CISSP PRACTICE QUESTIONS – 20200626

Effective CISSP Questions

You are the head of the research and development department in charge of web conferencing products. The development team develops the product using an object-oriented language. Which of the following object-oriented principles or features relies on interfaces to decouple dependencies and exchange messages and achieve loose coupling?
A. Inheritance
B. Middleware
C. Polymorphism
D. Application Programming Interface (API)

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading

CISSP PRACTICE QUESTIONS – 20200625

Effective CISSP Questions

Your company develops web conferencing products. You are the head of the research and development department. You plan to provide end-to-end protection over user sessions based on the symmetric cipher. An open design, work factor of cryptanalysis, and user acceptance are major evaluation criteria. Which of the following is the least appropriate cipher?
A. Rijndael
B. Skipjack
C. RSA RC6
D. Serpent

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading

CISSP PRACTICE QUESTIONS – 20200624

Effective CISSP Questions

You are the CISO at Wonderland county government. The incident response team reports to you that unknown ransomware has successfully attacked the county’s file servers and encrypted production data. As a CISO, which of the following do you think the IR team should conduct next?
A. Identify the root cause and remediate the problem
B. Prioritize the incident
C. Isolate infected machines
D. Validate if the incident is true

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading

CISSP PRACTICE QUESTIONS – 20200623

Effective CISSP Questions

Your company is awarded a contract to develop a customized firewall product for a well-known brand security company. As a security professional, you are a member of the integrated product team. After a workshop collecting and elicitating protection needs from the customer and stakeholders, you finished specifying security functional and assurance requirements. Which of the following activities conducted by the quality assurance team ensures the product compliant with the specifications?
A. Certification
B. Accreditation
C. Verification
D. Validation

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading

MAC Security Issues

Inference: Derivation of new information from known information. The inference problem refers to the fact that the derived information may be classified at a level for which the user is not cleared. The inference problem is that of users deducing unauthorized information from the legitimate information they acquire.

Aggregation: The result of assembling or combining distinct units of data when handling sensitive information. Aggregation of data at one sensitivity level may result in the total data being designated at a higher sensitivity level.

Polyinstantiation: Polyinstantiation allows a relation to contain multiple rows with the same primary key; the multiple instances are distinguished by their security levels.

Referential integrity: A database has referential integrity if all foreign keys reference existing primary keys.

Entity integrity: A tuple in a relation cannot have a null value for any of the primary key attributes.

Granularity: The degree to which access to objects can be restricted. Granularity can be applied to both the actions allowable on objects, as well as to the users allowed to perform those actions on the object.

Source: NIST SP 800-8 (obsoleted)

CISSP PRACTICE QUESTIONS – 20200622

Effective CISSP Questions

Your company develops security products. You are the head of the firewall product line and decide to develop a new firewall model. Formal methods will be used for specification, verification, and other aspects of product development. Which of the following is not a formal method?
A. Fagan inspection
B. Delphi method
C. Lattice-based access control
D. Finite-state machine

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading

CISSP PRACTICE QUESTIONS – 20200621

Effective CISSP Questions

Your company develops security products. You are the head of the firewall product line and decide to develop a new firewall model based on formal designs. Which of the following best supports the design for the product?
A. Use a prescribed system development life cycle (SDLC) compliant with standards
B. Follow the design principle of encapsulation and modulization and best practices
C. Employ a state machine and ensure secure transit between states
D. Gain certification from third-party evaluation for assurance

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading