A healthcare company deploys a diagnostic AI system that recommends treatment options. Regulators require the organization to explain how the model reaches its conclusions. The security architect proposes encrypting the model's internal weights to protect intellectual property. What concern should the CISO raise FIRST? A. Encryption at rest is insufficient without also encrypting data in transit between inference nodes B. Protecting model weights may conflict with the regulatory requirement for explainability C. The model should be hosted in a secure enclave to prevent adversarial extraction attacks D. A third-party penetration test should validate the encryption implementation before deployment Come back for the answer tomorrow, or study more now!

Hi Everyone, I’m pleased to share that I have provisionally passed the CISSP today (10/04/2026) - a great way to head into the weekend! It was certainly a tough exam (perhaps tougher in my own head at times). Some of the questions were genuinely challenging, but I’m really glad to have gone through the experience and come out the other side and crossed the finish line 🏁 I wanted to take a moment to thank this community - it has been a fundamental pillar in my preparation. The support around exam technique, content, and discussions have been invaluable. A special thank you to @Vincent Primiani and the CISSP team for running the group sessions - creating a space where we can learn, challenge ourselves, and grow together. Huge respect to everyone here - and for those still on the journey, keep pushing… it’s absolutely worth it, and you’ll get to that finish line. On to the next one! Cheers, Indy

A global financial organization spread over multiple countires is facing sophisticated attack. During a potential ransomware attack that is slowly encrypting critical data at its cenrtal server. COO has informed the CISO for guidance. Which of the following is the MOST critical role in the disaster declaration process?. Options: - Chief Information Security Officer (CISO) - Chief Operations Officer (COO) - Chief Executive Officer (CEO) - Chief Risk Officer (CRO)

Your organization completes a data classification initiative and discovers that 40% of data labeled "confidential" has not been accessed in over three years. Storage costs are significant. Data owners across business units cannot confirm whether retention requirements still apply. What should you recommend FIRST? A. Archive the dormant data to lower-cost storage with existing classification labels B. Conduct a retention review with data owners and legal to validate regulatory obligations C. Declassify the unused data to reduce protection overhead and storage costs D. Implement automated data lifecycle policies to purge data exceeding retention thresholds Come back for the answer tomorrow, or study more now!

I passed the CISSP today 03/23. I studied for roughly 3 months using various resources. I wanted to thank this study group for the practice questions. Here is a jumbled list of the resources I used and probably forgot a few. Exam Questions: Learnzapp and CISSP app The Destination Certification App also comes with over a thousand free questions and flash cards that are somewhat like the exam LinkedIn Learning Practice Exams (pretty good) Books ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition by Mike Chapple (I read this whole book and used the companion site for questions) CISSP Exam Cram: https://www.youtube.com/playlist?list=PL7XJSuT7Dq_XPK_qmYMqfiBjbtHJRWigD Why you will pass the CISSP: https://www.youtube.com/watch?v=v2Y6Zog8h2A 50 CISSP Practice Questions. Master the CISSP Mindset: https://www.youtube.com/watch?v=qbVY0Cg8Ntw Destination Certification Mindmaps and the practice questions on their channel: https://www.youtube.com/watch?v=hf5NwUSEkwA&list=PLZKdGEfEyJhLd-pJhAD7dNbJyUgpqI4pu Luke Ahmed's Video : https://www.youtube.com/watch?v=MHbdNMRLafA Prabh's coffee shots: https://www.youtube.com/watch?v=3doR2wA2nJM