Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The development team is evaluating the secure transmission solution between browsers and the webserver to protect data in motion. Which of the following the best strategy?
A. Security through obscurity
B. Web of trust
C. Chain of trust
D. Shared key encryption
Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The development team is planning for a DevOps solution. It conducts a nightly build for integration testing. If it completes successfully, other automated tests continue. If everything goes well, the software solution will be deployed to the production system automatically. As the COO with reliability and availability at priority, which of the following best addresses your concern?
A. Deploy after conducting more testing to ensure software quality
B. Ask for manual deployment by the operation team to enforce separation of duty
C. Require the deployment be conducted after approval
D. Upgrade to cutting edge DevOps product to avoid vulnerabilities
Execution is about leading people to complete tasks under budget and within the schedule to produce quality output while keeping stakeholders informed and supportive. Collecting performance data, preparing performance information, and communicating performance report is crucial.
Baseline
The task output will be verified internally for the correctness and validated externally for effectiveness. Scope baseline, cost baseline, schedule baseline, and performance measurement baseline may be subject to change due to corrective actions or continuous improvement resulting from performance review or problem-solving process.
Change Management
Baselines are anything of importance that requires signoff or approval to control changes against them. Change management is the process of protecting baselines from creeping.
Configuration Management
Configuration Management is one form of change management that controls the changes to the configuration baseline. A configuration item can be any entity or attribute of IT assets.
Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The solution architect chooses to implement a RAID storage system composed of high-capacity and high-speed Solid State Disks (SSD). The development team is developing a security plan for the system. Given security is a priority concern, which of the following is the best to deal with issues of data remanence when retiring disks or the storage system?
A. Degaussing
B. Low-level formatting
C. Multiple passes of overwriting
D. Cryptographic Erase
Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The development of some software modules will be outsourced to external software vendors. The computer systems, operating systems, and other standard hardware and essential software will be procured as well. Which of the following is least related to the procurement of this project?
A. Common Criteria
B. Vendor’s reputation
C. Zachman Enterprise Framework
D. The Capability Maturity Model Integration (CMMI)
Agile is hot, but there are many misconceptions about it. Frequent delivery of working software or values is one of its core concepts. Delivery means hand over working software to customers to create values.
Development progress or prototypes are not working software; they create no values because they don’t operate in the production environment.
From the perspective of scrum.org, there’s no project manager but a product owner. They call the daily event as Daily Scrum instead of a daily standup meeting.
Periodic review, demonstration, and daily meeting (standup or being sat) are general management practices. They are not specific to Agile or Scrum.
The Waterfall Model delivers at the end of the project. Customers may review a pile of user requirement specification (URS) documents after the requirement analysis; documented designs as the solution in documents as well. In each phase, customers get nothing real until the end of the project.
The Spiral Model is an improvement of the Waterfall Model. It delivers at the end of the project but demonstrates prototypes or work products to customers after each iteration, which can be treated as a small waterfall.
Practice Question: CISSP PRACTICE QUESTIONS – 20191030
Wentz’s Risk Model incorporates the Peacock Model, the Onion Model, the Ring Model, and the Concept of Neutral Risk.
The Concept of Neutral Risk, based on the risk definition of ISO 31000, introduces the business mindset of seizing opportunities and avoiding threats to highlight that information security is not only a business enabler but also a business driver.
The Peacock Model is a notion of information systems that extends the definition defined by 44 U.S.C, Sec 3502. The Onion Model denotes the concept of layered defense or defense in depth.
The Ring Model is derived from the NIST Generic Risk Model to specify risk in the context of information security.
Asset valuation is challenging because of the diversity of stakeholders and assets. Tangible or intangible assets can be evaluated based on the following approach:
Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The COO, who doesn’t like surprises, sponsors this initiative, and the reliability of the production system is the priority. He asked for periodic review and demonstration of development progress or prototypes and thought the daily standup meeting is favorable. The project team is evaluating the development approach. Which of the following is the best?
A. Waterfall Model
B. Agile
C. Spiral Model
D. SCRUM
