While performing a security assessment for a client, you discover confidential information that suggests the client’s employees are engaging in activity that may be illegal but is unrelated to the scope of your engagement. According to the ISC2 Code of Ethics, what is the BEST action for you to take? A. Report the activity directly to law enforcement. B. Inform your client’s senior management about the findings. C. Document the evidence and keep it in case it’s needed later. D. Ignore the activity since it is outside the scope of your contract.

A big thank you to May Brooks-Kempler for sharing her expertise in today’s Masterclass, and to everyone in our community who joined and made it a success. We’re glad we could bring you this opportunity to learn directly from one of the best. Stay tuned for more exciting collaborations with May! 🙏 Please join us in thanking May in the comments. Let us know your biggest takeaway from the session.

An organization is deploying a comprehensive Network Access Control (NAC) strategy using the 802.1X standard for both wired and wireless connections. A primary security requirement is that a device must be fully authenticated at its initial point of entry to the network infrastructure. This authentication must be successfully completed *before* the device is assigned an IP address and is permitted to engage in network-level communications. To meet this requirement, at which OSI layer must the 802.1X control be enforced? A. Layer 7 (Application Layer) B. Layer 2 (Data Link Layer) C. Layer 4 (Transport Layer) D. Layer 3 (Network Layer)

A multinational corporation is in the process of merging its IT infrastructure with a recently acquired company. The goal is to allow seamless access to corporate resources for employees from both organizations while maintaining security and compliance with regulatory requirements. The acquired company's infrastructure uses a different identity provider than the parent company. As the lead IAM architect, you need to design a solution that supports Single Sign-On (SSO) for both companies' users accessing shared resources. Which identity federation protocol should you recommend implementing to achieve this integration while ensuring secure authentication and authorization? Options: A. Option A: Security Assertion Markup Language (SAML) B. Option B: OAuth 2.0 C. Option C: Lightweight Directory Access Protocol (LDAP) D. Option D: Kerberos

I’m proud to share that I’ve provisionally passed the CISSP (Certified Information Systems Security Professional) exam—and did so at the 100-question cutoff with more than 90 minutes to spare. This accomplishment was the result of months of dedicated studying, including: - Reading the Sybex Official CISSP Guide - Listening to CISSP-focused podcasts and video content - Completing countless practice exams and domain-by-domain reviews - Engaging in peer discussions and online study forums The CISSP is a rigorous exam that tests not only knowledge, but also your ability to think critically across eight diverse domains of cybersecurity. Finishing at 100 questions was both a challenging and rewarding experience. Next up: completing the endorsement process. Thank you to everyone who supported me throughout this process—your guidance and encouragement made a difference. #CISSP #CyberSecurity #InformationSecurity #ProfessionalDevelopment #CareerMilestone #SecurityLeadership