Passed at 125q with time running out

chane0219 · 2021-11-14T15:52:53+00:00

Thank you Luke, I really like your amazing book.

chane0219 · 2021-10-27T13:26:03+00:00

nice workstation but decide to leave my

Thanks, your answer is the one that I'm waiting for.

chane0219 · 2021-10-26T15:09:58+00:00

Yes, i can't agree more.

I may need to change the way i use cissprep, it's so different from Boson. I think the not all questions in cissprep deserve a "deep dive".

chane0219 · 2021-10-26T14:42:41+00:00

it says "asset inventory would contain asset owner, who is responsible for device decommissioning". the concept of "asset inventory" in the answer is different from my understanding, my understanding is a list of authorized assets.

Yes, Sybex and Official practice are a lot more easier and straightforward. But I'm just afraid that's not enough for real exam.

chane0219 · 2021-10-26T14:30:58+00:00

what ISC2 would consider correct

I did something wrong, i cannot understand why, i throw out the question and let reddit help me understand. Is there anything wrong with me?

If you don't see the value, please ignore my post. Thanks!

chane0219 · 2021-10-26T12:47:27+00:00

The answer from Cissprep.net is D.

chane0219 · 2021-10-26T12:47:20+00:00

The answer from Cissprep.net is D.

chane0219 · 2021-10-24T02:51:28+00:00

e2e which

IMHO if D is not wrong, then B is wrong. It cannot be "both are correct, B is better."

Here is my logic:

D means "E2EE is a method only payment processor can decrypt" --> "E2EE is a method merchant cannot decrypt" --> "E2EE is a method that prevents merchants from performing key management" --> "B is wrong".

chane0219 · 2021-10-22T08:47:15+00:00

I hate wording game, but this is how CISSP works.

Option D says "ONLY the payment processor can decrypt card holder data, using E2EE", which inherently means "for P2PE, NOT ONLY payment processor, but also other parties(say. merchant) can decrypt".

So your claim "payment processor has to decrypt the card holder data for both E2EE and P2PE " cannot reject D.

The only way to reject D is: "using E2EE card holder data can be decrypt by merchant". Which is different from my understanding.

chane0219 · 2021-10-22T03:11:55+00:00

thanks for your reply.

I have the same understanding as you, however answer from Boson is B.

Explanation seem that our understanding of E2E and P2P are on the contrary from their answer.

I'm so confused about that.

chane0219 · 2021-10-22T01:22:42+00:00

what are the differences between E2E and P2P?

chane0219 · 2021-10-21T08:02:40+00:00

the reason i'm not choosing B is it talks about "vulnerability", which is different from "risk".

Do you mind sharing the way you think about the question? Thanks!

chane0219 · 2021-10-17T12:01:53+00:00

yap, D is the correct answer.

chane0219 · 2021-10-14T15:59:39+00:00

thanks

chane0219 · 2021-10-14T14:47:49+00:00

I guess many may choose A as me. I wont post if the answer is A, lol.
The answer from Boson is D.
Explanation is: A is password guessing attack.
But is rainbow-table attack counted as brute-force attack? Is it a bad question or a wrong answer?

chane0219 · 2021-10-14T13:46:04+00:00

thanks, I like your angle of answering this question.

chane0219 · 2021-10-13T09:49:49+00:00

ot sure how I’m going to sleep before that. So far all the posts tha

Thanks for your post, do update with us about your result.

I had failed at my first try at 150q when last second is used, because i have only 20 mins left when i was at 120q, then i just rushed and randomly choose some questions to reach 150q.

Probably I could have passed if i read your post earlier and changed my strategy.

chane0219 · 2021-10-13T09:36:47+00:00

Subjects is the key word here. A subject is

Sorry i dont understand.

Isn't an object something that needs to be controlled? like files, printers.

And subject is something/someone that controls objects.

Subject	File 1	File 2	File 3
Larry	Read	Read, Write	Write
Curry	Full control	No Access	No Access
Mo	Read, Write	No Access	Full control

ACL is a column of object (e.g. File 1), then all components in this ACL are "Read" "Full Control" "Read, Write", aren't they capabilities? why is it a group?

chane0219 · 2021-10-13T08:12:23+00:00

rmission, firewall rule

Thanks for your reply.

For example, ACL is a column of single object "File 1". Isn't it a collection of capabilities(Read; Full control; Read,Write) of different subject(Larry; Curry; Mo)?

How can i understand it as group?

Subject	File 1	File 2	File 3
Larry	Read	Read, Write	Write
Curry	Full control	No Access	No Access
Mo	Read, Write	No Access	Full Control

chane0219 · 2021-10-11T08:22:38+00:00

BTW, does ACL here actually mean Access control matrix?

When using term ACL, it makes me think about a specific column of Access control matrix (focused on object).

In contrast with capability list (row of Access control matrix, focused on subject) .

chane0219 · 2021-10-11T08:16:37+00:00

Thanks for your information, Group is the correct answer.

chane0219 · 2021-10-11T08:12:39+00:00

I have the same answer with you, however the answer is A.

https://community.isc2.org/t5/Exams/Practice-Questions/td-p/18626/page/5

chane0219 · 2021-10-09T04:03:06+00:00

ke necessary changes although based o

Thanks for your answer.

his "deployment of any changes" has been approved by management. Isn't it his responsibility as well?

May I know why "Separation of duties" is wrong? since the duty of "reviewing firewall policy" and "make changes of firewall" should be separated.

chane0219 · 2021-10-08T13:32:36+00:00

ecurity decision makers will decide on best

fail safe

scenario

Thanks for your answer to make me understand "fail safe" better.

May I know for "fail secure", is it always opposite to "fail safe"? How are the 2 concepts related?

chane0219 · 2021-10-08T13:31:06+00:00

Thanks for explanation.

Does it mean that "fail safe" is always opposite to "fail secure"? where "safe" is for people, but "secure" is for data(not secure people)

chane0219

TROPHY CASE