An enterprise is moving to a hybrid cloud model and wants to centralize user authentication across on-premises systems and multiple SaaS providers. The solution must support single sign-on (SSO), enforce multi-factor authentication (MFA), and minimize administrative overhead for provisioning and deprovisioning accounts. Which of the following approaches BEST meets these requirements? A. Deploying Kerberos across all environments, including the SaaS providers B. Implementing a Security Assertion Markup Language (SAML)–based federation with an identity provider C. Using RADIUS servers for all authentication requests to centralize credential management D. Requiring each SaaS provider to integrate directly with the corporate LDAP directory

You are designing a system for a law firm that represents multiple competing corporations. The system must: - Prevent lawyers from accessing case files of competing clients - Ensure paralegals can enter data but only senior attorneys can approve filings - Maintain confidentiality of client records Which combination of models is most relevant here? A. Bell–LaPadula and Biba B. Clark–Wilson and Brewer–Nash C. Bell–LaPadula and Clark–Wilson D. Brewer–Nash and Biba

Senior management has approved funding for a new information security program. The CISO wants to ensure that the program is sustainable and aligned with business strategy. Which of the following is the MOST important first step? A. Develop detailed security policies and procedures for all business units. B. Conduct a comprehensive risk assessment across the organization. C. Implement baseline technical controls to address known vulnerabilities. D. Establish a security steering committee with representation from business leadership.

Alright folks, here it is! The registration link for the FREE MasterClass you don’t want to miss:👉Registration Link - Let us know in the comments if you'll be there! Tuesday, September 16th at 7:00 PM UAE We’re thrilled to welcome May Brooks-Kempler (@May Brooks) to our community!May is one of the most respected CISSP instructors worldwide. She’s an (ISC)² Board Member, co-author of the Official CISSP Study Guide, TEDx speaker, bestselling author (Scams, Hacking, and Cybersecurity), and a recognized leader in the global infosec community. What this means for you: 📚 Study Group MasterClass Takeover – May is giving our members free admission to her upcoming CISSP MasterClass. This is your chance to learn directly from one of the best and show her what our study group is all about. 🎤 Pop-In Q&A – Keep joining our study groups, because you never know when May might drop in for a quick Q&A. 🤝 Exciting Collaboration – This is just the beginning. May is backing our community as the place for anyone self-studying or preparing for the CISSP together. 💡 Earn 2 CPE Credits – Self-submit for 2 CPEs just for attending the MasterClass.

A security analyst receives an alert that several internal hosts are communicating with a known command-and-control server. The intrusion detection system (IDS) flagged the activity, but business-critical processes are running on the affected systems. What should the incident response team do FIRST? A. Disconnect the affected systems from the network immediately. B. Validate the IDS alert to confirm whether the activity is a true positive. C. Notify senior management of a confirmed breach. D. Begin forensic imaging of the affected systems.