During a risk assessment, management learns that a legacy system critical to operations has several known vulnerabilities. The vendor no longer provides patches, and replacing the system would take over a year and significant budget. 👉 As a security manager, what would be your BEST recommendation to management in this situation? Think it through ...

We’re thrilled to welcome May Brooks-Kempler ( @May Brooks ) to our community! May is one of the most respected CISSP instructors worldwide. She’s a (ISC)² Board Member, co-author of the Official CISSP Study Guide, TEDx speaker, bestselling author (Scams, Hacking, and Cybersecurity), and a recognized leader in the global infosec community. Here’s what this means for you: 📚 Study Group MasterClass Takeover – May is giving our members free admission to her upcoming CISSP MasterClass. This is a chance to learn directly from one of the best and show her what our study group is all about. 🎤 Pop-In Q&A – Keep joining our study groups, because you never know when May might drop in for a quick Q&A. 🤝 Exciting Collaboration – This is just the beginning. May is supporting our community as the go-to place for those just starting, self-studying, or looking for a group to prepare for the CISSP together. 💡 CPE Credit – You can self-submit for 2 CPE credits for attending the MasterClass. This is a huge moment for our group. Let’s pack the MasterClass, bring our energy, and show May the strength of our community. 👉 Registration link coming soon. Let’s show May we are happy she’s here in the comments!

Which of the following BEST describes the primary purpose of a security kernel within a trusted computing base (TCB)? A. To implement reference monitors that enforce access control decisions B. To provide encryption of all system memory and storage C. To manage the scheduling of processes and CPU time slices D. To establish secure communications between distributed systems

An organization is conducting a risk assessment and has identified several threats to its critical customer database. After calculating both the Annual Rate of Occurrence (ARO) and the Single Loss Expectancy (SLE), management now wants to determine the total expected loss per year. Which of the following should be calculated NEXT? A. Exposure Factor (EF) B. Annual Loss Expectancy (ALE) C. Residual Risk D. Total Cost of Ownership (TCO)

Which of the following BEST ensures that information security aligns with business objectives and is supported at the highest level of the organization? A. Establishing detailed technical standards for system hardening B. Implementing security awareness training across the organization C. Obtaining executive sponsorship for the information security program D. Conducting regular penetration testing of critical systems