Author Archives: Chris

COSO (Committee of Sponsoring Organisations of the Treadway Commission) was originally created in 1985 and is supported by five private sector organisations. What was the primary reason for COSO’s formation? (a) To provide organisations with a framework for implementing secure information systems(b) To define a set of techniques that allow organisations to self-regulate, independent of governmentContinue reading “Tough Questions 1-10”

What describes a more agile development and support model, where developers directly support operations? (a) DevOps(b) Sashimi(c) Spiral(d) Waterfall  Two objects with the same name have different data. What OOP concept does this illustrate? (a) Delegation(b) Inheritance(c) Polyinstantiation(d) Polymorphism  What type of testing determines whether software meets various end-state requirements from a user or customer, contract, orContinue reading “Questions for Domain 8: Software Development Security”

Software is everywhere – not only in our computers, but also in our houses, ourcars, and our medical devices. The problem is that all software programmers make mistakes. As software has grown in complexity, the number of mistakes has grown along with it, and the potential impact of a software crash has also grown. ManyContinue reading “Domain 8: Software Development Security”

Which plan details the steps required to restore normal business operations afterrecovering from a disruptive event? (a) Business Continuity Plan (BCP)(b) Business Resumption Plan (BRP)(c) Continuity of Operations Plan (COOP)(d) Occupant Emergency Plan (OEP)  What metric describes how long it will take to recover a failed system? (a) Minimum Operating Requirements (MOR)(b) Mean Time Between Failures (MTBF)(c)Continue reading “Questions for Domain 7: Security Operations”

Introduction Security operations is concerned with threats to a production operating environment. Threat agents can be internal or external actors, and ops security must account for both of these in order to be effective. Security operations is about people, data, media & hardware, as well as the threats associated with each of them. Administrative securityContinue reading “Domain 7: Security Operations”

What can be used to ensure that software meets the customer’s operational requirements?(a) Integration testing(b) Installation testing(c) Acceptance testing(d) Unit testing  What term describes a black-box testing method that seeks to identify and test all unique combinations of software inputs?(a) Combinatorial software testing(b) Dynamic testing(c) Misuse case testing(d) Static testing Use the following scenario to answerContinue reading “Questions for Domain 6: Security Assessment & Testing”

Introduction Security assessment and testing are critical components of any information security program. Organizations must accurately assess their real-world security, focus on the most critical components, and make necessary changes to improve. In this domain, we will discuss two major components of assessment and testing: overall security assessments, including vulnerability scanning, penetration testing, and securityContinue reading “Domain 6: Security Assessment & Testing”

What access control method weighs additional factors, such as time of attempted access, before granting access?(a) Content-dependent access control(b) Context-dependent access control(c) Role-based access control(d) Task-based access control What service is known as cloud identity, which allows organisations to leverage cloud service for identity management?(a) IaaS(b) IDaaS(c) PaaS(d) SaaS What is an XML-based framework forContinue reading “Questions for Domain 5: Identity & Access Management”

Introduction Identity & access management (also known as controlling access & managing identity) is the basis for all security disciplines, not just InfoSec The purpose of access management is to allow authorised users access to appropriate data, and deny access to unauthorised users Authentication methods A key concept for implementing any type of access controlContinue reading “Domain 5: Identity & Access Management”

Restricting Bluetooth device discovery relies on the secrecy of what?(a) MAC address(b) Symmetric key(c) Private key(d) Public key What are the names of the OSI model layers in order from bottom to top?(a) Physical, Data Link, Transport, Network, Session, Presentation, Application(b) Physical, Network, Data Link, Transport, Session, Presentation, Application(c) Physical, Data Link, Network, Transport, Session,Continue reading “Questions for Domain 4: Communication & Network Security”