR and IT departments. The HR department didn’t notify the IT department to disable the user accounts and revoke the privileges of the unhappy employee in time. Which of the following best contributes to the solution that can prevent the data breach?
A. LDAP
B. XACML
C. SAML
D. SPML

Continue reading

CISSP PRACTICE QUESTIONS – 20200705

Effective CISSP Questions

You have been just officially endorsed as a CISSP and got promoted as the CISO. To meet legal and regulatory requirements, you issued a policy to direct and sponsor the data governance program. Which of the following should be conducted first?
A. Classify data
B. Scope and tailer security controls
C. Take inventory
D. Develop an information security strategy

Continue reading

CISSP PRACTICE QUESTIONS – 20200704

Effective CISSP Questions

A bank is evaluating two models of one-time password tokens for multi-factor authentication. Both models have a button, an LCD, volatile memory, and a battery, but no keypad. Model A uses a non-replaceable battery, while the battery of Model B must be replaced in three minutes if the low battery. Which of the following token types is most likely implemented by Model B?
A. Static password token
B. Synchronous dynamic password token
C. Asynchronous password token
D. Challenge-response token

Continue reading

CISSP PRACTICE QUESTIONS – 20200703

Effective CISSP Questions

A bank is evaluating two models of one-time password tokens for multi-factor authentication. Both models have a button, an LCD, volatile memory, and a battery, but no keypad. Model A uses a non-replaceable battery, while the battery of Model B must be replaced in three minutes if the low battery. Which of the following token types is most likely implemented by Model A?
A. Static password token
B. Synchronous dynamic password token
C. Asynchronous password token
D. Challenge-response token

Continue reading

A Book that Saves Your Time and Money!

20200626-Get Your Copy Right Now

If you come from the technical battlefield and on your journey to CISSP, you should start with my book, The Effective CISSP: Security and Risk Management.

It is an unconventional tutorial and reference to:

  1. Core concepts of information security management
  2. Business continuity
  3. Risk management.

If you are confused or get lost in studying CISSP, buy my book right now to boost your study to save your time and money!

Wentz’s PICS for CISSP

Buy my book right now to receive Wentz’s free PICS session to guide you through critical concepts in person for 80 minutes.

 

Security Modes in CISSP D3

Security Modes

 


A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

CISSP PRACTICE QUESTIONS – 20200702

Effective CISSP Questions

TEMPEST (Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions) is about spying on information systems through leaking electromagnetic emanations, sounds, and mechanical vibrations and how to shield equipment against such spying. Which of the following is the most effective countermeasure against the concern of TEMPEST?
A. Captive portal
B. Awareness training
C. Air-gapped network
D. Wire-meshed space

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading

CISSP PRACTICE QUESTIONS – 20200630

Effective CISSP Questions

Your company decides to subscribe to SaaS from a well-known cloud service provider. As a security professional, you are tasked to prepare for a security plan. Which of the following should you do first?
A. Determine data types processed by the SaaS cloud services.
B. Categorize the system based on its impact level
C. Scope and tailor security controls
D. Identify stakeholders

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading