ISC2 published this yesterday. It maps out exactly how AI security concepts show up across the CISSP exam. This is NOT a new exam outline. The current outline (April 2024) already has AI baked in. But this document spells out the specifics so you know what to expect. The big picture: AI isn't a separate topic. It's woven into everything from risk management (Domain 1) to software development security (Domain 8). A few things that stood out to me: - You need to know about protecting training data and model weights (Domain 2) - Prompt injection and adversarial attacks are fair game (Domain 3) - AI red teaming is now part of security testing (Domain 6) - Managing identities for AI agents and service accounts - least privilege still applies (Domain 5) - Model drift and AI in the SOC are covered in operations (Domain 7) If you're studying right now, don't panic. Most of this maps to concepts you already know -- just applied to AI systems. But you should absolutely be familiar with terms like data poisoning, adversarial attacks, algorithmic bias, model drift, and prompt injection. On our end we're going to keep weaving more AI-focused questions into the https://cissp.app and bringing more of this into our study group discussions. I attached the PDF if you want to read the full thing.

Hello everyone, I’d like to ask about the questions from cissp.app (solved during the sessions). How close are these tests to the real CISSP exam? If I perform well on the practice tests, can I rely on them as a good indicator? Also, what score would give me confidence that I’m ready to take the actual exam?

Hey everyone, I recently started working through the free 1000+ CISSP practice questions offered by Destination Certification and wanted to get your thoughts. How would you rate the overall quality of the questions? Do they closely reflect the actual exam format and difficulty, or are they more conceptual in nature? Has anyone here used this question set and gone on to pass the exam? I’m trying to figure out if it’s worth investing serious time into this resource, or if it’s better suited as a supplemental tool for reinforcement rather than a primary study method. Would love to hear your feedback—thanks in advance!

In a security assessment, a company is testing the effectiveness of its encryption controls for data in transit. The security team wants to ensure that data remains confidential when transmitted between servers in different geographical locations. Which of the following testing methodologies would BEST validate the encryption controls in this scenario? Options: A. Protocol Analysis B. Penetration Testing C. Vulnerability Assessment D. Security Configuration Testing