THIS Is Why It’s Important to Read CISSP Exam Questions Carefully

Just when I think I’ve gotten the hang of answering practice CISSP questions, a few come along that make me want to quit information security altogether.  Ha, not really, I live for this!

Especially since everything I find out, I can share with you!

Here is a question that relates to the Access Control domain:

By law, organizations have to notify employees when their internet and other activities are monitored within the workplace.  What is the best method to notify external users that their actions are being monitored?

A.  Device or application logon banner
B.  Written agreement upon employment with organization
C.  Wall poster as required by Federal law
D.  Security awareness training



For employees, a written agreement is required by law for the organization to monitor them. The first part of the question was misleading as it talked about employees. However, the question asked the best method for notifying “external” users, those who are not within the organization. They don’t have employment agreements, won’t see wall posters, and aren’t trained by the organization, so the answer is A, logon banners.


Thanks for reading!


  • Robert Scott

    Now that…is tricky. Perhaps the thing to do is to read the sentence ending with the question mark first.

    • studynotesandtheory

      Hey Robert! I’ve tried that strategy too, cuz you know what, the last question is really what we’re looking for. Sometimes it works for some questions, others maybe not, I’d say about 60-40% that strategy works. I realized that the CISSP questions will try to fill your brain with nonsense and trick your mind into thinking a really complicated way, when all you really have to do is read the last question. Good catch! And thanks for commenting!

  • Christopher Karl

    Honestly, A would have been my choice.. However, ‘External’ is troubling because it’s very vague. I’m an external user for my company (I work in Afghanistan) but, I have a company laptop and am an employee. Can external mean contractors who use their own machines are are not employees?? If so, could a logon banner be pushed to a VPN connection or a Citrix connection?

    • studynotesandtheory

      Hello Christopher,

      These are great points, especially about a logon banner being pushed through a VPN/Citrix connection. Whenever I connect to systems I definitely see a logon banner.

      Not all employees who work externally, or contractors, might see a logon banner. Besides a contractor, a vendor might also be given access. The thing with vendors is that they probably have not signed an internal written agreement like most full time employees. That is what this question was trying to convey.

      Since a vendor did not sign a written agreement, it’s harder to enforce a monitoring program. Not only do companies have to notify employees that they are being monitored, the employees must understand and sign a document agreeing to the fact.

      Thanks for your comment Christopher.

      • Christopher Karl

        Thanks for your reply. I guess my next question is… If they’re remote – say through Citrix connection. Can they even BE monitored? I realize it’s possible through a VPN – where you have the traffic going through your Gateway. I guess I have to read the question again, and learn how to interpret these types of questions. The Larry GreenBlatt videos I’m watching strongly confirm that it’s an ENGLISH Test 🙂

        • studynotesandtheory

          Sorry for the late reply Christopher! I just looked it up, and yeah sadly the exam IS only in English. They you are allowed to bring in a dictionary!

          To monitor through Citrix they might need to implement a SIEM tool at the exit nodes such as Logrhythm or ArcSight. I’m not too sure, but I am learning about it right now at work, I will let you know how it goes ! If I don’t, remind me!


          • Christopher Karl

            I didn’t word that correctly… I didn’t mean it to ask if it was offered in different languages, I meant it to mean you have to really deconstruct the question to figure out what’s truly being asked.