Senior leadership wants to launch a new customer analytics platform that processes regulated personal data. The CISO identifies control gaps that exceed the organization’s stated risk appetite, but executives are pushing for speed to market. What is the MOST appropriate action for the CISO to take NEXT? A. Document the risk and accept it to support business objectives B. Implement compensating controls within the security team C. Escalate the risk to senior management for formal risk acceptance D. Delay the project until all identified risks are fully mitigated Come back for the answer tomorrow! Study more now at CISSP.app

A national intelligence agency is designing a new system to process both Top Secret and Unclassified data simultaneously. Engineers propose using a formally verified microkernel operating system that enforces strict separation between processes through hardware-based memory isolation. During review, an executive asks why the team insists on this complex design instead of using simpler software-based access controls at the application layer. Which concept BEST justifies the microkernel approach? A. Complete mediation — ensuring every access request is validated against the security policy. B. Security kernel — implementing reference monitor functions at the lowest level of the system. C. Layered defense — using multiple, independent safeguards at different levels of abstraction. D. Economy of mechanism — minimizing system complexity to reduce potential vulnerabilities.

Which of the following organizations establishes the standards for Service Organization Control (SOC) audits? A: American Institute of Certified Public Accountants (AICPA) B: National Institute of Standards and Technology (NIST) C: International Organization for Standardization (ISO) D: International Electrotechnical Commission (IEC)

Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities? A. Distributed denial-of-service (DDoS) attack B. Zero-day attack C. Phishing attempt D. Advanced persistent threat (APT) attempt

Hi all, Unfortunately, I didn’t pass the CISSP exam. I did tons of prep questions on learnzapp but seems that I’m not well prepared yet. Could you please recommend some info (tips) to follow that can help me ? Thank you