Activity
Mon
Wed
Fri
Sun
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
What is this?
Less
More
Memberships
CISSP Study Group
1.5k members • Free
5 contributions to CISSP Study Group
6d •
CISSP Practice Question – Security & Risk Management (Ethics)
While performing a security assessment for a client, you discover confidential information that suggests the client’s employees are engaging in activity that may be illegal but is unrelated to the scope of your engagement. According to the ISC2 Code of Ethics, what is the BEST action for you to take? A. Report the activity directly to law enforcement. B. Inform your client’s senior management about the findings. C. Document the evidence and keep it in case it’s needed later. D. Ignore the activity since it is outside the scope of your contract.
0 likes • 5d
A - The code states to act honorably, justly, responsibly, and legally; which means to report unlawful activities related to the profession. So while the finding was outside of the scope of engagement it could be argued that confidential information, the protection of that data is related to the profession. Furthermore, if an individual does not report then it could be perceived as them consenting to bad practice and could implicate them as an associate in the crime. For these reasons I think ISC professionals have to report to authorities/law enforcement.
8d •
CISSP Practice Question – Software Development Security
A development team is adopting a secure software development lifecycle (SDLC). The security manager wants to ensure that vulnerabilities are identified before code is executed, but also wants to minimize cost and disruption to developers. Which of the following activities BEST meets this requirement? A. Static application security testing (SAST) B. Dynamic application security testing (DAST) C. Fuzz testing D. Penetration testing
0 likes • 7d
A - because it says before - done before code execution Not: B-must be executed C-done in testing phase - code must be executed D-done to simulate real world attacks
7d •
CISSP Practice Question – Asset Security
An organization is classifying its data to ensure proper handling. A security manager notices that some employees are sending sensitive financial reports through unsecured email because the classification label is not clearly understood. What is the BEST action the organization should take to address this issue? A. Enforce encryption on all outbound email by default. B. Provide mandatory training on data classification and handling requirements. C. Revise the classification scheme to use simpler and clearer labels. D. Implement a data loss prevention (DLP) solution to block unencrypted sensitive emails.
3 likes • 7d
B It states employees are sending incorrectly, so the root cause is employee awareness. A - a technical control that could provide added protection, but if users aren’t educated doesn’t address root cause C- could be helpful as an additional measure but would bot address root cause by itself therefore not the “Best” choice D- - a technical control that could provide added protection, but if users aren’t educated doesn’t address root cause
Jul '24 •
Introductions
Welcome to the group! Please share what you hope to gain from being here, and for fun tell us the best piece of advice you've ever received.
0 likes • 27d
I hope to benefit from the shared knowledge, experiences, and perspectives of other professionals working toward the same goal. Best advice - there is many but quickly I can think of a my great grandfather telling me Patience is a virtue - although he was teaching me how to fish or my father who taught me to measure twice and cut once - meaning being thoughtful and deliberate before making significant decisions. And a saying that I like - related to this industry- there is no such thing as a stupid question….unless you ask it when it’s in production 😆
28d •
CISSP Practice Question! Password Testing Approaches
If you were tasked with testing an organization’s password security, what would you prioritize first: trying credential stuffing with real-world breach data, attempting brute force against weak accounts, or assessing the organization’s password policy and controls? From a CISSP perspective, which approach best balances technical depth with business risk?
1 like • 27d
First priority would be assessing the organization’s password policy. I would think that credential stuffing would be the approach that best balances technical depth with business risk.
1-5 of 5
@pamela-solomon-5177
Studying for CISSP – open to study groups and collaboration. Let’s connect and grow in cybersecurity.
Active 3d ago
Joined Aug 30, 2025
WDC
Powered by