The range of SPI is 256 to 16383. The default is 0. I am afraid SPI itself is not sufficient to uniquely identify a SA. That’s why a SA is uniquely identified by the three items:
It’s similar to the concept of a composite key in the relational database.
Thank you, Chaudhary, to supplement the details:
The incident response (IR) team in your company submitted an urgent human resource request for a security analyst. The job description of a security analyst requires at least five years of work experience and the CISSP certificate. Nawwar is an experienced network engineer with ten years of experience and the CISSP certificate. The head of the IR team proposed to hire Nawwar as soon as possible. As a security professional, which of the following suggestion will you make to the Human Resources department first?
A. Make a contingent offer of employment
B. Ask for drug testing
C. Hire a professional organization to do a criminal background check
D. Conduct a reference check
As information security is a business issue and not only protects information and information systems but also supports business and organizational objectives, enterprise architecture is a means for security professionals to understand the organizational structure and processes.
The Zachman Framework, created by John Zachman in the 1980s, then working for IBM, is NOT a methodology for constructing an enterprise architecture but a tool for describing the enterprise.
Source: Wikipedia
The Open Group Architecture Framework (TOGAF), developed starting in 1995 by The Open Group, is a framework for enterprise architecture. It provides a set of tools for developing a broad range of different architectures, e.g. business, applications, data, and technical architecture.
Source: Wikipedia
The incident response (IR) team in your company submitted an urgent human resource request for a security analyst. The job description of a security analyst requires at least five years of work experience and the CISSP certificate. Nawwar is an experienced network engineer with ten years of experience and the Cisco Certified Network Professional certificate. The head of the IR team proposed to hire Nawwar as soon as possible. As a security professional, which of the following suggestion will you make to the Human Resources department?
A. Reject. Nawwar is incompetent.
B. Reject. The demand for the security analyst is not so urgent.
C. Accept. The IR team can conduct cross-training.
D. Accept. It’s a regular practice of job rotation.
I would define a domain as a collection of entities. A domain model is a structural representation of entities and the relationship among them to describe a problem or solution.
An entity is anything in real life that has a unique identity to distinguish from one another. It comprises a set of attributes to describe its characteristics and operations to achieve one or more stated purposes.
Common relationships between entities are containment, aggregation, inheritance, implementation, and use or invocation.
Pls don’t dive into the technical details too much. CISSP is a management test with a solid conceptual understanding of technical stuff. Just focus on:
- what is a buffer, and overflow?
- what is a heap, and stack?
- watch or experience how attackers inject the machine code into the input values.
Your company decides to start the business of selling toys online and shipping globally. A team in-house is in charge of developing an E-Commerce system that supports the new business. The testing team was conducting dynamic application security testing (DAST) and activated the Calculator app, one of the Windows accessories, on one of the web servers through an input field in an HTML form. This test demonstrated a successful attempt of intrusion. Which of the following is least feasible to prevent the attack?
A. Apply limit of the input length.
B. Enable Data Execution Prevention (DEP)
C. Enable Address Space Layout Randomization (ASLR)
D. Conduct Time-of-check to time-of-use (TOC/TOU) check
Your company decides to start the business of selling toys online and shipping globally. A team in-house is in charge of developing an E-Commerce system that supports the new business. The project team is evaluating secure information system development processes to follow. Which of the following is least applicable to the system engineering for this project?
A. System Security Engineering Capability Maturity Model (SSE-CMM).
B. INCOSE Systems Engineering Handbook
C. NIST SP 800-160 (Systems Security Engineering)
D. ISO/IEC/IEEE 15288 (Systems and software engineering — System life cycle processes)
Your company decides to start the business of selling toys online and shipping globally. A team in-house is in charge of developing an E-Commerce system that supports the new business. SSL/TLS protects communication between browsers and web server farms. The performance tester observed that the CPU utilization of web servers kept as high as 100%, and some connections will time out. However, the webserver farms work fine under HTTP connections. Moreover, the web servers are I/O bound in nature; they mostly accept file requests and dispatch transactions to the application server clusters. Which of the following is most feasible to address the time-out and improve availability?
A. Increase the bandwidth, e.g., from T1 to T3.
B. Add more RAM/memory to improve system performance
C. Implement hardware security modules to offload processing
D. Upgrade to faster CPUs on each web server to speed up the processing
