Passed CISSP (2nd attempt)! Big thanks to Vincent Primiani and the CISSP Study Group team — the daily quizzes, app practice, and sessions (despite IST timezone challenges) made a real difference. Formal thank-you message to Vincent Primiani and team (direct message or email) #CISSP #Certification

A development team integrates a third-party open-source library that processes customer PII. Six months later, a critical vulnerability is disclosed in that library. The vendor has not released a patch. Business stakeholders resist removing the library because it powers a revenue-generating feature. What is the MOST appropriate action? A. Implement compensating controls around the vulnerable component and document the accepted risk B. Fork the library and develop an internal patch C. Escalate to the risk owner for a formal risk acceptance decision D. Immediately remove the library and disable the affected feature Come back for the answer tomorrow, or study more now!

A newly acquired subsidiary uses a separate identity provider with no federation to the parent company. Executives want immediate single sign-on access to the subsidiary's financial reporting system. The subsidiary's IT team warns their directory contains orphaned accounts from prior layoffs. What should you address FIRST? A. Establish federated trust between both identity providers B. Perform an access review and remove orphaned accounts in the subsidiary's directory C. Provision executive accounts directly in the subsidiary's identity provider D. Implement multi-factor authentication on the financial reporting system Come back for the answer tomorrow, or study more now!

During an acquisition integration, you discover the target company grants domain administrator privileges to its entire 12-person IT department. They argue the small team requires broad access for operational efficiency. Your organization's policy enforces least privilege. What should you do FIRST? A. Immediately revoke domain admin from all subsidiary IT staff and assign role-based access B. Conduct a privileged access audit to map which admin functions each role actually requires C. Allow current access with enhanced monitoring until integration is complete D. Require the subsidiary to adopt your identity governance platform before network integration Come back for the answer tomorrow, or study more now!

The night shift SOC analyst reports that the CEO is locked in his office. The physical access control system's AI module misclassified his valid after-hours badge swipe as anomalous and triggered an automated lockdown response. What should you do FIRST? A. Grant the CEO permanent access override authority to bypass automated controls B. Release the lockdown and document the false positive for automated response review C. Escalate to facilities management since physical access is their responsibility D. Disable the automated lockdown capability until the AI classification model is retrained Come back for the answer tomorrow, or study more now!