A business unit requests permanent retention of all customer transaction records "in case we ever need them." Legal has not issued a hold, and the current retention schedule requires deletion after seven years. As the data owner's advisor, what is the BEST response? A. Honor the request since longer retention reduces legal discovery risk B. Enforce the existing retention schedule and require a formal exception with risk acceptance C. Migrate the records to cold storage to balance cost and accessibility D. Defer to Legal before taking any action on the records Come back for the answer tomorrow, or study more now!

Hi everyone, I’m excited to share that I provisionally passed the CISSP exam yesterday. It’s definitely been a challenging journey, but the hard work has paid off. To prepare, I used a mix of resources including the official ISC2 study guide, the Destination Certification mind maps, and Peter Zerger’s YouTube videos. For practice questions, I used this platform and the LearnZapp app. A huge thank you to everyone in this group for the support, and I wish you all the best on your own journeys!

Hi everyone, I’m excited to share that I’ve provisionally passed the CISSP CAT exam today! It’s a challenging journey, but it is absolutely worth it in the end. Huge respect to everyone in this group. If you’re still on the journey, keep pushing. You will get there. Here’s what worked for me: I relied heavily on the official ISC2 5 day boot camp and the e textbook that comes with the training. That combination helped me build a solid foundation and stay focused on what matters. One key mindset shift that really helped during the exam was to trust the process and not panic. Take your time with each question, really try to understand what is being asked, and focus on what they are actually looking for before choosing your answer. Note:The ISC2 CISSP Official Study Guide and Practice Tests Bundle (Sybex) is still essential reading and a great resource to reinforce your understanding. Wishing you all success. You’ve got this.

Your company adopts Zero Trust and replaces the legacy VPN with identity-based access for remote workers. Six weeks in, helpdesk tickets spike: users complain that access to internal apps breaks unpredictably throughout the day. What is the MOST likely root cause? A. Insufficient bandwidth at the identity provider B. Continuous authentication is re-evaluating trust signals and revoking sessions C. DNS resolution failures between the client and the policy enforcement point D. Certificate pinning conflicts with the new SSO provider Come back for the answer tomorrow, or study more now!

Developers at your company use an LLM-powered coding assistant that auto-generates functions pulled into production via CI/CD. A recent audit reveals several generated functions contain hardcoded credentials and insecure deserialization patterns. What should the security manager prioritize FIRST? A. Ban the AI coding assistant until the vendor eliminates hallucinated vulnerabilities B. Require developers to manually review all AI-generated code before committing C. Integrate automated AI security testing into the CI/CD pipeline to catch flaws pre-production D. Report the insecure patterns to the LLM vendor for model fine-tuning Come back for the answer tomorrow, or study more now!