CISSP hell question need explanation

hi guys,plz help on below question, i have exam in next week want quick reply.
As a vendor, you need to provide periodic patches or updates to a product. Your customers would like to be sure that they are downloading the patches from the legitimate site. Further, they would like to ensure that the integrity of the download has not been compromised. An effective way to do this is through the use of:
A. Symmetric cryptography
B. Digital signatures.
C. Asymmetric cryptography
D. PGP
Answer: B
I selected C, since digital signature i think is not used on website , rather CA is used . Why B is right ??

The risk analysis team has come up with a set of findings and identified certain threats. The information security team puts up a contingency plan in place so that the company can continue to function if that threat takes place. This would be termed as:
A. Risk acceptance
B. Risk reduction
C. Risk mitigation
D. Risk transfer
Answer: B
As per CISSP books , risk mitigation is right word here...why the hell the B is correct choice

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Good luck with the exam, nothing really prepares you for the mental drain, just take a break if you need to, walk up and down get the blood pumping again

Cyberscum wrote: »

To be honest I would think that this would be risk acceptance. At no point is the team dealing with the threat directly. They are making a contingency plans for continued operations, but do not (in my eyes) deal with the threat itself.

Risk acceptance means living with the risks and doing nothing about them at all. Contingency plans control the impact on assets. It is a type of risk reduction/mitigation.

Started reading AIO for the last time. Hope to read it ASAP and only concentrate on weaker domain which i know now..Hope it would be finished in next 6 hrs... Tomorrow ill go through official book which i hate due to poor writing but can't take chance for the exam

Gone through first chapter --took 3hrs

. Got architecture and metrics fact right in my head which was weakness. Need to memorize ISO list on last day.

Got 81% on question after lesson. Now on to 2nd chapter Access control--- hope to finish in next 2hrs.

Gone through 2nd chapter- Access Control---seems all easy only SAML/SOAP/SPML creates confusion ---SPML - provisioning/SOAP - messages/SAML - authentication data this makes clear picture.

Got 91% now off to lighter domain - Security Operations and then rest will complete tomorrow. Seems like i won't get time to go through official guide as part of last revision.

Having drinks ...forget abt cissp

Going through SAD hope to complete in next 2hrs. I think i won't sleep tonight so that i can sleep tomorrow and wake properly for exam day after tomorrow. Long day ahead today

Gone through SAD.... ITSEC /TCSEC ratings seems to be hard for me will memorize them at last day using sunflower/combined notes. Also getting wrong answers for reference monitor/security kernel questions...will do nothing for it as i know one is abstrac and another is physical just poor written questions.

Got 80% for exams at end of chapter.

4 hours gone for SAD...no matter will go slow and steady..now on to Phy & Env Security

will try to complete this quick i need to finish all topics today....

Completed phy & env security...just by skimming.... fence height and guage length still concern and need to memorize

Score 83% in exams at end of chapter. My mind has started to loose..Will take break for 1hr and start with Telecom&N/Wsecurity.

Instead of this crazy brain dumping of the huge AIO in a very short space of time, why don't you reschedule your exam for a few weeks ahead? It's only $50 and it buys you time to study properly.

I know AIO ..just some concepts are diluted and need to revise. Also no matter how much i prepare it will be always less so just want to end this thing..i have lot of think do ahead just wanted to start with CISSP.

Got some close to 2hours sleep and restarting the long journey i have full night with me today...being awake tonight i think will help me sleeping properly tomorrow for the exam.

Topic Remaining:
Tele&N/w security
Cryptography
BCP/DRP
Legal&Compliance
S/W Security
Security Operation

Finished Network & Tele security. Even after skimming it took such a long time. Avoid this chapter from AIO and use combined notes i would say.

Seems like i am loosing focus with so much depth..will take cccure exam now and see how i fair

I think i will drop further reader ...go through MHprofessional quiz...identify my still weak areas..and get it memorized.

Just completed Access Control quiz - Quiz1 = 85%/Quiz2 = 75%

The biggest thing for this exam is you can be never prepared...forget abt being unconfident to see the results after 6hrs test...i am still not confident whether i will make it because no matter how much i read it never stops. I will remain stick to quizzes i guess and combined notes/sunflower pdf.

Remember, DES only uses 1 56 bit key where 3DES uses 168 bit keys. Keep in mind, the question does say "to break algorithms". Since 3DES only 2 more 56 bit keys then DES, odds are it won't hold up. AES however has different amounts (192, 256 and I believe 512 I may be wrong on the last one). And SAFER, never heard of it before. So if you can think like that, you should be ok. Mind you, I haven't taken CISSP or looked at the material just Security+ but there is some overlap between the 2 exams. The other people commenting and leaving help can vouch for what I am saying. Hope this can help? No expert by any means, just trying to make it a bit easier to digest/breakdown the question.

Completed BCP quiz 1 - 81%. Don't have enough power to go ahead... 28hrs to go for exam. I will have combined notes/sunflower pdf revised tomorrow morning and if time permits will take mhprofessional test and sleep down.

Should have got more time to go through test, but no matter how much you study for this exam it is never enough so will just end this ..i will pass..i will pass...Best of luck to myself

Best of luck to you. Whatever you do, don't be tempted to cut back on your sleep. Your less than 24 hours until you take the exam, I don't think there's a lot of new information you are going to gain from taking practice test after practice test. But if you don't get enough rest, that could really have an adverse effect on your score.

took around 6 hrs sleep...will go through combined notes & sunflower and then casual testing...will sleep 8hrs before exam

Even reading combined notes appears to be boring to me now....will stop do some test and start the remaining chapters again

Ok 3hrs to go for sleep...the hardest part of all...hope i get good 8 hrs sleep...Will post passes cissp tomorrow hopefully!

Good luck man, sounds like you need some rest...You will kill it dont sweat it.

Passed finally

For it was other way around. Before appearing I wasn't sure of passing. But when I gave exam I first 4hrs I knew I had passed. Took 150 questions in 180min I guess...took break went to q no 250 and started in reverse order. Once reached 150 had 2hrs ...took my time and reviewed all 150 to 1 question.. Intact I corrected the 2-3 question which were not flagged for review and none which were marked and finished exam

Congratulations! Well done on the pass. Anything you can tell us about the exam experience (within the NDA, of course)? Did any memorisation techniques help at all?

Congrats Well done!

The key is concept if you know them you will pass...practice test just make you ready to apply it and sharpen your mind. The difficult thing was I never knew when to stop knowledge is unlimited.

The exam was too easy to pass I would say or I had over prepared.

Booking exam date worked for me. Booked 1mnth in advance and didn't tough books till 2weeks after which pressure build up and I performed.

When things get tough
Tough gets going!

Book or exam ASAP once you know you got all concepts clear in mind.

No matter how much you try risk/weakness cannot be eliminated only mitigated (not reduced

)

Quick Links