CISSP PRACTICE QUESTIONS – 20210509

Effective CISSP Questions

After suffering from an attack of ransomware, the board of directors is concerned with the effectiveness of security function. If the CEO’s time is tied up, which of the following is the best reporting line of the information security head to enforce security? (Wentz QOTD)
A. Report to the CEO to get full commitment and support
B. Report to the CIO to take advantages of cutting edge technologies
C. Report to the COO to fully integrate security into business processes
D. Report to the CAE (chief audit executive) to eradicate uncompliant findings

Continue reading

Wentz QOTD Notice of Originality

Wentz QOTD

“All information security professionals who are certified by (ISC)² recognize that such certification is a privilege that must be both earned and maintained.”
Source: (ISC)² Code Of Ethics

I’m honored to be part of the CISSP community. Integrity and reputation matter a lot to me. As a CISSP, I’ve been actively contributing to the community, helping others, and strictly following the rules and compliance requirements. However, (ISC)² sent me a notice of infringement on April 28, 2021. I took immediate actions to clarify the situation and prove the originality of my CISSP practice questions (aka Wentz QOTD) upon receiving the notice.

The Assistant General Counsel, Alex H. Rosenfeld, Esq., replied to me on May 7, 2021, which states, “I have confirmed with our team that your questions are original, and you may disregard the notice that was sent.” I’m grateful for the efficient response and confirmation from (ISC)² and will continue to develop Wentz QOTD.

I sincerely appreciate firm supports from my students of WUSON CISSP classes, members of the Effective CISSP group, and the community. You guys have been motivating and inspiring me to move forward!

Special thanks go to the (ISC)² board director, Aloysius Cheang, for his facilitation of my case and deep support for the Taipei Chapter in Taiwan.

Special thanks go to the Lead trainer at ThorTeaches, Thor Pedersen, for his warm guidance on how to address this issue adequately.

Special thanks go to professors and members of the Certification Station on Discord for your attention and support for my case.

Best regards,
Wentz Wu

CISSP-ISSMP,ISSEP,ISSAP/CCSP/CSSLP
CISM/CISA/CRISC/CGEIT/ISO 27001/27701 LA
PMP/ACP/PBA/RMP/SCRUM:PSM I/PSPO I/PSD
CEH/ECSA/MCSD/MCSE/MCDBA

Continue reading

CISSP PRACTICE QUESTIONS – 20210507

Effective CISSP Questions

Your organization instructs employees to work from home to mitigate the impact of the pandemic of COVID-19. However, some jobs require third-party contractors to work on site. To avoid cluster infection, every contracted individual must report potential contact with confirmed cases whenever possible. Which of the following is the best document that provides the procedure? (Wentz QOTD)
A. Service level agreement
B. Business continuity plan
C. Incident management plan
D. Security awareness and training plan

Continue reading

CISSP PRACTICE QUESTIONS – 20210506

Effective CISSP Questions

Your company has a limited budget for information security, resulting in low salaries and a lack of quality security products. As the information security manager, which of the following is the best strategy to earn the management buy-in and increase the budget? (Wentz QOTD)
A. Lay off security staff with poor performance to cut costs
B. Implement the balanced scorecard to measure and present performance
C. Share threat intelligence frequently with executives to increase the sense of risk
D. Prepare incident management reports to demonstrate how much loss is reduced

Continue reading

CISSP考試心得 – 蔡明軒 (Albert Tsai)

蔡明軒 (Albert Tsai), 暫時通過CISSP考試, CCNA
蔡明軒 (Albert Tsai), 暫時通過CISSP考試, CCNA

要把資安做好,有時候是反直覺反人性的,而我們正是為了協助組織克服這些弱點並且創造價值的專家
~ 蔡明軒 (Albert Tsai), 暫時通過CISSP考試, CCNA

Continue reading

CISSP PRACTICE QUESTIONS – 20210505

Effective CISSP Questions

A software development team of your company is tasked to develop the E-Commerce website. Which of the following is the best time to conduct threat modeling? (Wentz QOTD)
A. When the software has been tested
B. When the solution has been proposed
C. When the integrated product team (IPT) is established
D. When software requirements have been verified and validated

Continue reading

CISSP PRACTICE QUESTIONS – 20210504

Effective CISSP Questions

You are evaluating solutions that can mitigate the threat of lateral movement. Which of the following least aligns with the principles of Zero Trust? (Wentz QOTD)
A. Place critical servers in the DMZ for isolation
B. Implement EAP-TLS for mutual authentication
C. Enforce 802.1X for network access control
D. Enable mirroring ports on switch hubs for sniffing

Continue reading

CISSP PRACTICE QUESTIONS – 20210503

Effective CISSP Questions

Employees complained about the inconvenience of the biometric-based physical access control system for delaying their entrance to the office too long, even though you had optimized the sensitivity of the biometric system. Which of the following is the most feasible solution? (Wentz QOTD)
A. Revise the information security policy.
B. Update the information security strategy.
C. Raise the clipping level or equal error rate (EER).
D. Replace a new biometric system with a lower crossover error rate (CER).

Continue reading