Your organization is migrating legacy on-premises applications to a multi-cloud environment. The security team discovers that several applications use hardcoded service account credentials that cannot be easily refactored before the migration deadline. Business leadership refuses to delay the timeline. What is the BEST approach? A. Migrate as planned and prioritize credential refactoring in the next sprint B. Implement secrets management and network segmentation around the vulnerable applications C. Present the risk formally to leadership with compensating control options and timeline impacts D. Reject the migration for applications with hardcoded credentials until remediation is complete Come back for the answer tomorrow, or study more now!

Hi All, I used this group heavily for my CISSP studying last year. This year I studied for the CCSP so I did not participate in the group. However, I used the https://cissp.app/ app in the last week for practice questions and the mock exam feature. It is excellent! The mock exam was the hardest and most realistic of all the practices exam I took for the CCSP. It is adaptive based on your responses and has similar style to the real exam where you can't make sense of the question or answers until rereading a few times. I highly recommend it!

I couldn’t have done this alone. Thanks to everyone who supported me along the way—I’m excited to say I’m now CCIE and CISSP certified!

A multinational organization is expanding into a region with strict data localization laws while maintaining its global incident response capability. The CISO must balance compliance with operational effectiveness. What is the MOST appropriate first step? A. Deploy regional SOC infrastructure to process security data locally B. Conduct a regulatory impact assessment on cross-border data flows C. Negotiate data transfer agreements with the host country's authority D. Implement encryption for all security telemetry leaving the region Come back for the answer tomorrow, or study more now!

A development team integrates a generative AI coding assistant that was trained on public repositories. The tool accelerates feature delivery but occasionally references deprecated libraries. Legal warns that AI-generated code may contain license violations or expose proprietary logic if the model was trained on leaked internal code. What should the security manager do FIRST? A. Engage legal counsel to review the AI vendor's training data sources and contractual indemnification clauses B. Implement software composition analysis (SCA) and require all AI-generated code to be digitally signed before commit C. Restrict the AI tool's access to internal repositories and enforce output review through secure-coding peer validation D. Retrain or fine-tune the AI model using only vetted, license-compliant code from approved sources