Questions of the Day – 20190815

CISSP Practice Questions

  1. You are the CISO of your company. You have implemented an incident response program to handle security incidents. The on-premise ERP system gets in trouble and becomes unresponsive. The availability of the ERP system has been harmed. To which of the following should the ERP users report this incident?
    A. Service Desk
    B. Network Administrator
    C. Chief Information Officer (CIO)
    D. Computer Security Incident Response Team (CSIRT)
  2. You are the CISO of your company. You have implemented an incident response program to handle security incidents. Your online e-commerce web site is suffering distributed denial-of-service (DDoS) attack. The incident response team received a report from users that the e-commerce web site is offline and unreachable. What should the incident response team do first?
    A. Collect and preserve evidence
    B. Report to the senior management
    C. Document and prioritize the incident
    D. Contain, Eradicate, and Recover

Continue reading

How Good is Good Enough to Pass The CISSP Exam?


It’s common for CISSP aspirants to prepare the CISSP exam with the well-known study guides, either the official study guide from Sybex or the All-In-One CISSP Exam Guide from McGraw-Hill.

Some CISSP aspirants may study one or more of the study guides from cover to cover but still failed in the exam. It is because some topics are addressed inconsistently across those study guides and it’s not enough to prepare for this exam just by the book.

CISSP aspirants have to follow the study guides, solve the conflicting perspectives among the books or authors, and develop your own perspectives and justify them based on your study, research, and experience.

To pass the CISSP exam, you have to develop your capability to the second level – 破(Ha). Joining discussion groups and doing more quality practice questions help a lot.

My Facebook group, CISSP Made Easy, is founded to help you succeed in the CISSP exam for free. Join CISSP Made Easy to share and learn like a CISSP right now!

Join CISSP Made Easy!

Get Started Your CISSP Journey

  1. You decided to start your CISSP journey.
    What does it mean by CISSP?
    A. Certification of Information Systems Security Professional
    B. Certificate of Information Security Specialist Profession
    C. Certified Information Security Specialist Professional
    D. Certified Information Systems Security Professional
  2. You need the official CISSP information.
    Which web site should you visit?
  3. You are planning for your CISSP study and need to determine the scope.
    Which of the following determines the scope of the CISSP exam?
    A. The ISC2 Official Study Guide from Sybex
    B. The CISSP All-In-One (AIO) Study Guide from McGraw-Hill
    C. The NIST Special Publication 800 Series
    D. The ISC2 CISSP Exam Outline
  4. You are starting to prepare for the CISSP exam.
    Which of the following is a CISSP starter page?
  5. You are trying to frame your information security concepts.
    Which model from Wentz Wu can be used as a reference conceptual model?
    A. The Amicliens InfoSec Conceptual Model as a mind map
    B. The ISO OSI 7-Layer Reference Model
    C. Porter’s Five Forces Analysis
    D. The PMI’s PMBOK

Join CISSP Made Easy!

Business Continuity Management

Business Continuity Management

Business Continuity Management is defined as a:
Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. (International Glossary for Resiliency)


Means, End, and Purpose

CISSP Practice Questions

What is the primary purpose of Change Management?

  • What is or how do you define Change Management?
    What is the context or scope when we are talking about Change Management? The general business setting, project management, or the given context of information security?
    How and why do you evaluate the change request? Is it the CCB, Change Control Board?
  • What is the “primary purpose”?
    Can you prepare a list of reasons to conduct Change Management, prioritize or sort them, and identify the first or top reason?

This is an interesting question for us to think about. The following is the definition of common words or terminologies we used in daily life:

  • The “end” is a goal or desired result.
  • The “means” is a method; an action or system by which a result is achieved.
  • The “purpose” is the reason for which something is done or created or for which something exists. It answers why.

A goal (end) is justified by explaining the reasons (purpose) and achieved by taking actions (means). Reasons are driven by values while actions are directed by the strategy.

What is Primary?

I would define “primary” as the first or top item of the prioritized or sorted list. The secondary follows immediately the primary. The items in the list are prioritized or sorted by certain criteria.

I also treat “main” as a synonym of “primary”.

What is Change Management Anyway?


What is Strategic Planning?


What is Management?


Taiwan as an Independent State

We don’t have to declare independence because Taiwan has been an independent country with a unique identity since the first Taiwan presidential election in 1996.
What we need is a legitimate name to distinguish Taiwan from the PRC, while the current legacy, ROC, is a burden for Taiwan.

The status quo is about or must be defined as “peace”, not the sovereignty status of Taiwan, and it must be maintained by both the parties across the Taiwan Strait and enforced by third-parties.

I believe we all treasure the universal values of human rights, democracy, freedom, and the choice at our own discretion of lifestyle. What we should do now is being aware of our shared values and destiny, being proud of our identity as a Taiwanese, getting united as a whole, connecting to the world, and being ambitious and optimistic to travel in China with the Taiwan passport someday.

Human nature is the truth of the universe. The ruling of the Communist Party of China (CPC) is against it and won’t last for long.

Response to: