Which of the following is the PRIMARY goal of a security awareness training program within an organization? 1. To ensure all employees can respond effectively to security incidents 2.To reduce likelihood of insider threats and data breaches 3.To achieve compliance with industry security standards 4.To teach employees the organization security expectations

Your organization has hired a new Security Architect who has experience with products from a particular vendor and is therefore inclined to use their suite of products. She suggests your team replaces the existing tools with the products of her chosen vendor. What is the primary concept missing from this action? A Risk Assessment B Due Diligence C Due Care D Strategic Alignment

An organization utilizes a combination of centralized and decentralized identity management systems. One day, the IT security team discovers that a user, involved in various departments, has retained access to systems beyond what their current role necessitates, leading to excessive privilege accumulation. Given the hybrid nature of the identity management system, what should be the immediate course of action to rectify the situation according to IAM best practices? Options: A. Run a script to automatically remove excess privileges across all systems. B. Conduct a comprehensive audit of user access rights and adjust privileges manually. C. Enforce multifactor authentication for all user logins. D. Transition to a fully centralized identity management system. (answer tomorrow!) Study more at : cissp.app !

During an ongoing ransomware attack, a system administrator discovers that several critical servers are actively encrypting files. Senior leadership is out of contact, and the company’s incident response plan is still in draft form. What should the administrator do FIRST? A. Shut down all affected systems to stop the encryption immediately. B. Disconnect the affected servers from the network and preserve volatile evidence. C. Attempt to restore the servers from the most recent backup. D. Notify law enforcement about the ransomware activity.

Boom Totally DIDN'T expect it. Even filled in the survey saying the exam is nothing like the course outline. Was convinced I'd failed so an absolute result to find out I hadn't. Thanks to @Vincent Primiani and the whole community for your help