Senior management has approved funding for a new information security program. The CISO wants to ensure that the program is sustainable and aligned with business strategy. Which of the following is the MOST important first step? A. Develop detailed security policies and procedures for all business units. B. Conduct a comprehensive risk assessment across the organization. C. Implement baseline technical controls to address known vulnerabilities. D. Establish a security steering committee with representation from business leadership.

During normal monitoring, the SOC identifies unusual outbound traffic from a critical database server. Initial analysis suggests the data may be exfiltrating to an external IP address. What should the incident response team do FIRST? A. Shut down the database server immediately to stop the data leak. B. Escalate to senior management and legal counsel for notification decisions. C. Collect volatile system memory and network session data from the affected server. D. Contact law enforcement to report the potential breach.

We’re thrilled to welcome May Brooks-Kempler ( @May Brooks ) to our community! May is one of the most respected CISSP instructors worldwide. She’s a (ISC)² Board Member, co-author of the Official CISSP Study Guide, TEDx speaker, bestselling author (Scams, Hacking, and Cybersecurity), and a recognized leader in the global infosec community. Here’s what this means for you: 📚 Study Group MasterClass Takeover – May is giving our members free admission to her upcoming CISSP MasterClass. This is a chance to learn directly from one of the best and show her what our study group is all about. 🎤 Pop-In Q&A – Keep joining our study groups, because you never know when May might drop in for a quick Q&A. 🤝 Exciting Collaboration – This is just the beginning. May is supporting our community as the go-to place for those just starting, self-studying, or looking for a group to prepare for the CISSP together. 💡 CPE Credit – You can self-submit for 2 CPE credits for attending the MasterClass. This is a huge moment for our group. Let’s pack the MasterClass, bring our energy, and show May the strength of our community. 👉 Registration link coming soon. Let’s show May we are happy she’s here in the comments!

Which of the following BEST describes the primary purpose of a security kernel within a trusted computing base (TCB)? A. To implement reference monitors that enforce access control decisions B. To provide encryption of all system memory and storage C. To manage the scheduling of processes and CPU time slices D. To establish secure communications between distributed systems

A financial services company is designing a new data center in a region prone to power fluctuations and occasional earthquakes. The facility must support continuous operations with minimal downtime while protecting sensitive customer data. Which of the following would provide the MOST effective balance of availability and protection? A. Locating the data center on the ground floor with reinforced walls and installing multiple UPS systems. B. Building the data center on an upper floor, installing seismic bracing, and relying on a single diesel generator for backup power. C. Constructing the data center in a basement with water-resistant barriers and redundant power feeds from separate substations. D. Hosting the primary data center at headquarters and establishing a reciprocal agreement with another company for disaster recovery.