Passed CISSP (2nd attempt)! Big thanks to Vincent Primiani and the CISSP Study Group team — the daily quizzes, app practice, and sessions (despite IST timezone challenges) made a real difference. Formal thank-you message to Vincent Primiani and team (direct message or email) #CISSP #Certification

A remote workforce uses split-tunnel VPN to reduce bandwidth costs. The security team discovers employees are accessing sanctioned SaaS applications directly from home networks, bypassing the corporate proxy and DLP controls. Management values the current performance gains. What is the MOST appropriate recommendation? A. Switch to full-tunnel VPN to route all traffic through corporate controls B. Deploy a cloud-based secure web gateway to enforce policy at the endpoint C. Accept the risk and document the DLP gap as a known exception D. Restrict SaaS access to corporate-managed devices only Come back for the answer tomorrow, or study more now!

Your organization is migrating legacy on-premises applications to a multi-cloud environment. The security team discovers that several applications use hardcoded service account credentials that cannot be easily refactored before the migration deadline. Business leadership refuses to delay the timeline. What is the BEST approach? A. Migrate as planned and prioritize credential refactoring in the next sprint B. Implement secrets management and network segmentation around the vulnerable applications C. Present the risk formally to leadership with compensating control options and timeline impacts D. Reject the migration for applications with hardcoded credentials until remediation is complete Come back for the answer tomorrow, or study more now!

4th Time

During a third-party risk assessment, you discover a critical SaaS vendor stores customer data in a jurisdiction that conflicts with your organization's data residency requirements. The vendor scores well on every other security benchmark. The contract renewal deadline is in two weeks. What should you do FIRST? A. Require the vendor to migrate data to a compliant region before renewal B. Engage legal counsel to assess regulatory exposure and contractual options C. Renew the contract with an addendum requiring future data residency compliance D. Begin evaluating alternative vendors that meet data residency requirements Come back for the answer tomorrow, or study more now!