Hi Everyone! I received the following message from ISC2 three days after writing the CISSP exam, but I haven’t been able to update the platform until now due to urgent family matters. The message read: "Congratulations! We are pleased to inform you that you have passed the Certified Information Systems Security Professional examination. You have successfully completed the first step toward earning your certification and becoming an ISC2 member..." From my experience, I’ve learned that the key to passing is understanding the core concepts and how they apply in real-world cybersecurity scenarios. Practice tests help, but not as much as truly grasping the principles. Thank you.

Which of the following are all elements of a disaster recovery plan (DRP)? A. Document the actual location of the Offsite Recovery Point (ORP), developing an incident notification procedure, evaluating costs of critical components B. Document the actual location of the Offsite Recovery Point (ORP), developing an incident notification procedure, establishing recovery locations C. Maintain proper documentation of all server logs, developing an incident notification procedure, establishing recovery locations D. Document the actual location of the Offsite Recovery Point (ORP), recording minutes at all Offsite Recovery Point (ORP) planning sessions, establishing recovery locations

An internal audit for an organization recently identified malicious actions by a user account. Upon further investigation, it was determined the offending user account was used by multiple people at multiple locations simultaneously for various services and applications. What is the BEST method to prevent this problem in the future? A. Ensure the security information and event management (SIEM) is set to alert. B. Inform users only one user should be using the account at a time. C. Ensure each user has their own unique account. D. Allow several users to share a generic account.

XYZ Corporation is implementing a new security policy to address data leakage through email communications. The company handles sensitive information that must be protected in transit, and they are concerned about unauthorized data exfiltration. The security team has decided to implement a Data Loss Prevention (DLP) solution integrated with their email gateway. As the security officer, you need to define the policies that must be enforced by the DLP system. Which of the following configuration choices would be the MOST effective in achieving this goal? Options: A. Configure the DLP system to monitor outbound emails for patterns matching credit card numbers and encrypt any email containing such patterns. B. Set up the DLP system to block any outbound email containing attachments with file types such as .doc, .xls, and .pdf. C Use the DLP system to silently log all outbound emails without enforcing any restrictions to assess the scale of data sent. D. Implement the DLP system to flag and quarantine emails containing keywords related to sensitive projects before they are sent externally. Study more at: https://cissp.app

Happy to share that I successfully passed my CISSP exam this week. Just wanted to encourage someone to jump in to. Pete Zeter exam cram, Quantum exam, CISSP official exam 10th edition were good ressources for me.