I am excited to share that I have provisionally passed the CISSP yesterday; 100Qs, 1st attempt. 3 months of study, effort, time and discipline paid off, I took a winded path to the CISSP, took the CC in October, then SSCP in November and CISSP this December. Many thanks to this Community, couldn’t have done it without you’ll, the study sessions, the May Brooks strategies; came in clutch!Thanks for putting this together @Vincent Primiani. I’ll certainly be lurking around this community and help out where I can. Preciate you all!

A penetration test identifies a critical vulnerability in a customer-facing application, but exploitation would require downtime during peak business hours. The business requests delaying remediation until the next quarterly release. What should the security manager do FIRST? A. Accept the risk and document the delay as requested B. Perform a risk assessment and present impact analysis to business leadership C. Immediately remediate the vulnerability despite business objections D. Disable the affected application until remediation is complete

A business unit requests an exception to bypass multifactor authentication for a legacy system that cannot support it without a costly upgrade. The system processes sensitive but non-regulated data, and no active exploits are known. What should the security manager do FIRST? A. Deny the request and mandate immediate MFA implementation B. Perform a risk assessment and formally document risk acceptance C. Approve the exception indefinitely due to technical limitations D. Compensate by increasing network monitoring without documentation

Welcome to the group! Please share what you hope to gain from being here, and for fun, tell us the best piece of advice you've ever received!