Activity
Mon
Wed
Fri
Sun
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
What is this?
Less
More
Memberships
CISSP Study Group
1.8k members • Free
18 contributions to CISSP Study Group
6h •
CISSP Practice Question (Domain 1: Security and Risk Management / Emerging Technology Governance)
An organization deploys agentic AI systems that autonomously query external sources, make decisions, and trigger actions across business workflows. In one case, an agent exceeds its intended authority by chaining actions across systems without human approval. Leadership wants innovation but defensible governance. What is the MOST appropriate control to establish FIRST? A. Continuous monitoring of agent activity with real time alerting B. Strong authentication and API rate limiting for agent actions C. Clearly defined authority boundaries and risk ownership for agents D. Periodic audits of agent decisions and outcomes Come back for the answer tomorrow, or study more now!
3 likes • 4h
C. Clearly defined authority boundaries and risk ownership for agents is the MOST appropriate control to establish FIRST. The scenario states that “it exceeded its intended authority”, therefore this was not a monitoring issue but rather a governance issue. Governance is always before Implementation. It’s is important to define the authority boundaries and who is accountable (who owns the risk) first.
3d •
CISSP Practice Question (Domain 5: Identity and Access Management)
After a merger, two companies federate identity systems to allow cross access to shared applications. An incident later reveals one company’s disabled accounts remained active in the partner environment. Both sides claim the other owns deprovisioning. What is the MOST appropriate control to establish FIRST? A. Enforce shorter session timeouts across federated applications B. Implement continuous access monitoring with anomaly detection C. Define authoritative identity ownership and revocation responsibility D. Require periodic manual access recertification for all shared users Come back for the answer tomorrow, or study more now!
2 likes • 3d
C. Define authoritative identity ownership and revocation responsibility is the MOST appropriate control to establish FIRST. Policy/Goverance is always before Implementation. The establishment of contractual responsibilities are required before any technical controls - without them you have the how but not the who - who is accountable?
11d •
Masterclass with May Brooks on the 11th! 7PM UAE
We’re excited to invite the Study Group to another masterclass with May Brooks on the 11th, 7PM UAE These sessions have been a great opportunity to go deeper on key concepts and get May’s perspective and corrections in real time. As always free for Study Group members, you can sign up here. Looking forward to seeing you there!
Poll
42 members have voted
1 like • 11d
Is it the 1st or the 11th?
12d •
CISSP Practice Question (Domain 1: Security and Risk Management)
Senior leadership wants to launch a new customer analytics platform that processes regulated personal data. The CISO identifies control gaps that exceed the organization’s stated risk appetite, but executives are pushing for speed to market. What is the MOST appropriate action for the CISO to take NEXT? A. Document the risk and accept it to support business objectives B. Implement compensating controls within the security team C. Escalate the risk to senior management for formal risk acceptance D. Delay the project until all identified risks are fully mitigated Come back for the answer tomorrow! Study more now at CISSP.app
4 likes • 12d
C Escalate the risk to senior management for formal risk acceptance. The important statement in this scenario is that “The CISO identifies control gaps that exceed the organization’s stated risk appetite”, when the risk exceeds the risk appetite of the organization it is imperative that executive management is informed and they make the final decision to formally except the risk - or maybe even decide to delay the release to market - but either way it’s an executive management decision/ not the CISO. Applying compensating controls could still leave gaps that exceed the risk appetite of the organization, which is outside of the CISO’s authority to accept. The CISO making the decision could leave the CISO personally liable & the organization negligent.
14d •
CISSP Practice Question (Domain 7: Security Operations / Evidence Handling & Logging)
After a suspected insider incident, system logs from multiple servers show inconsistent timestamps and missing entries. Legal counsel advises that the organization may face litigation. Operations wants logs centralized immediately to restore visibility. What should the security manager do FIRST? A. Centralize all logs immediately to improve operational monitoring B. Preserve existing logs and establish forensic chain of custody C. Reconfigure time synchronization across all affected systems D. Notify law enforcement and external counsel of potential evidence gaps
3 likes • 13d
B Preserve existing logs and establish forensic chain of custody is what the security manager should do first. It is important to always keep evidence preserved, ensuring no contamination, especially in this scenario for Legal counsel advises that the organization may face litigation. Reconfiguring & moving logs compromises the evidence and it would be easily deemed inadmissible in any legal proceedings.
1-10 of 18
@pamela-solomon-5177
Studying for CISSP – open to study groups and collaboration. Let’s connect and grow in cybersecurity.
Active 4h ago
Joined Aug 30, 2025
WDC
Powered by