Which of the following is the FIRST requirement a data owner should consider before implementing a data retention policy? A. Training B. Legal C. Business D. Storage

Alice runs a small online retail company; many of her customers are from the United States. Currently, she accepts only blockchain-based payment, but she is considering the use of credit cards. After investigating Payment Card Industry Data Security Standard (PCI DSS) requirements, she decides that the cost of compliance would outweigh the additional revenue. Which of the following best describes this decision? A. Social engineering B. PCI DSS Merchant Level 3 C. Card verification value (CVV) D. Risk avoidance

In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews? - A. Implement bi-annual reviews. - B. Create policies for system access. - C. Implement and review risk-based alerts. - D. Increase logging levels.

Hi all. I'm glad to share that I've provisionally passed the CCSP exam, in no small part because of the helpfulness and support of this group. The exam itself was not easy at all, probably the toughest exam I've ever written. So again thank you all for sharing experiences, practice questions, and comments. On to the CISSP!

This group has been incredibly useful in terms of general security knowledge and tips as I prep for my CCSP exam. But as my exam approaches I'm wondering when the right time would be take a haitus and focus only on the CCSP CBK exclusively. Anyone else been down that path or can offer advise? Thanks