Security Content Automation Protocol (SCAP) is “a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans.” Which of the following is a member of SCAP component specifications? (Wentz QOTD)
A. Key risk indicator (KRI)
B. Non-compliant items
C. Management review
D. Common Vulnerability Scoring System (CVSS)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

System security requirements are those system requirements that have security relevance. Which of the following is not a typical type of security requirement in system security engineering? (Wentz QOTD)
A. Security functional requirement
B. Security nonfunctional requirement.
C. Security control requirement
D. Security assurance requirement

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Which of the following statements about identity management (IdM) is correct? (Wentz QOTD)
A. An identity is a single attribute used to identify an entity uniquely.
B. Accounts persisted in a directory are technical means representing entities.
C. X.500 is derived from the Lightweight Directory Access Protocol (LDAP).
D. Biometrics is more secure than passphrase in a single-factor authentication system.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Policies, standards, procedures, and guidelines are prominent governance elements. For example, NIST Special Publications 800-53 series are guidelines aligned with the Federal Information Processing Standards 200 (FIPS 200). Which family of the following security requirements is specified in FIPS 200? (Wentz QOTD)
A. Program Management
B. PII Processing and Transparency
C. Supply Chain Risk Management
D. Planning

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Your company plans to purchase a computer system that shall provide trustworthy security functionality. Which of the following is the best standard to be considered? (Wentz QOTD)
A. ISO/IEC 15408
B. TCSEC
C. FIPS 140
D. PCI DSS

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Your company sells toys online through a large-scale web-based E-commerce system that supports HTTPS only. Which of the following is the most suitable framework or standard to protect the system? (Wentz QOTD)
A. ISO 27701
B. COBIT
C. NIST Risk Management Framework
D. CMMI

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Your company sells toys online through a large-scale web-based E-commerce system that supports HTTPS only. Which of the following is the best mechanism to authenticate users? (Wentz QOTD)
A. RADIUS
B. Kerberos
C. RESTful services
D. HTTP Basic authentication

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

A legacy web server in your company is suffering from a denial of service attack from a malicious source. Which of the following attacks is least likely initiated by the attacker? (Wentz QOTD)
A. Teardrop Attack
B. Smurf Attack
C. LAND (Local Area Network Denial) Attack
D. Ping of Death Attack

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

A legacy web server in your company is suffering from a denial of service attack from a malicious source. Which of the following techniques is least likely used by the attacker? (Wentz QOTD)
A. Overlapping IP fragments
B. Spoofing the source IP address
C. Crafting ICMP Packet
D. Sending malformed or oversized packets

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

You are conducting a risk-based internal audit for your company. Which of the following is the most critical factor determining the audit’s effectiveness? (Wentz QOTD)
A. Audit criteria
B. Security controls
C. Business objectives
D. Security control frameworks.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.