Effective CISSP Questions

You bought a new mobile phone and tried to transfer contents from the old one using the transfer utility provided by the manufacturer. It transfers the contents via WIFI peer to peer without an access point. Which of the following is most likely used for wireless identification?
A. Automatic Private IP Addressing (APIPA)
B. Private IP addresses defined in RFC 1918
C. Media Access Control (MAC) Address
D. Manufacturing series number

Continue reading


Effective CISSP Questions

Your company, based in Taiwan and accredited with ISO 27001, sells toys online and ships globally. After conducting penetration testing, as part of the risk assessment, your company finished implementing honeypots solutions as security controls to deter and detect intruders. As a security professional, which of the following upcoming activities will you suggest your company do first?
A. Conduct risk assessment
B. Research applicable laws and regulations
C. Implement consent banners and harden the honeypots to avoid entrapment
D. Create policies that define and clarify the goal of the honeypot system

Continue reading


Effective CISSP Questions

Your company decides to sell toys online and ships globally. An in-house team is responsible for developing the online shopping website, while an external software vendor will subcontract some modules. The management is concerned about the vendor’s software development capability. If the modules are outsourced as a project, which of the following vendor selection criteria best addresses the management’s concern?
A. Projects are well-organized, executed, and repeatedly delivering results
B. Projects are managed proactively based on customizable organization-wide approaches
C. Projects are led by experienced, well-trained, and certified project managers.
D. Projects are awarded to a vendor with strong customer references and word of mouth

Continue reading

Recovery, Restoration, and Salvage Team


A disaster recovery team may be assigned to implement and maintain operations at the recovery site, and a salvage team is assigned to restore the primary site to operational capacity. Make these allocations according to the needs of your organization and the types of disasters you face.

Note: Recovery and restoration are separate concepts. In this context, recovery involves bringing business operations and processes back to a working state. Restoration involves bringing a business facility and environment back to a workable state.

Source: ISC2 CISSP Official Study Guide


The restoration team should be responsible for getting the alternate site into a working and functioning environment, and the salvage team should be responsible for starting the recovery of the original site.

Source: CISSP All-in-One Exam Guide


Recovery Team

Recovery Team is a group of individuals with defined roles and responsibilities and is responsible for maintaining the recovery procedures and coordinating the recovery and resumption of business functions, processes or systems.

Restoration Team

The Restoration Team has the responsibility to return the damaged primary site to its normal condition.

Note: The team members are usually separate from the recovery team as they are not involved with the same issues the typical recovery team. The team has the mandate to safely clean, repair, salvage, and determine the viability of the primary site once the disaster has ended.

Salvage Team

The Salvage Team is to perform an assessment to determine the appropriate actions to be taken on the impacted assets.

Note: The team members are usually separate from the recovery team as they are not involved with the same issues the typical recovery team.

Source: BCMPedia

Reconstitution Team

In some cases, an organization may have a separate team whose sole responsibility is to return the primary site back to operational status. This team usually is referred to as the Reconstitution Team. While operations is ongoing at the alternate site, the Reconstitution Team works at the primary site cleaning up, repairing equipment, and preparing everything to return to normal operations so that a clean cutover back to the original site can be made.

Source: FISMA Compliance Handbook: Second Edition


Recovery is executing information system contingency plan activities to restore organizational missions/business functions. Reconstitution takes place following recovery and includes activities for returning organizational information systems to fully operational states.

Recovery and reconstitution operations reflect mission and business priorities, recovery point/time and reconstitution objectives, and established organizational metrics consistent with contingency plan requirements.

Source: NIST SP 800-53 R4


Effective CISSP Questions

You are designing a remote access solution to support sales representatives equipped with laptops, tablets, and smartphones as road warriors.  Mobility, confidentiality, and integrity are your design objectives. Which of the following IPSec VPN solutions best meets your requirements?
A. IPSec Tunnel mode and AH protocol
B. IPSec Tunnel mode and ESP protocol
C. IPSec Transport mode and AH protocol
D. IPSec Transport mode and ESP protocol

Continue reading