The Authorizations to Operate (ATO) for information systems is granted after controls assessment and system authorization as a formal decision for the management to accept the residual risk. To support continuous authorization, which of the following tasks should be implemented first? (Wentz QOTD)
A. Automation for enforcement of policies and controls
B. Continuous integration and delivery
C. Continuous monitoring approach for the applicable security controls
D. Automated ways of performing security assessments

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

You are developing an intelligent agent as software to identify phishing emails. To develop, select, and optimize the model, a data set containing thousands of emails, either normal or phishing, is used for training, validation, and testing. Which of the following types of learning best describes the process? (Wentz QOTD)
A. Supervised learning
B. Unsupervised learning
C. Reinforcement learning
D. Machine learning

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

You are going to apply scoping considerations and tailor security controls based on a baseline. Which of the following should be done first? (Wentz QOTD)
A. Add controls based on risk assessment
B. Determine asset value
C. Assign asset owners
D. Identify asset inventory

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Which of the following best describes the purpose of security controls in terms of ISO 31000? (Wentz QOTD)
A. To lower the likelihood or possibility of risk
B. To reduce the adverse impact of threats
C. To modify the effect of uncertainty on objectives
D. To mitigate the threats

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Key exchange is an inherent problem of symmetric ciphers. Which of the following is commonly considered the best solution in TLS nowadays? (Wentz QOTD)
A. DH
B. RSA
C. ECDH
D. ECDHE

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

In the cipher block chaining (CBC) mode of operation, the plaintext of the first block is XORed with the initialization vector (IV) and serves as the input of a block cipher. Which of the following best describes the purpose of the binary operation of plaintext and IV? (Wentz QOTD)
A. Confusion
B. Diffusion
C. Permutation
D. Substitution

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Which of the following cryptographic algorithms is considered quantum-resistant? (Wentz QOTD)
A. RSA
B. ECC
C. AES
D. ECDH

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Security Content Automation Protocol (SCAP) is “a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans.” Which of the following is a member of SCAP component specifications? (Wentz QOTD)
A. Key risk indicator (KRI)
B. Non-compliant items
C. Management review
D. Common Vulnerability Scoring System (CVSS)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

System security requirements are those system requirements that have security relevance. Which of the following is not a typical type of security requirement in system security engineering? (Wentz QOTD)
A. Security functional requirement
B. Security nonfunctional requirement.
C. Security control requirement
D. Security assurance requirement

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.