What a relief to pass the CISSP exam. 🎉🎉 I’ll be honest, I didn’t read the entire book. I skipped two or three domains entirely. I attended the May Brook Cohort class and used Claude to better understand specific concepts and shore up my weak domains. One thing I noticed: there’s no way to tell whether someone passed or failed just by watching them walk out. My recommendations — never second-guess your instincts, read each question twice, and make sure you’ve read all four answers before selecting one.

I passed the CISSP yesterday. It has been an immense journey and this community has been instrumental and has been great to collaborate and I will continue to do so. You will never feel 100% ready to take this exam, you just have to go for it! I used official study materials to prepare and this community for Q&A which I believe is a great preparation source. Keep pushing, you will get there all that hard work will pay off.

A vendor proposes a new SaaS platform that processes regulated customer data. Procurement wants to sign by quarter-end, and the vendor's SOC 2 Type II report is six months old. As the security architect, what is the MOST appropriate next step? A. Accept the SOC 2 report and proceed with contract execution B. Require the vendor to complete your standard security questionnaire C. Perform a risk assessment mapped to your control requirements D. Demand a fresh penetration test before signing Come back for the answer tomorrow, or study more now!

A long-tenured engineer has accumulated access across six business units through internal transfers. A recent audit flagged the account as having excessive privileges, but managers insist the access is "needed for cross-functional projects." What should you do FIRST? A. Disable unused entitlements based on the last 90 days of activity logs B. Initiate a formal access recertification with each respective data owner C. Implement a role-based access control model to replace direct grants D. Escalate to HR to enforce a job description review Come back for the answer tomorrow, or study more now!

A business unit requests permanent retention of all customer transaction records "in case we ever need them." Legal has not issued a hold, and the current retention schedule requires deletion after seven years. As the data owner's advisor, what is the BEST response? A. Honor the request since longer retention reduces legal discovery risk B. Enforce the existing retention schedule and require a formal exception with risk acceptance C. Migrate the records to cold storage to balance cost and accessibility D. Defer to Legal before taking any action on the records Come back for the answer tomorrow, or study more now!