I am excited to share that I have provisionally passed the CISSP exam today It took a while, months of effort and discipline, including overcoming a previous failed attempt. Thanks to my family, friends and CISSP Study Group Community, i could have not done this without any of you! @Vincent Primiani thanks for putting together this wonderful community of liked minded people, with a common goal of achieving the much sought after CISSP certification. I'm not going anywhere, i am still going to be a member of this community and help where i can, and of course onto the next one ......

Proud to say that I passed the CISSP today. My strategies were to simply: 1. Use ai 2. Ask copilot to design a reading schedule to breakdown the book into manageable Active reading sessions. 3. Tell it each chapter start page and end page so it know how many pages each chapter is. 4. Tell it the percentage of each domain and which domains are in each chapter. 5. Tell it your test date or your goal to read the entire book. 6. Ask it to design a table that shows the date, time commitment, the task, the chapters and domains, and the number of pages to read. Make sure it makes sense to you. Ask it to refactor based on what you believe you can achieve. Its good to be honest with yourself and copilot here. 7. refactor your reading schedule as necessary. factor in days off, rest, and practice tests in between domains to measure and reinforce recall. 1. I did a chapter a week for three months straight every evening at 6pm. Saturday's I would try to read a whole chapter. Sundays are reserved for rest or practice questions. 2. Read each chapter from beginning to end... *a must* 3. Do the written labs for each chapter... *a must* 4. Do each chapter review. ... *a must* 1. Buy LearnZapp and/or Quantum Exams 2. Both are great.. having both helped with test taking skill building. 3. Take practice tests on weekend and domain review questions and go through each domain as you work through the book. 4. by reading each of the chapters and taking notes. And doing real world application and correlation to anchor the principles with prior experience you'll get the hang of what it intends to teach and groom you into... to thinking like upper management and not an engineer... focusing more on policy that technical solutions... 5. I was able to recall and correlate different domains with the questions that were presented in the actual test better this way. Took me two tries and about 400 hours... of honest focused study.

A global fintech company adopts an AI-assisted code-generation platform to accelerate development.The CISO learns that developers sometimes allow the tool to access proprietary source repositories and external training data. Management wants faster delivery but is concerned about intellectual-property leakage and unvetted open-source dependencies being inserted into production builds. What is the BEST control to implement FIRST? A. Require legal review of the vendor’s AI license terms and intellectual-property indemnification clauses. B. Integrate automated software-composition analysis (SCA) and code-signing into the CI/CD pipeline to validate all generated components. C. Restrict the AI tool’s access to internal repositories and enforce output review through secure-coding peer validation. D. Mandate retraining of the AI model using only internal proprietary data to eliminate third-party influence.

A global enterprise has implemented federated identity management using SAML between its internal Active Directory domain and multiple cloud SaaS providers. During testing, a partner organization asks to use the same SAML assertions from the enterprise’s identity provider (IdP) to access shared applications hosted in the partner’s environment. Which of the following must the enterprise ensure FIRST before extending this trust? A. The partner’s service provider (SP) certificate is issued by the same certificate authority (CA) as the enterprise’s IdP. B. The partner’s SP enforces attribute-based access control (ABAC) using SAML attributes. C. A formal trust agreement defines assertion validity, encryption standards, and identity-proofing responsibilities between both organizations. D. The enterprise IdP is configured to issue assertions with short lifetimes (e.g., < 5 minutes) to limit misuse.

A multinational enterprise uses an MPLS WAN to connect global offices. The company wants to add end-to-end encryption to protect confidential data but still allow its IDS/IPS systems at key choke points to inspect for malicious traffic. Which of the following design approaches BEST satisfies both confidentiality and monitoring requirements? A. Deploy full-mesh IPsec tunnels between all sites to ensure maximum privacy of traffic. B. Implement TLS encryption from client to server for all applications, and disable packet inspection. C. Use gateway-to-gateway VPN encryption within the MPLS backbone, and terminate the tunnels at trusted inspection points. D. Encrypt traffic at Layer 2 using MACsec (802.1AE) to protect data across the WAN.