Activity
Mon
Wed
Fri
Sun
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
What is this?
Less
More
Memberships
CISSP Study Group
1.7k members • Free
The Blueprint
92 members • Free
33 contributions to CISSP Study Group
16d •
CISSP Practice Question! DevSecOps
Which of the following BEST describes the role of Interactive Application Security Testing (IAST) in a DevSecOps pipeline, as emphasized in modern software development security practices? A. It scans source code for vulnerabilities without executing the application, focusing on syntax and structure. B. It analyzes running applications in a simulated environment to identify runtime vulnerabilities like injection attacks. C. It instruments the application to combine static and dynamic analysis, providing real-time feedback on vulnerabilities during execution. D. It examines third-party components and dependencies for known vulnerabilities and license compliance issues.
1 like • 16d
A is static SAST B is dynamic DAST C is both D is vulnerability management/ supply chain management but IAST has vulnerability checks. C is the answer which encompasses the most so that's the one to guess at if you don't know. And it's the right answer ;)
2 likes • 17d
I didn't know you could use hack the box but I use other certs to help my CPEs. Same CPE covers CISSP, CCSP, CISM and ISO 27K with luck. I don't know enough about hack the box to know if it's good for me, any thoughts on it anyone?
Oct 11 •
Provisionally passed at 100 today...
Boom Totally DIDN'T expect it. Even filled in the survey saying the exam is nothing like the course outline. Was convinced I'd failed so an absolute result to find out I hadn't. Thanks to @Vincent Primiani and the whole community for your help
1 like • Oct 13
Thanks all
1 like • Nov 3
@Jonathan Hobdell good luck! I was amazed I passed, it felt very much like I'd failed... Spotting keywords is absolutely essential.
Nov 3 •
CISSP Practice Question – Security Architecture & Engineering (Information Flow Models)
A defense contractor is building a system that will store design data for classified weapons. Engineers must ensure that a user cleared for “Secret” cannot modify “Top Secret” design files, and that data from lower classifications can never compromise higher-level data integrity. Which information flow model BEST satisfies these requirements? A. Bell–LaPadula Model B. Biba Integrity Model C. Clark–Wilson Model D. Brewer–Nash (Chinese Wall) Model
4 likes • Nov 3
Keyword here is integrity. So you can rule out A and D as they are confidentiality models. Then it's down to B and C. Biba meets all these (no write up) but Clark Wilson also works. However it's based around well formed transactions nd there's nothing in the question to indicate that. So B it is.
Oct 24 •
CISSP Practice Question – Security Operations (Incident Response)
During a major security incident, analysts determine that an attacker gained access through a compromised third-party API used by several internal applications. The organization has contained the affected systems and begun restoring from backups. According to proper incident response procedures, what should the security team do NEXT? A. Notify law enforcement of the breach and provide forensic evidence. B. Perform a lessons-learned review to identify control gaps and process improvements. C. Conduct a full forensic analysis to confirm the attack vector and scope of compromise. D. Resume normal operations once all backups are verified and systems are restored.
2 likes • Oct 24
Think DRM-RRRL Detect Respond Mitigate Report Remediate Recover Lessons learned You can exclude A, if you were going to involve law enforcement you would have done that earlier and you don't have to. You can rule out C, if you are doing a forensic analysis you wouldn't have restored backups D is a bad option it misses out lessons learned The answer is B. You have detected responded mitigated etc and are now recovering. Next is lessons learned
1-10 of 33
Active 15d ago
Joined Jul 14, 2025
Powered by