CISSP PRACTICE QUESTIONS – 20210122

Effective CISSP Questions

Your company is a well-known online music service provider. Consumers install the proprietary player to download and play songs offline. Each piece downloaded is embedded with the consumer’s artificial identifiers or pseudonym and expiration time. Which of the following is the best approach to protecting the copyrighted works while maintaining high sound quality?
A. Metadata
B. Steganography
C. Digital watermark
D. Pseudonymization

Continue reading

CISSP PRACTICE QUESTIONS – 20210121

Effective CISSP Questions

As the enterprise resource planning (ERP) system owner, you chair a meeting and collaborate with data owners and other stakeholders to determine the scope of security controls. The HR head proposes that an extra token-based authentication factor should be added to protect personal data. After discussion for a while, you ask for a vote on a consensus basis to decide if the multifactor authentication (MFA) should be implemented. Which of the following is the primary reason not requiring a change request to introduce the new control to enhance security?
A. Configuration management is not implemented.
B. The change control board (CCB) is not chartered.
C. The cost/benefit of the proposal has been justified.
D. The selected security controls have not been signed off.

Continue reading

CISSP PRACTICE QUESTIONS – 20210120

Effective CISSP Questions

Your organization implemented a database that allows multiple tuples in a relation sharing the same primary key and distinguished by their security levels. Which of the following is the primary security objective for the implementation?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation

Continue reading

CISSP PRACTICE QUESTIONS – 20210118

Effective CISSP Questions

The in-house development team developed a microservices-based customer relationship management (CRM) system, deployed as a private cloud solution utilizing containerization services. Your company is expected to gain a sustainable competitive advantage because of the novel software architectural design and innovative data analytics. Which of the following is the best intellectual property law to protect your source code?
A. Patent
B. Trade secret
C. Copyright
D. Trademark

Continue reading

CISSP PRACTICE QUESTIONS – 20210117

Effective CISSP Questions

As the customer relationship management (CRM) system owner, you collaborate with data owners and other stakeholders to determine the scope of security controls. Which of the following actions should be taken first?
A. Select controls
B. Categorize the system
C. Assess risk to the system
D. Determine the impact of data

Continue reading

CISSP PRACTICE QUESTIONS – 20210116

Effective CISSP Questions

As the customer relationship management (CRM) system owner, you collaborate with data owners and other stakeholders to determine the scope of security controls. Which of the following is the best source to inform the scoping decision?
A. The assessment of risk to the system
B. The result of business impact analysis (BIA)
C. The design of the security architecture
D. The detailed plan for certification and accreditation

Continue reading

CISSP PRACTICE QUESTIONS – 20210115

Effective CISSP Questions

As the customer relationship management (CRM) system owner, you collaborate with data owners and other stakeholders to determine the compensating security control for replacing a baseline control. Which of the following best describes the process you are conducting?
A. Validation
B. Verification
C. Tailoring
D. Scoping

Continue reading

CISSP PRACTICE QUESTIONS – 20210114

Effective CISSP Questions

According to Martin Fowler, a maturity model is a tool that helps people assess the current effectiveness of a person or group and supports figuring out what capabilities they need to acquire next in order to improve their performance. Which of the following is an open-source maturity model to help organizations assess, formulate, and implement a software security strategy that can be integrated into their existing Software Development Lifecycle (SDLC)?
A. Software Assurance Maturity Model (SAMM)
B. Capability Maturity Model Integration (CMMI)
C. Cybersecurity Maturity Model Certification (CMMC)
D. Systems Security Engineering Capability Maturity Model (SSE-CMM)

Continue reading

CISSP PRACTICE QUESTIONS – 20210113

Effective CISSP Questions

A client sent a Kerberos authentication request to the authentication server (AS) and received a response with an encrypted part containing the session key and ticket-granting ticket (TGT). Which of the following should the client use to decrypt the ciphertext?
A. The client’s secret key
B. The client’s private key
C. The authentication server’s public key
D. The session key shared by the client and the ticket-granting server (TGS)

Continue reading