Effective CISSP Questions

A host with an IP address,, sends ICMP control messages of Echo Request to but receives no response because requests timed out. Which of the following is the most likely cause?
A. The destination ignores the requests, or the network is jammed.
B. The default gateway of the host is not properly configured.
C. The routing table of the gateway doesn’t converge.
D. The destination resides in another broadcast domain.

Continue reading


Effective CISSP Questions

Your company sells toys online worldwide. A web-based E-Commerce system developed in-house and deployed to a public cloud supports the business. The EC system accepts credit cards and processes personal data. Which of the following addresses those concerns and provides the best assurance?
B. Risk Assessment
C. Security Assessment
D. Third-party Audit

Continue reading

Financial Viability of Controls


FINANCIAL Viability of Controls

Courtesy of Sven De Preter

This concise document is the courtesy of Sven De Preter (The Strategist of the new study group, Certification Stage) and shared with his permission.

Sven adds a new perspective, CAPEX, OPEX, and TCO, on top of the concept of ALE (Annual Loss Expectancy) introduced in most of the CISSP study guides.

  • CAPEX (Capital Expenditure) as initial costs
  • OPEX (Operational Expenditure) as ongoing costs
  • TCO (Total Cost of Ownership)


Effective CISSP Questions

Your company sells toys online worldwide. A web-based E-Commerce system developed in-house and deployed to a public cloud supports the business. As a security professional, you suggest penetration testing should be conducted. Which of the following is your most concern?
A. The decision of employment of internal or external pentesting team
B. The capability and experience of the pentesting team
C. The procedure that the pentesting team asks for permission to conduct pentesting
D. The escalation path to the senior management if testing takes down the system

Continue reading


Effective CISSP Questions

As a CISO, you issue a policy that mandates every employee shall be aware of social engineering attacks. A supporting standard is then developed that requires everyone shall accept at least three or more hours of awareness training each year. Which of the following activities is the best upcoming activity conducted to enforce the policy?
A. Penetration testing
B. Security assessment
C. Vulnerability assessment
D. Risk assessment

Continue reading

Last Call for Promotion! The Effective CISSP: SRM

Hi everyone,

Last call for the promotion of my book.
It is ticking to the end, Day 3 of 3!

This book is nominally on Domain 1 only. The truth is, it weaves the core management concepts across the CISSP exam!

The Kindle version is now 50% off for US$4.99. 👍🎉
I hope you enjoy it! Please don’t hesitate to comment on my book on Amazon. Thank you for your attention!🙏😀

Amazon Reviews

J. Stapp

Mr Wu is going to help you pass your exam and understand the content!

This book should be part of your study plan for the CISSP. I recommend reading it before you begin with other texts on the subject. Mr. Wu is an expert in the field and is able to explain difficult concepts in a concise and easy to understand way.

Background on me: I hold the CISSP as well as other certifications in IT and management.


Excellent and effective CISSP

Wentz Wu is a very good scholar, the leader has the correct security concept, and maintains a high degree of enthusiasm and optimism. Purchasing Wentz Wu’s book is exactly the right way to get you to the security CISSP

Amazon Customer

Highly recommended for every information security consultant !

Highly recommended for every information security consultant ,especially if you want planing to pass the CISSP exam.
Excellent book that explains in detail all the security concepts.
My rate – 5 of 5 stars.

pascual del rosario

Superb book

There’s no better way to name this book other than “The Effective CISSP”. The author has a great outline of objectives for those looking to obtain the CISSP certification. It is spelled out that the official isc2 book should still be your main resource for studying for this exam. This book highlights all of the main objectives for the exam and really gives you a high level (managerial) way of thinking which is what’s ultimately needed for this exam. Strongly encourage anyone studying to read this book during and right before taking this exam.

jamie garcia

Worth The Wait!

I was so happy to hear Mr. Wu talk about this book he was writing and coming out soon. I waited for months for this book and I knew it would be worth the wait. It definitely is worth it and I’m so glad it’s now available during my CISSP studies!

Mohammad Usman

Excellent write up and highly recommended

The book is an excellent write up by the author. It goes in great detail explaining the core concepts of Risk management processes which is one of challenging domain of CISSP exam. I highly recommend this book if you are weak in this domain.

Brad E.


Ohhhhhhh I wish I had this book when I was preparing for the CISSP exam last year!!! I bought my copy the day after it came out and the book instantly became a cherished favorite of mine!! Wentz knows how to write a well-polished, captivating showpiece. This is not your ordinary book that you read once and then put back on the shelf. This is something that you should treasure and keep as a prized collection!! As somebody who has taken the exam before, I can say that one of the CISSP exam’s MAIN focus is on the roles and responsibilities of risk management. So it’s no wonder why I’m stressing that everybody should get this book!! You will see various security models, straightforward breakdowns of CISSP concepts and vocabulary terms, review questions, well-written references for ISO/NIST standards, and MUCH MUCH MORE!!! Trust me, you will definitely love this book and won’t be disappointed in adding it to your CISSP study materials!! Put this as a priority!!!

P.S.: The image is a photo of The Effective CISSP book that I bought for my Amazon Kindle Fire.

Amazon Reviews, India

Sagar Bansal

Deep Dive Knowledge

I think Wentz has done a marvelous work with this book.

It’s not a CISSP cheatsheet like passing material.

I think this book is for serious people who actually want to study the subject in deep and want to gain expertise.

There are tons of mind maps amd charts in the book which made reading and remembering stuff easier.

In short, Highly Recommended

Basant Kumar Sharma

It’s a good collection on multiple aspects

It’s have good and understandable content,it may help to gain more knowledge on Domain 1 in Cissp, hope may help to gain more knowledge on R&A


Effective CISSP Questions

Your company decides to sell toys online worldwide, which will be supported by a three-tiered web-based E-Commerce system developed in-house. The web servers for the production environment have been implemented but not baselined and approved by the management. After the stress testing, the system engineer proposes that the memory size of the database server should be expanded to 64GB to meet the performance target. If the memory modules needed are available, which of the following should the system engineer do first?
A. Install the memory modules and conduct another run of stress testing
B. Submit a request for configuration change
C. Justify the change to the change control board (CCB)
D. Document security implications in the change request

Continue reading