CISSP PRACTICE QUESTIONS – 20210507

Your organization instructs employees to work from home to mitigate the impact of the pandemic of COVID-19. However, some jobs require third-party contractors to work on site. To avoid cluster infection, every contracted individual must report potential contact with confirmed cases whenever possible. Which of the following is the best document that provides the procedure? (Wentz QOTD)
A. Service level agreement
B. Business continuity plan
C. Incident management plan
D. Security awareness and training plan

Continue reading

CISSP PRACTICE QUESTIONS – 20210506

Your company has a limited budget for information security, resulting in low salaries and a lack of quality security products. As the information security manager, which of the following is the best strategy to earn the management buy-in and increase the budget? (Wentz QOTD)
A. Lay off security staff with poor performance to cut costs
B. Implement the balanced scorecard to measure and present performance
C. Share threat intelligence frequently with executives to increase the sense of risk
D. Prepare incident management reports to demonstrate how much loss is reduced

Continue reading

CISSP PRACTICE QUESTIONS – 20210505

A software development team of your company is tasked to develop the E-Commerce website. Which of the following is the best time to conduct threat modeling? (Wentz QOTD)
A. When the software has been tested
B. When the solution has been proposed
C. When the integrated product team (IPT) is established
D. When software requirements have been verified and validated

Continue reading

CISSP PRACTICE QUESTIONS – 20210504

You are evaluating solutions that can mitigate the threat of lateral movement. Which of the following least aligns with the principles of Zero Trust? (Wentz QOTD)
A. Place critical servers in the DMZ for isolation
B. Implement EAP-TLS for mutual authentication
C. Enforce 802.1X for network access control
D. Enable mirroring ports on switch hubs for sniffing

Continue reading

CISSP PRACTICE QUESTIONS – 20210503

Employees complained about the inconvenience of the biometric-based physical access control system for delaying their entrance to the office too long, even though you had optimized the sensitivity of the biometric system. Which of the following is the most feasible solution? (Wentz QOTD)
A. Revise the information security policy.
B. Update the information security strategy.
C. Raise the clipping level or equal error rate (EER).
D. Replace a new biometric system with a lower crossover error rate (CER).

Continue reading

CISSP PRACTICE QUESTIONS – 20210502

A batch of computers will be retired and sold to employees. Which of the following is the best sanitization method to avoid data remanence on hard drives? (Wentz QOTD)
A. Conduct low-level format using the command-line interface (CLI).
B. Disintegrate the hard drives.
C. Reset the system to factory settings.
D. Use the sanitize command in the ATA or SCSI standards to overwrite internal media.

Continue reading

CISSP PRACTICE QUESTIONS – 20210501

You are planning for business continuity management and accept the general assumption that risk is never reduced to zero. Which of the following statements is incorrect? (Wentz QOTD)
A. The risk refers to total risk exposure
B. The contingency reserve is a common strategy to mitigate identified risks
C. There always exists unidentified risk or black swan events
D. The outbreak of the pandemic belongs to unknown unknowns

Continue reading

CISSP PRACTICE QUESTIONS – 20210428

You are a developer of the Agile team that develops the customer relationship management system for your company. Which of the following is least likely for you to do? (Wentz QOTD)
A. Configure the database connection setting
B. Write unit tests before the production code are done
C. Interact with customers directly for software requirements
D. Respond to customer’s bug report directly to restore service level in time

Continue reading