CISSP PRACTICE QUESTIONS – 20230324

Effective CISSP Questions

The Authorizations to Operate (ATO) for information systems is granted after controls assessment and system authorization as a formal decision for the management to accept the residual risk. To support continuous authorization, which of the following tasks should be implemented first? (Wentz QOTD)
A. Automation for enforcement of policies and controls
B. Continuous integration and delivery
C. Continuous monitoring approach for the applicable security controls
D. Automated ways of performing security assessments

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20230323

Effective CISSP Questions

You are developing an intelligent agent as software to identify phishing emails. To develop, select, and optimize the model, a data set containing thousands of emails, either normal or phishing, is used for training, validation, and testing. Which of the following types of learning best describes the process? (Wentz QOTD)
A. Supervised learning
B. Unsupervised learning
C. Reinforcement learning
D. Machine learning

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20230322

Effective CISSP Questions

You are going to apply scoping considerations and tailor security controls based on a baseline. Which of the following should be done first? (Wentz QOTD)
A. Add controls based on risk assessment
B. Determine asset value
C. Assign asset owners
D. Identify asset inventory

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20230321

Effective CISSP Questions

Which of the following best describes the purpose of security controls in terms of ISO 31000? (Wentz QOTD)
A. To lower the likelihood or possibility of risk
B. To reduce the adverse impact of threats
C. To modify the effect of uncertainty on objectives
D. To mitigate the threats

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20230320

Effective CISSP Questions

Key exchange is an inherent problem of symmetric ciphers. Which of the following is commonly considered the best solution in TLS nowadays? (Wentz QOTD)
A. DH
B. RSA
C. ECDH
D. ECDHE

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20230319

Effective CISSP Questions

In the cipher block chaining (CBC) mode of operation, the plaintext of the first block is XORed with the initialization vector (IV) and serves as the input of a block cipher. Which of the following best describes the purpose of the binary operation of plaintext and IV? (Wentz QOTD)
A. Confusion
B. Diffusion
C. Permutation
D. Substitution

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20230317

Effective CISSP Questions

Security Content Automation Protocol (SCAP) is “a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans.” Which of the following is a member of SCAP component specifications? (Wentz QOTD)
A. Key risk indicator (KRI)
B. Non-compliant items
C. Management review
D. Common Vulnerability Scoring System (CVSS)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20230316

Effective CISSP Questions

System security requirements are those system requirements that have security relevance. Which of the following is not a typical type of security requirement in system security engineering? (Wentz QOTD)
A. Security functional requirement
B. Security nonfunctional requirement.
C. Security control requirement
D. Security assurance requirement

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading