Hi everyone, I’m excited to share that I provisionally passed the CISSP exam yesterday. It’s definitely been a challenging journey, but the hard work has paid off. To prepare, I used a mix of resources including the official ISC2 study guide, the Destination Certification mind maps, and Peter Zerger’s YouTube videos. For practice questions, I used this platform and the LearnZapp app. A huge thank you to everyone in this group for the support, and I wish you all the best on your own journeys!

Your organization passes its annual SOC 2 Type II audit with no findings. Two months later, a penetration test reveals a critical vulnerability in a customer-facing application that has existed for over a year. The board questions why the audit missed it. What is the BEST explanation? A. The penetration testing firm used more advanced techniques than the SOC 2 auditors B. SOC 2 evaluates control design and operating effectiveness, not technical vulnerability discovery C. The audit scope was improperly defined and should have included application testing D. The auditors failed to meet professional due diligence standards Come back for the answer tomorrow, or study more now!

Your SOC detects that an internal AI-powered threat detection system is generating automated containment actions based on false positives, intermittently isolating legitimate production servers. Analysts are overwhelmed restoring services. What should you do FIRST? A. Retune the AI detection thresholds to reduce false positive rates B. Revoke the system's automated containment authority and require human approval C. Add more SOC analysts to handle the increased restoration workload D. Escalate to the vendor to patch the AI model's classification accuracy Come back for the answer tomorrow, or study more now!

A newly acquired subsidiary uses shared administrator accounts for critical infrastructure management. The integration team wants to immediately enforce individual accounts, but operations warns this could disrupt 24/7 production systems. What is the MOST appropriate next step? A. Implement privileged access management with session recording for shared accounts B. Require individual accounts with emergency break-glass procedures for continuity C. Assess the shared account inventory and map dependencies before enforcing changes D. Accept the risk temporarily and schedule individual account rollout for next quarter Come back for the answer tomorrow, or study more now!

It has been a while since I posted anything. First I passed the CISSP on Dec 6th, and about one month later it was official. I couldn't have done it without this group. I would also say if you have not signed up for the CISSP.app, you really should. I found it to be very helpful resource. I also wanted to say the reason, I haven't been active on this site is I was pursuing my CCSP, which I passed yesterday. Anyway, thanks to everyone in this group and good luck with your CISSP journey.