A global enterprise is transitioning from long-term symmetric encryption keys to an automated key rotation system using hardware security modules (HSMs). During the rollout, application owners express concern that frequent rotation may disrupt legacy integrations and availability. What should the security architect do FIRST? A. Enforce the new key-rotation policy across all systems immediately B. Perform a risk assessment to evaluate availability impact and integration dependencies C. Allow legacy systems to retain long-term keys indefinitely D. Delay implementation until all applications are modernized

You are designing a system for a law firm that represents multiple competing corporations. The system must: - Prevent lawyers from accessing case files of competing clients - Ensure paralegals can enter data but only senior attorneys can approve filings - Maintain confidentiality of client records Which combination of models is most relevant here? A. Bell–LaPadula and Biba B. Clark–Wilson and Brewer–Nash C. Bell–LaPadula and Clark–Wilson D. Brewer–Nash and Biba

Hey everyone! Just got back home and super excited to share. I passed my CISSP exam! It was totally worth it, and I’m incredibly grateful for all the support along the way. For anyone curious, I didn’t read any books. Instead, I ✅ Went through ACI Learning’s video course on Coursera twice ✅ Completed Mike’s course on LinkedIn twice ✅ Watched Pete Zerger’s course, first at normal speed, then much faster on the second round ✅ Used mind maps once 2 days ago ✅ Attended community study sessions Huge thanks to Rebecca, Venket, Chris, Shane, Claudie, and everyone else who made this possible. Couldn’t have done it without this awesome community! 🙏

An organization maintains a minimum set of recommended settings for each security control to safeguard the Confidentiality, Integrity, and Availability (CIA) of information and information assets. The organization also performs scoping and tailoring activities to meet the security properties of a given configuration. Which of the following BEST describes the situation outlined in the scenario? A Security guidelines B Security baselines C Security standards D Security procedure

Peter is reviewing the remote access technologies used by his organization and would like to eliminate the use of any techniques that do not include built-in encryption. Which of the following approaches should he retain? (Select all that apply.) A RDP B Telnet C SSH D Dial-up