You are the head of the research and development department in charge of web conferencing products. The development team develops the product using an object-oriented language. Which of the following object-oriented principles or features relies on interfaces to decouple dependencies and exchange messages and achieve loose coupling?
A. Inheritance
B. Middleware
C. Polymorphism
D. Application Programming Interface (API)

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading →

Your company develops web conferencing products. You are the head of the research and development department. You plan to provide end-to-end protection over user sessions based on the symmetric cipher. An open design, work factor of cryptanalysis, and user acceptance are major evaluation criteria. Which of the following is the least appropriate cipher?
A. Rijndael
B. Skipjack
C. RSA RC6
D. Serpent

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading →

You are the CISO at Wonderland county government. The incident response team reports to you that unknown ransomware has successfully attacked the county’s file servers and encrypted production data. As a CISO, which of the following do you think the IR team should conduct next?
A. Identify the root cause and remediate the problem
B. Prioritize the incident
C. Isolate infected machines
D. Validate if the incident is true

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading →

Your company is awarded a contract to develop a customized firewall product for a well-known brand security company. As a security professional, you are a member of the integrated product team. After a workshop collecting and elicitating protection needs from the customer and stakeholders, you finished specifying security functional and assurance requirements. Which of the following activities conducted by the quality assurance team ensures the product compliant with the specifications?
A. Certification
B. Accreditation
C. Verification
D. Validation

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading →

Your company develops security products. You are the head of the firewall product line and decide to develop a new firewall model. Formal methods will be used for specification, verification, and other aspects of product development. Which of the following is not a formal method?
A. Fagan inspection
B. Delphi method
C. Lattice-based access control
D. Finite-state machine

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading →

Your company develops security products. You are the head of the firewall product line and decide to develop a new firewall model based on formal designs. Which of the following best supports the design for the product?
A. Use a prescribed system development life cycle (SDLC) compliant with standards
B. Follow the design principle of encapsulation and modulization and best practices
C. Employ a state machine and ensure secure transit between states
D. Gain certification from third-party evaluation for assurance

Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR

Continue reading →