I sat the exam yesterday and passed! It was difficult to say the least and I was convinced through the whole thing that I was failing, I kept at it and focussed on each question as it came. I started studying in December and my exam was in Feb. First 6 weeks I watched some ondemand training on O'Reilly platform by Sari Greene. Then the last 6 weeks was intense study (several hours a day) using the OSG, the Offical Practice tests, Destination Cert YouTube series and their app for questions, Peter Zerger's YT content, cissp.app app, any other YT I could find on answering hard questions and of course the study groups. I also used David Hawkins pdf (in this chat) on exam strategies. I can't tell you what I thought worked for me, all I can say is the exam really did expect you to understand concepts and the broader range of perspectives you can get the better. Hope that helps someone.

Your organization deploys a third-party AI model for customer credit decisions. Regulators require explainability for all automated decisions affecting consumers. The vendor claims their model is proprietary and refuses to disclose decision logic. What is your MOST appropriate action? A. Require the vendor to provide explainability documentation or terminate the contract B. Build an internal wrapper that approximates the model's decision logic C. Accept the vendor limitation and disclose the AI usage in customer agreements D. Transfer regulatory compliance responsibility to the vendor through contractual terms Come back for the answer tomorrow, or study more now!

After positive feedback from the first exam strategy guide that I compiled, I expanded it to provide a structured approach to selecting the correct exam answer.

A global enterprise discovers that terminated employees in acquired subsidiaries retain active VPN credentials an average of 45 days post-termination. HR blames IT for slow deprovisioning; IT blames HR for delayed termination notifications. What should you address FIRST? A. Implement automated identity lifecycle management to eliminate manual delays B. Establish a unified offboarding SLA with defined handoff triggers between HR and IT C. Deploy continuous access certification reviews to catch orphaned accounts D. Require subsidiary IT teams to run weekly active directory reconciliation reports Come back for the answer tomorrow, or study more now!

Your board approves a risk appetite statement allowing moderate risk for innovation initiatives. Six months later, a business unit launches an AI product that processes health data without a privacy impact assessment. The unit claims it falls within approved risk appetite. What is the PRIMARY concern? A. The AI product lacks sufficient technical security controls B. Risk appetite does not override mandatory regulatory compliance obligations C. The business unit failed to obtain CISO approval before launch D. The risk appetite statement needs to be revised to exclude AI initiatives Come back for the answer tomorrow, or study more now!