
~ 陳昌鎰 (Anderson), CISSP, PMP
The Authorizations to Operate (ATO) for information systems is granted after controls assessment and system authorization as a formal decision for the management to accept the residual risk. To support continuous authorization, which of the following tasks should be implemented first? (Wentz QOTD)
A. Automation for enforcement of policies and controls
B. Continuous integration and delivery
C. Continuous monitoring approach for the applicable security controls
D. Automated ways of performing security assessments
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
Continue readingYou are developing an intelligent agent as software to identify phishing emails. To develop, select, and optimize the model, a data set containing thousands of emails, either normal or phishing, is used for training, validation, and testing. Which of the following types of learning best describes the process? (Wentz QOTD)
A. Supervised learning
B. Unsupervised learning
C. Reinforcement learning
D. Machine learning
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
Continue readingYou are going to apply scoping considerations and tailor security controls based on a baseline. Which of the following should be done first? (Wentz QOTD)
A. Add controls based on risk assessment
B. Determine asset value
C. Assign asset owners
D. Identify asset inventory
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
Continue readingWhich of the following best describes the purpose of security controls in terms of ISO 31000? (Wentz QOTD)
A. To lower the likelihood or possibility of risk
B. To reduce the adverse impact of threats
C. To modify the effect of uncertainty on objectives
D. To mitigate the threats
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
Continue readingKey exchange is an inherent problem of symmetric ciphers. Which of the following is commonly considered the best solution in TLS nowadays? (Wentz QOTD)
A. DH
B. RSA
C. ECDH
D. ECDHE
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
Continue readingIn the cipher block chaining (CBC) mode of operation, the plaintext of the first block is XORed with the initialization vector (IV) and serves as the input of a block cipher. Which of the following best describes the purpose of the binary operation of plaintext and IV? (Wentz QOTD)
A. Confusion
B. Diffusion
C. Permutation
D. Substitution
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
Continue readingWhich of the following cryptographic algorithms is considered quantum-resistant? (Wentz QOTD)
A. RSA
B. ECC
C. AES
D. ECDH
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
Continue readingSecurity Content Automation Protocol (SCAP) is “a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans.” Which of the following is a member of SCAP component specifications? (Wentz QOTD)
A. Key risk indicator (KRI)
B. Non-compliant items
C. Management review
D. Common Vulnerability Scoring System (CVSS)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
Continue readingSystem security requirements are those system requirements that have security relevance. Which of the following is not a typical type of security requirement in system security engineering? (Wentz QOTD)
A. Security functional requirement
B. Security nonfunctional requirement.
C. Security control requirement
D. Security assurance requirement
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
Continue reading