Your organization completes a data classification initiative and discovers that 40% of data labeled "confidential" has not been accessed in over three years. Storage costs are significant. Data owners across business units cannot confirm whether retention requirements still apply. What should you recommend FIRST? A. Archive the dormant data to lower-cost storage with existing classification labels B. Conduct a retention review with data owners and legal to validate regulatory obligations C. Declassify the unused data to reduce protection overhead and storage costs D. Implement automated data lifecycle policies to purge data exceeding retention thresholds Come back for the answer tomorrow, or study more now!

I passed the CISSP today 03/23. I studied for roughly 3 months using various resources. I wanted to thank this study group for the practice questions. Here is a jumbled list of the resources I used and probably forgot a few. Exam Questions: Learnzapp and CISSP app The Destination Certification App also comes with over a thousand free questions and flash cards that are somewhat like the exam LinkedIn Learning Practice Exams (pretty good) Books ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition by Mike Chapple (I read this whole book and used the companion site for questions) CISSP Exam Cram: https://www.youtube.com/playlist?list=PL7XJSuT7Dq_XPK_qmYMqfiBjbtHJRWigD Why you will pass the CISSP: https://www.youtube.com/watch?v=v2Y6Zog8h2A 50 CISSP Practice Questions. Master the CISSP Mindset: https://www.youtube.com/watch?v=qbVY0Cg8Ntw Destination Certification Mindmaps and the practice questions on their channel: https://www.youtube.com/watch?v=hf5NwUSEkwA&list=PLZKdGEfEyJhLd-pJhAD7dNbJyUgpqI4pu Luke Ahmed's Video : https://www.youtube.com/watch?v=MHbdNMRLafA Prabh's coffee shots: https://www.youtube.com/watch?v=3doR2wA2nJM

Passed CISSP (2nd attempt)! Big thanks to Vincent Primiani and the CISSP Study Group team — the daily quizzes, app practice, and sessions (despite IST timezone challenges) made a real difference. Formal thank-you message to Vincent Primiani and team (direct message or email) #CISSP #Certification

A development team integrates a third-party open-source library that processes customer PII. Six months later, a critical vulnerability is disclosed in that library. The vendor has not released a patch. Business stakeholders resist removing the library because it powers a revenue-generating feature. What is the MOST appropriate action? A. Implement compensating controls around the vulnerable component and document the accepted risk B. Fork the library and develop an internal patch C. Escalate to the risk owner for a formal risk acceptance decision D. Immediately remove the library and disable the affected feature Come back for the answer tomorrow, or study more now!

A newly acquired subsidiary uses a separate identity provider with no federation to the parent company. Executives want immediate single sign-on access to the subsidiary's financial reporting system. The subsidiary's IT team warns their directory contains orphaned accounts from prior layoffs. What should you address FIRST? A. Establish federated trust between both identity providers B. Perform an access review and remove orphaned accounts in the subsidiary's directory C. Provision executive accounts directly in the subsidiary's identity provider D. Implement multi-factor authentication on the financial reporting system Come back for the answer tomorrow, or study more now!