Hi Everyone, I’m proud to share that I have provisionally passed the CISSP CAT exam today! It will definitely test your fitness, but it is all worth it. Huge respect to everyone here. For those who are still traveling, keep going; it will be worthwhile, and you will reach the end. Here's my personal strategy for exam prep. Note: This is still required reading: ISC2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle (Sybex Study Guide). Wave 1—Setup 1. Join https://www.skool.com/cybersecurity-study-group (obviously, you're here already 🙂). 2. Subscribe to https://cissp.app/ 3. Buy the book: https://leanpub.com/cissplastmile#about 4. Download and print out: https://destcert.com/cissp-mindmaps/ Wave 2—Study 1. Watch: https://www.youtube.com/watch?v=5BnhDVOnzmg 2. Watch: https://www.youtube.com/watch?v=gKe88tIeVYo 3. Watch in full: https://www.youtube.com/watch?v=aLIFzIBNM_8&list=PL7XJSuT7Dq_XPK_qmYMqfiBjbtHJRWigD 4. Watch in full: https://www.youtube.com/watch?v=hf5NwUSEkwA&list=PLZKdGEfEyJhLd-pJhAD7dNbJyUgpqI4pu 5. Go through the mind maps daily. 6. Read the book. 7. Use cissp.app and practice a minimum of 25 questions each day (three-month prep period). a. Check the gap analysis summary every 100 questions at the latest and go read up on your weak areas. Wave 3—Last month 1. Watch https://www.youtube.com/watch?v=5BnhDVOnzmg 2. Watch https://www.youtube.com/watch?v=gKe88tIeVYo

May is one of the most respected CISSP instructors worldwide. She’s a ISC2 Board Member, co-author of the Official CISSP Study Guide, TEDx speaker, bestselling author (Scams, Hacking, and Cybersecurity), and a recognized leader in the global infosec community. Here’s what this means for you: 📚 Saturday Study Group Takeover - This is a chance to learn directly from one of the best and show her what Study Group is all about. 💡 CPE Credit – You can self-submit for 2 CPE credits for attending any Study Group session. 🎤 Pop-In Q&A – Keep joining Study Groups, because you never know when May might drop in for a quick Q&A. 🤝 Exciting Collaboration – This is just the beginning. May is supporting our community as the go-to place for those just starting, self-studying, or looking for a group to prepare for the CISSP with peers. Let’s pack Study Group and bring our best energy to show May the strength of our community. Show May your appreciation in the comments!

I am excited to share that I have provisionally passed the CISSP exam today It took a while, months of effort and discipline, including overcoming a previous failed attempt. Thanks to my family, friends and CISSP Study Group Community, i could have not done this without any of you! @Vincent Primiani thanks for putting together this wonderful community of liked minded people, with a common goal of achieving the much sought after CISSP certification. I'm not going anywhere, i am still going to be a member of this community and help where i can, and of course onto the next one ......

An organization replaces periodic vulnerability scans with a continuous exposure-management platform that automatically adjusts risk scores based on real-time threat intelligence. During an internal audit, leadership asks whether this approach still satisfies regulatory expectations for formal security assessments. What should the security manager do FIRST to address this concern? A. Map continuous monitoring outputs to regulatory assessment requirements B. Resume scheduled vulnerability scans to avoid audit findings C. Request written approval from regulators for the new approach D. Disable automated risk scoring and rely on static assessments

During a routine security audit, your organization's security team discovered suspicious network traffic originating from a specific internal host to an external IP address known for malicious activities. Further investigation revealed potential data exfiltration. You have been tasked with initiating an incident response and digital forensics investigation. Which of the following steps should be prioritized in this scenario? Options: A. Immediately isolate the internal host from the network to contain the incident. B. Deploy a network intrusion detection system (NIDS) to monitor the suspicious host's traffic. C. Obtain a memory dump of the suspicious host for volatile data analysis. D. Shut down the network firewall to prevent further data exfiltration.