Most CISSP candidates can define unicast. Fewer can explain why IPv6 quietly killed broadcast, or why anycast makes DDoS attacks harder to land. Four IP communication patterns. Four different security postures. Domain 4 expects you to know all of them. → Unicast (one-to-one): clean audit trails, perfect for forensics, and where the bulk of your monitoring effort lives. → Broadcast (one-to-all): IPv4 only. Loud, leaky, and the reason DHCP snooping exists as a control. → Multicast (one-to-group): efficient by design, but explicit group membership is the security boundary you have to watch. → Anycast (one-to-nearest): same IP, many servers, BGP routes traffic to the closest one. It's what keeps DNS root servers and CDNs standing under attack. Save this for your Domain 4 review. https://media.licdn.com/dms/image/v2/D4E22AQFPc1ytBrVJYg/feedshare-image-high-res/B4EZ5uHKLlGQAk-/0/1779963831384?e=1781740800&v=beta&t=8CcKKfad3Hv7_YtJwQSSTHxUB3zxk-fJlmfDzDHU-QU

Don't go into the exam without having a strategy on how to answer the CISSP specific questions. You need to be equipped!!! The knowledge of domains is not enough!!!

105 questions, 45 minutes left on the clock. After failing in February, I've provisionally passed. What changed between February and today: Mindset shift — I stopped thinking like a technician and started thinking like a manager. Every question, I asked myself: "What would a CISO advise?" not "What would I configure?" This was the single biggest change. Reading discipline — More than half my practice errors came from misreading questions, not from lack of knowledge. I trained myself to identify the qualifier (FIRST, BEST, PRIMARY), any constraints (budget, minimal impact), and dual requirements (balance X with Y) BEFORE looking at the answers. Trust your first instinct — On my mock exams, I lost points every time I changed an answer. If your first choice is based on reasoning, don't switch it because of doubt. Time management — I set milestones: Q50 by 1 hour, Q100 by 2 hours. This kept me from rushing at the end. I finished with plenty of time. Study approach — I used practice questions to identify patterns in my mistakes, not just to memorize content. Knowing WHY you got something wrong matters more than knowing the right answer. Tips for exam day: The exam tests whether you can make security DECISIONS, not whether you can recall facts "More security" isn't always the best answer — look for what's proportional and meets ALL the requirements in the question Policy/governance before technology. Assessment before implementation. Root cause fix before compensating controls. Don't panic if questions feel hard — the CAT adapts. Hard questions mean you're doing well. Thank you all for the support through this journey. The group study sessions made a real difference. For those still preparing — the knowledge is probably already there. Focus on how you READ and THINK through questions, not just what you know. See you on the other side. 🏆

I passed the CISSP yesterday. It has been an immense journey and this community has been instrumental and has been great to collaborate and I will continue to do so. You will never feel 100% ready to take this exam, you just have to go for it! I used official study materials to prepare and this community for Q&A which I believe is a great preparation source. Keep pushing, you will get there all that hard work will pay off.

ISC2 published this yesterday. It maps out exactly how AI security concepts show up across the CISSP exam. This is NOT a new exam outline. The current outline (April 2024) already has AI baked in. But this document spells out the specifics so you know what to expect. The big picture: AI isn't a separate topic. It's woven into everything from risk management (Domain 1) to software development security (Domain 8). A few things that stood out to me: - You need to know about protecting training data and model weights (Domain 2) - Prompt injection and adversarial attacks are fair game (Domain 3) - AI red teaming is now part of security testing (Domain 6) - Managing identities for AI agents and service accounts - least privilege still applies (Domain 5) - Model drift and AI in the SOC are covered in operations (Domain 7) If you're studying right now, don't panic. Most of this maps to concepts you already know -- just applied to AI systems. But you should absolutely be familiar with terms like data poisoning, adversarial attacks, algorithmic bias, model drift, and prompt injection. On our end we're going to keep weaving more AI-focused questions into the https://cissp.app and bringing more of this into our study group discussions. I attached the PDF if you want to read the full thing.