I took and passed the CISSP exam yesterday, Friday May 16th, with 17 minutes to spare! I didn't take this exam alone. I walked into the exam hall with a virtual tribe of individuals lifting me on their shoulders. Their confidence in me, dispelled all of my fears and anxiety. Sitting in front of the examination computer, the questions seemed clear to me, even if my fundamentals may have been a bit fuzzy. I would not have passed the exam without the support of this Skool platform, our CISSP Community Study Group (CSG) and the personal connections that I have made via the study groups. Here is my attempt to thank everyone. If I missed someone, please attribute it to my excitement. @Christopher Schneider for introducing me to this platform, @Rebecca Kirk for suggesting that we form a Community Study Group(CSG), @Vincent Primiani for providing the platform, @Fouad Ahmed for motivational support and lots of great documents, @Shane Symons for supporting the group, our CSG members: @Annette Corona @Timilehin Ajibade @Maurice Lightfoot @Taiye Olorundare @Stan Lyubarskiy @Tahjar R @Mario Rasathurai @Reggie Johnson, @Randy Rempel. Special thanks to @Venkat Ayyer @Babur Farooq, @Peter Marie, who passed but continue to support the CSG and @Jolian Stephens @Martín Figueroa for the late night Quantum Question reviews. There are so many more..... My main resources: Original Study Guide: Nineth and Tenth Editions (Wiley Test Bank too)

So I wrote my exam on Tuesday in NZ and thought I failed as I only answered 95 questions. Then received my notice to say I passed. This was a great relief as, based on what I understood, is if you answer less than 100 questions, it would indicate you failed. So if anyone else who does not get to 100 questions, do not panic until you have received your confirmation 😁.

You are reviewing the results of a vulnerability scan of your organization's network. The scan has identified several high-risk vulnerabilities. Due to limited resources, you cannot immediately remediate all of the vulnerabilities. What is the MOST appropriate approach to prioritize remediation efforts? A. Remediate the vulnerabilities that are easiest to fix first, regardless of their potential impact. B. Remediate the vulnerabilities that are most commonly exploited by attackers, based on threat intelligence and vulnerability statistics. C. Remediate the vulnerabilities that pose the greatest risk to the organization's critical assets and business operations. D. Remediate the vulnerabilities that were discovered most recently, as these are likely to be the most current threats.

Your organization is implementing a new cloud-based Security Information and Event Management (SIEM) system. You need to ensure that the SIEM effectively detects and alerts on security incidents. Which of the following is the MOST important step in this process? A. Configuring the SIEM to collect logs from all available sources, including network devices, servers, and applications. B. Developing and implementing use cases that are tailored to the organization's specific threat landscape and business requirements. C. Training the security team on how to use the SIEM system to investigate and respond to security incidents. D. Regularly testing and tuning the SIEM system to ensure that it is effectively detecting and alerting on real security incidents.

You are leading a penetration test against a web application that handles sensitive customer data. During the assessment, the penetration testers discover a SQL injection vulnerability that could allow an attacker to gain access to the entire database. The development team is aware of the vulnerability but has not yet implemented a fix due to other project priorities. The application is considered business critical. What is the BEST course of action? A. Immediately shut down the web application to protect the sensitive customer data. B. Inform the development team and business stakeholders of the vulnerability and its potential impact, and recommend immediate remediation, even if it requires delaying other projects. C. Document the vulnerability in the penetration test report and recommend that the development team address it in the next scheduled maintenance window. D. Implement a web application firewall (WAF) as a temporary mitigation measure and schedule a follow-up penetration test after the development team has implemented a fix.