A development team integrates a generative AI coding assistant that was trained on public repositories. The tool accelerates feature delivery but occasionally references deprecated libraries. Legal warns that AI-generated code may contain license violations or expose proprietary logic if the model was trained on leaked internal code. What should the security manager do FIRST? A. Engage legal counsel to review the AI vendor's training data sources and contractual indemnification clauses B. Implement software composition analysis (SCA) and require all AI-generated code to be digitally signed before commit C. Restrict the AI tool's access to internal repositories and enforce output review through secure-coding peer validation D. Retrain or fine-tune the AI model using only vetted, license-compliant code from approved sources

I took and passed the CISSP exam yesterday, Friday May 16th, with 17 minutes to spare! I didn't take this exam alone. I walked into the exam hall with a virtual tribe of individuals lifting me on their shoulders. Their confidence in me, dispelled all of my fears and anxiety. Sitting in front of the examination computer, the questions seemed clear to me, even if my fundamentals may have been a bit fuzzy. I would not have passed the exam without the support of this Skool platform, our CISSP Community Study Group (CSG) and the personal connections that I have made via the study groups. Here is my attempt to thank everyone. If I missed someone, please attribute it to my excitement. @Christopher Schneider for introducing me to this platform, @Rebecca Kirk for suggesting that we form a Community Study Group(CSG), @Vincent Primiani for providing the platform, @Fouad Ahmed for motivational support and lots of great documents, @Shane Symons for supporting the group, our CSG members: @Annette Corona @Timilehin Ajibade @Maurice Lightfoot @Taiye Olorundare @Stan Lyubarskiy @Tahjar R @Mario Rasathurai @Reggie Johnson, @Randy Rempel. Special thanks to @Venkat Ayyer @Babur Farooq, @Peter Marie, who passed but continue to support the CSG and @Jolian Stephens @Martín Figueroa for the late night Quantum Question reviews. There are so many more..... My main resources: Original Study Guide: Nineth and Tenth Editions (Wiley Test Bank too)

So I wrote my exam on Tuesday in NZ and thought I failed as I only answered 95 questions. Then received my notice to say I passed. This was a great relief as, based on what I understood, is if you answer less than 100 questions, it would indicate you failed. So if anyone else who does not get to 100 questions, do not panic until you have received your confirmation 😁.

You are reviewing the results of a vulnerability scan of your organization's network. The scan has identified several high-risk vulnerabilities. Due to limited resources, you cannot immediately remediate all of the vulnerabilities. What is the MOST appropriate approach to prioritize remediation efforts? A. Remediate the vulnerabilities that are easiest to fix first, regardless of their potential impact. B. Remediate the vulnerabilities that are most commonly exploited by attackers, based on threat intelligence and vulnerability statistics. C. Remediate the vulnerabilities that pose the greatest risk to the organization's critical assets and business operations. D. Remediate the vulnerabilities that were discovered most recently, as these are likely to be the most current threats.

Your organization is implementing a new cloud-based Security Information and Event Management (SIEM) system. You need to ensure that the SIEM effectively detects and alerts on security incidents. Which of the following is the MOST important step in this process? A. Configuring the SIEM to collect logs from all available sources, including network devices, servers, and applications. B. Developing and implementing use cases that are tailored to the organization's specific threat landscape and business requirements. C. Training the security team on how to use the SIEM system to investigate and respond to security incidents. D. Regularly testing and tuning the SIEM system to ensure that it is effectively detecting and alerting on real security incidents.