Wi-Fi Protected Access (WPA), superseding Wired Equivalent Privacy (WEP) in 2003, WPA2 (2004), and WPA3 (2018) are security certification programs developed by the Wi-Fi Alliance to secure wireless networks. Which of the following is correct? (Wentz QOTD) A. TKIP is used in WEP to enforce confidentiality. B. WPA3 employs HMAC to enforce nonrepudiation. C. WPA uses RC4 as the underlying cipher for confidentiality. D. WPA2 uses a stream cipher in CCM mode (counter with CBC-MAC).
Your company hired a security analyst who got on board today. Which of the following should be conducted first per the identity proofing procedure? (Wentz QOTD) A. Enroll the biometric template in a model database and provision services B. Uniquely distinguish the individual among a given population or context C. Establish the linkage between claimed identity and real-life existence of subject D. Determine the authenticity, validity, and accuracy of identity information and relate it to a real-life subject
Your company established multiple teams to develop software products. Which of the following is the best role in promoting security awareness and culture across software development teams? (Wentz QOTD) A. Senior management B. Data steward C. Security champion D. Security administrator
Your company establishes an E-Commerce website that sells toys around the world. All traffic is protected by HTTPS. Which of the following is the most feasible approach for the browser to submit the user’s password to the webserver? (Wentz QOTD) A. Raw password B. Hashed password C. Salted password D. Digital signature
Committees at the board level are also known as governance committees. Which of the following committees is most commonly established per legal and regulatory requirements? (Wentz QOTD) A. Audit committee B. Executive committee C. Project governance committee D. Strategic development committee
Your company is considering a proposal that sells or divests a business unit to a conglomerate for financial purposes. Some impacted employees may resign, while other divested employees are concerned with the new work location. As a security professional involved in the transaction, which of the following should your company conduct first? (Wentz QOTD) A. Exit interview B. Deprovisioning C. Data sanitization D. Security assessment
As the CISO of a multinational corporation, which of the following least likely belongs to one of your responsibilities? (Wentz QOTD) A. Formulate the corporate strategy B. Report to the CFO as your supervisor C. Support delivery of products and services D. Establish an information security management system
Your organization’s PBX has been end-of-support. The Original Equipment Manufacturer (OEM) offered a costly newer model as a replacement. However, secondary market suppliers can provide the same model with lower prices. Which of the following is the most concern if the replacement from a secondary market supplier is selected? (Wentz QOTD) A. The clause of End-of-Life (EOL) B. The new clause of End-of-Support (EOS) C. Product counterfeits D. Non-compliance with Common Criteria (CC)
You have provisionally passed the CISSP exam and exercise your due diligence reviewing the (ISC)² Code Of Ethics. Which of the following is correct? (Wentz QOTD) A. Complaints in the form of a sworn affidavit will not be considered. B. A jury of peer CISSPs is established on a project basis to hear ethics complaints. C. Complaints without specifying the violated canon of the Code of Ethics will be considered. D. Complaints will be accepted only from those who claim to be injured by the alleged behavior.