CISSP PRACTICE QUESTIONS – 20210603

Effective CISSP Questions

Microservices are an architectural style that divides a monolithic application into a set of loosely coupled small services with well-defined interfaces and operations. The trend has grown popular in recent years as organizations look to become more Agile and move toward cloud services. Which of the following statements about microservices is correct? (Wentz QOTD)
A. Applications based on microservices have a smaller attack surface than the monolithic.
B. Firewalls are the primary control deployed to expose and throttle microservices.
C. Microservices keep HTTP connections alive to conduct complete mediation.
D. Microservices are typically deployed to immutable workloads to support elasticity.

Continue reading

CISSP PRACTICE QUESTIONS – 20210602

Your company sells toys online through a large-scale web-based E-commerce system. To comply with the Payment Card Industry Data Security Standard (PCI DSS), you decide to rotate secret keys on a regular schedule. Which of the following is the primary purpose? (Wentz QOTD)
A. Increase the number of round keys of the key schedule.
B. Increase the entropy of the random number generator and work factor.
C. Decrease the probability of the loss of confidentiality.
D. Decrease the impact of the secret key being cracked.

Continue reading

CISSP PRACTICE QUESTIONS – 20210601

Your company sells toys online through a large-scale web-based E-commerce system. You are applying for an X.509 certificate to support secure transmission. Which of the following is most feasible? (Wentz QOTD)
A. Submit a PKCS #10 file containing the key pair to the registration authority.
B. Install the issued certificate on the load balancer instead of the web servers.
C. Download a validated X.509 certificate in a .pfx file from the validation authority.
D. Authenticate to the certification authority for the approval of the certificate signing request.

Continue reading

CISSP PRACTICE QUESTIONS – 20210531

Which of the following is an incorrect statement about cryptographic functions? (Wentz QOTD)
A. Collision makes a one-way function vulnerable and reversible.
B. The confusion property of a cipher reduces occurrences of key clustering.
C. A key schedule is an algorithm calculating round keys from the key in a product cipher.
D. Manually rotating a key typically occurs when the key is subject to being compromised.

Continue reading

CISSP PRACTICE QUESTIONS – 20210529

As an end-user of the ERP system developed in-house, you accidentally came across a system error when typing some combination of data; the system then recovered and redirected you to a new page with an unexpected privilege escalation, a system vulnerability nobody knows before. Which of the following is the best instrument for you to handle this situation? (Wentz QOTD)
A. Acceptable use policy
B. Incident report procedure
C. Responsible disclosure policy
D. Vulnerability classification standard

Continue reading

CISSP PRACTICE QUESTIONS – 20210526

You work for a nationwide telecommunications company subject to GDPR. Customers often exercise their right to data portability to request their subscriptions to be transferred from one telco to another. Which of the following is the best measure to support the transfer request? (Wentz QOTD)
A. Build lock-in mechanisms
B. Implement an opt-in regime
C. Enforce the acceptable use policy
D. Standardize data representation through XML

Continue reading

CISSP PRACTICE QUESTIONS – 20210525

When it comes to data protection or privacy, where processing personal data is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. Which of the following is the least likely action the controller might take? (Wentz QOTD)
A. Receive consent through an opt-out
B. Implement safeguards against ‘function creep’
C. Exercise the right to withdraw consent anytime
D. Avoid inappropriate influence which could affect the outcome of consent

Continue reading