User
Write something
Study Group (930AM EST Thurs) is happening in 12 hours
CISSP Practice Question (Domain#3)
A financial services company is designing a system to securely transmit large volumes of transaction data between two data centers in near real-time. The security team requires that the solution provide confidentiality for the data in transit while minimizing computational overhead, since asymmetric encryption of the full data stream would introduce unacceptable latency. Which approach BEST meets this requirement? A. Encrypt the entire data stream using RSA with a 4096-bit key to maximize confidentiality B. Use a symmetric algorithm such as AES for the data stream, with an asymmetric algorithm used only to securely exchange the symmetric session key C. Use a hashing algorithm such as SHA-256 to protect the confidentiality of the transaction data D. Use asymmetric encryption for the data stream, but reduce the key size to 1024 bits to improve performance
CISSP Question
What are the three types of security controls? A. Logical, Physical, Administrative B. Detection, Prevention, Correction C. Firewall, IDS, IPS D. Technical, Management, Operational
Practice Question
What is the primary function of a Data Loss Prevention (DLP) solution? A. Encryption B. Access Control C. Monitoring D.Traffic Filtering
Passed the CISSP
I (@ Capri in group sessions) have passed the CISSP at 100 Questions with 50 mins time & 50 questions remaining, it was my first attempt, I was keeping it postponing from Mar 2026, thinking I lacked preperations every time when tried to press the exam appointment confirm button. I almost keep attending daily study group and answering daily question from about 6 months, group discussions, variety of question banks and sharing of failed / passed memebers exam experience gave me alot of help. I used the following study resources: OSG and Official practice tests Wiley & Parb Nair Coffee shots ( started preperations) cissp.appย app - of course main source as discussed ( thankful to Mr Vincent ) Destination Cert YouTube series and solved 3100+ questions https://www.theinfosecvault.com, CISSP Zero to Hero by Mr Lorenzo Leonelli, solved 1000+ practice question and 300 + Board room challenge questions. frsecure.com โ€บ cisspFree CISSP Certification Training, overviewed presentations Andrew Ramdayal โ€“ 50 CISSP Practice Questions Infosec Train CISSP videos Pete Zerger, vCISO, CISSP CISSP videos Luke Ahmed 25 Questions โ€œWhy You Will Pass the CISSP Examโ€ โ€” Kelly Handerhan www.cybernous.com Manoj Sherma videos Shon Gerber and Mike Capple Weekly Free CISSP Question ( receiving free after email subscription) Ms May Brook free CISSP Master classes, many questions from her quizzes were amazingly similar to real short questions of the exam. Mr Lenre and Mr Erinco PDF Cheet sheets ( shared during group sessions) and a many random resources, videos & questions. The CISSP journey was demanding - requiring consistency, discipline, and a strong conceptual foundation. It reinforced that cybersecurity is not just about tools and technologies, but about strategy, governance, and protecting organizational value.
CISSP practice question in our session today...answer included.
In a healthcare organization, which approach BEST addresses asset security while balancing patient data confidentiality and regulatory compliance? A) Implement encryption for all data at rest B) Adopt strict access controls for sensitive information C) Conduct regular audits of data access D) Train staff on data privacy policies Explanation: Correct Answer B. Adopt strict access controls for sensitive information Explanation (CISSP Manager Logic) Managers must prioritize the principle of least privilege to satisfy both operational security and regulatory mandates like HIPAA. Enforcing strict access controls ensures that sensitive assets are only available to authorized personnel, directly mitigating the risk of unauthorized disclosure. By adopting strict access controls, you Enforce the principle of least privilege across the organization. Meet specific regulatory requirements for protecting patient data. Reduce the attack surface by limiting exposure of sensitive assets. A: Encryption protects data from theft but does not prevent authorized users from abusing their access rights. C: Auditing is a detective control that identifies breaches after they occur rather than preventing them. D: Training is an administrative control that relies on human behavior rather than technical enforcement. Think like a manager Focus on the most effective preventive control that balances risk mitigation with compliance. Technical enforcement of access rights is the primary defense for asset security in highly regulated environments.
1
0
1-30 of 1,059
CISSP Study Group
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
Powered by