A company uses an internal investigation team and outside counsel during major incidents. To reduce email overload, executives begin discussing response strategy and legal risk inside a collaboration platform with auto retention and global search enabled. No breach has occurred yet. What is the MOST appropriate action to take FIRST? A. Disable search and retention features for executive channels B. Move all sensitive discussions to encrypted messaging tools C. Establish formal communication boundaries and privilege handling procedures D. Require legal approval before any executive incident discussion Pssst… CISSP.app

I felt like such a robot 🤖 posting the question this morning. I needed to say hello to all our wonderful members!! Okay, okay, the question... A company deploys a zero trust network where every request is authenticated, authorized, and encrypted. During an incident, investigators cannot reconstruct attack paths because traffic patterns are indistinguishable once inside the fabric. Security wants forensic clarity without weakening zero trust principles. What is the MOST appropriate architectural adjustment? A. Decrypt and inspect all internal traffic at centralized gateways B. Implement per request cryptographic identity and flow labeling C. Increase east west traffic logging at network choke points D. Reintroduce internal trust zones to simplify attribution Come back for the answer tomorrow, or study more now!

A company migrates legacy collaboration data to a modern platform. To reduce cost, leadership approves automated deduplication and compression before long term storage. Months later, legal requests a specific historical record for litigation, but IT cannot reconstruct the original context due to transformation. What is the MOST appropriate control that should have been established FIRST? A. Immutable backups of transformed data B. Legal hold integration into the data lifecycle process C. Stronger access controls over archived records D. Increased retention periods for critical data sets Come back for the answer tomorrow, or study more now!

A financial institution uses continuous control monitoring to support regulatory examinations. During a supervisory review, regulators challenge whether reported control effectiveness constitutes “reasonable assurance,” given that testing criteria, thresholds, and exception handling are defined by the same team operating the controls. Leadership wants defensible assurance without dismantling automation. What is the MOST appropriate action to take NEXT? A. Rotate control owners periodically to reduce familiarity bias B. Establish independent assurance criteria and validation over monitoring logic C. Increase sampling depth and testing frequency across automated controls D. Supplement dashboards with annual external audit attestations Come back for the answer tomorrow, or study more now!

A regulated organization designs a system where business users submit high value transactions through an application, while a separate service validates and commits them. Auditors later find administrators could bypass the application and update records directly in the database. Management wants assurance this cannot occur again. What is the MOST appropriate architectural control to implement NEXT? A. Stronger privileged user authentication and session recording B. Mandatory access control enforced at the database layer C. Constrained interfaces with enforced well formed transactions D. Increased database activity monitoring and alerting Come back for the answer tomorrow, or study more now!