Your company is considering a proposal that sells or divests a business unit to a conglomerate for financial purposes. Some impacted employees may resign, while other divested employees are concerned with the new work location. As a security professional involved in the transaction, which of the following should your company conduct first? (Wentz QOTD)
A. Exit interview
B. Deprovisioning
C. Data sanitization
D. Security assessment

As the CISO of a multinational corporation, which of the following least likely belongs to one of your responsibilities? (Wentz QOTD)
A. Formulate the corporate strategy
B. Report to the CFO as your supervisor
C. Support delivery of products and services
D. Establish an information security management system

Your organization’s PBX has been end-of-support. The Original Equipment Manufacturer (OEM) offered a costly newer model as a replacement. However, secondary market suppliers can provide the same model with lower prices. Which of the following is the most concern if the replacement from a secondary market supplier is selected? (Wentz QOTD)
A. The clause of End-of-Life (EOL)
B. The new clause of End-of-Support (EOS)
C. Product counterfeits
D. Non-compliance with Common Criteria (CC)

You have provisionally passed the CISSP exam and exercise your due diligence reviewing the (ISC)² Code Of Ethics. Which of the following is correct? (Wentz QOTD)
A. Complaints in the form of a sworn affidavit will not be considered.
B. A jury of peer CISSPs is established on a project basis to hear ethics complaints.
C. Complaints without specifying the violated canon of the Code of Ethics will be considered.
D. Complaints will be accepted only from those who claim to be injured by the alleged behavior.

Which of the following authentication protocols used in wireless networks best supports the Zero Trust principle? (Wentz QOTD)
A. LEAP
B. PEAP
C. EAP-TLS
D. EAP-TTLS

Which of the following is not a method of purging that uses dedicated, standardized device sanitize commands that apply media-specific techniques to bypass the abstraction inherent in typical read and write command? (Wentz QOTD)
A. Overwrite
B. Block erase
C. Degaussing
D. Cryptographic Erase

Your organization initiated an outsourcing project to develop the customer relationship management (CRM) system that would operate on a PaaS from a public cloud service provider. Mobile devices as CRM clients are purchased from a well-known brand. As a project manager, which of the following is the least concern in terms of procurement? (Wentz QOTD)
A. System and Organization Controls (SOC)
B. Capability Maturity Model Integration (CMMI)
C. Trusted Computer System Evaluation Criteria (TCSEC)
D. CISSP (Certified Information Systems Security Professional)

A container image is a package created and registered by developers that contains all the files, typically organized in layers, required to run in a container. An image typically comprises layers, such as the minimum OS core (aka base layer), application frameworks, and custom code.

Even though a host could directly contact a registry for an image and deploy it into a container, orchestrators such as Kubernetes (K8S), Docker Swarm, Mesos, etc., can automate the deployment process to pull images from registries, deploy them into containers, and manage the container runtimes.

As a CISO, you frequently travel on business and connect to corporate mail servers through VPN for security. You’d like to send a strategic plan to the CEO from a luxury five-star hotel remotely. Which of the following best ensures non-repudiation of the email? (Wentz QOTD)
A. Asymmetric encryption using key pairs
B. Elliptic Curve Digital Signature Algorithm (ECDSA)
C. IPsec in transport mode using AH and certificates
D. IPsec in tunnel mode using ESP and shared secrets

Which of the following best aligns with the security principles of containerization? (Wentz QOTD)
A. Overlay networks are commonly used to monitor traffic between nodes.
B. Containers shall be deployed on the same host to impose the security baseline.
C. Containers are stateless and immutable, against which in-place patches are not allowed.
D. General-purpose OSs are more flexible and suitable for reducing attack surfaces of containers.