I passed the CISSP exam today! For a long time, I kept postponing it, thinking it would be too difficult. However, the daily questions shared in this group helped me build the right mindset. The tips and guidance from those who had already cleared the exam were also incredibly helpful. I used the following study resources: OSG and Official practice tests cissp.app app - Helps with time management and provides clear explanations. Destination Cert YouTube series and their app for questions Eric Cornard CISSP study guide and other you tube videos/Questions

An internal audit reveals that quarterly vulnerability scans are completed on schedule, but 40% of critical findings remain unremediated past SLA. The vulnerability management team reports the metrics as "green" because scans were performed. As the CISO, what is the BEST corrective action? A. Reduce scan frequency until remediation capacity catches up B. Redefine the program metrics to measure remediation outcomes, not scan activity C. Escalate overdue findings directly to system owners' executives D. Outsource remediation to a managed security service provider Come back for the answer tomorrow, or study more now!

A development team adopts a CI/CD pipeline that auto-deploys to production upon passing unit tests. Security testing currently runs weekly in a separate environment. A recent release introduced a SQL injection flaw that reached production. As the application security lead, what is the BEST corrective action? A. Block all deployments until weekly security testing completes B. Integrate SAST and dependency scanning as gating checks within the pipeline C. Require manual security review before each production release D. Shift security testing to a post-deployment runtime monitoring tool Come back for the answer tomorrow, or study more now!

During a ransomware incident, the IR team contains affected systems and begins recovery from backups. Mid-recovery, the CFO authorizes paying the ransom to accelerate restoration. As the incident commander, what should you do FIRST? A. Comply with the CFO's directive and coordinate the payment through counsel B. Halt recovery and escalate to the executive crisis team and legal for a documented decision C. Continue recovery from backups and refuse the payment on policy grounds D. Engage law enforcement to evaluate the legality of the ransom payment Come back for the answer tomorrow, or study more now!

Your organization deploys an autonomous AI agent that queries multiple internal data repositories to generate executive reports. The development team requests broad read access "so the model can learn what's relevant." As the security architect, what is the MOST appropriate approach? A. Grant read-only access to all repositories and log every query for review B. Provision a non-human identity with least-privilege, task-scoped entitlements C. Route all agent queries through a human-approved request workflow D. Use the developer's service account credentials for traceability Come back for the answer tomorrow, or study more now!