CISSP PRACTICE QUESTIONS – 20200126

Effective CISSP Questions

You learned from the news that the World Health Organization (WHO) is closely monitoring a novel deadly coronavirus under spreading. As a CISO, which of the following will you do first?
A. Implement emergent update for latest antivirus signatures
B. Conduct the exercise of the Occupant Emergency Plan (OEP)
C. Enable the incident response plan and security incident response team
D. Review and test the business continuity plan (BCP)
Continue reading

CISSP PRACTICE QUESTIONS – 20200125

Effective CISSP Questions

As a CISSP working for a direct bank based in Taiwan that relies entirely on internet banking, you are participating in a development meeting for threat modeling the customer relationship management (CRM) system, a web application. A member identifies an attack vector that malicious users might manipulate query parameters in the URL resulting in a server buffer overflow. Which of the following should be conducted first?
A. Replace the static array as the buffer with a dynamic one
B. Refer to OWASP Top 10 for suggested solutions
C. Evaluate how easy for a malicious user to make it
D. Authenticate every user input
Continue reading

CISSP PRACTICE QUESTIONS – 20200123

Effective CISSP Questions

As a CISSP working for a direct bank based in Taiwan that relies entirely on internet banking, you are collaborating with the software development team of the customer relationship management (CRM) system to address security concerns. Which of the following approaches or standards will you least likely to employ?
A. Security function
B. XP (eXtreme Programming)
C. ISO 15288
D. The Sherwood Applied Business Security Architecture (SABSA)
Continue reading

Enterprise Architecture Frameworks

Enterprise Architecture Frameworks

Enterprise architecture is a structural expression of an enterprise from various perspectives, such as:

  • Business: products and services
  • Structure: organizational units and people
  • Processes: value chains and information and material flow
  • Technologies: infrastructure, systems, and data

As a result, enterprise architecture helps in 1) realizing an organization and its operations, 2) communicating needs and requirements, and 3) designing and developing systems.

An enterprise architecture framework provides principles and practices for creating and using the architecture description of an enterprise.

Zachman (1987), TOGAF (1995), and the Federal Enterprise Architecture Framework (1999) are well-known enterprise architecture frameworks.

References

 

CISSP PRACTICE QUESTIONS – 20200122

Effective CISSP Questions

As a CISO working for a direct bank based in Taiwan that relies entirely on internet banking, you are collaborating with the Human Resources (HR) department to improve personnel security. Which of the following will you suggest to review first?
A. Role-based access control mechanisms
B. Background investigation procedures
C. Implementation of separation of duties
D. Effectiveness and correctness of job descriptions
Continue reading