An online store employs a relational database. The store owner is concerned about data integrity. Which of the following best enforces referential integrity? (Wentz QOTD)
A. Lipner Model
B. Elliptic Curve Digital Signature Algorithm (ECDSA)
C. Hash-based message authentication code (HMAC)
D. Clark-Wilson Model

A keystream is a sequence of random or pseudorandom data elements, e.g., bits, that are combined with a plaintext message to produce the ciphertext. Which of the following doesn’t use a keystream? (Wentz QOTD)
A. One-time pad
B. RC4 in Wired Equivalent Privacy (WEP)
C. DES-CTR (Counter mode)
D. AES-CBC (Cipher Block Chaining mode)

As a lead auditor, you lead an audit team to conduct a security audit. Which of the following is the least ideal audience to whom you functionally report? (Wentz QOTD)
A. Chief executive officer (CEO)
B. Chief audit executive (CAE)
C. Audit committee
D. Board of directors

You are conducting a security assessment. Which of the following is not an assessment object? (Wentz QOTD)
A. Specifications
B. Mechanisms
C. Activities
D. Depth and coverage

You are conducting an account management review. Which of the following is not a good practice? (Wentz QOTD)
A. Select all accounts for review
B. Assess the list of carefully selected accounts by system administrators
C. Verify former employees’ accounts
D. Review the paper trail or records for specific accounts

Which of the following is the primary target or fundamental unit that the NIST Risk Management Framework protects? (Wentz QOTD)
A. Common controls
B. Personal data and privacy
C. The information system in question
D. Data processed by the information system

According to The American Bar Association, to begin preparing for trial, both sides engage in discovery, a formal process of exchanging information between the parties about the witnesses and evidence they will present at trial. Which of the following is not a common type of discovery device? (Wentz QOTD)
A. Deposition
B. Interrogatories
C. Information governance
D. Request for production of documents

Which of the following firewalls tracks the state of connections and blocks packets that deviate from the expected state based on a state table? (Wentz QOTD)
A. SOCKS proxies
B. TCP Wrappers
C. Application firewalls
D. Circuit-level gateways

According to GDPR, which of the following statements about personal data is correct? (Wentz QOTD)
A. Controller can be a joint party of the natural or legal person or public authority
B. Processor can be a joint party of the natural or legal person or public authority
C. Profiling is not limited to automated processing of personal data
D. Processing may include collection, storage, alteration, retrieval except for consultation

Which of the following refers to the CMMI level where processes are planned, documented, performed, monitored, and controlled at the project level and often reactive? (Wentz QOTD)
A. Initial
B. Repeatable
C. Managed
D. Defined