A recent assessment identified that a key web application handling payment data has several high-severity vulnerabilities. Management approved funding to implement a web application firewall (WAF) and continuous code scanning as compensating controls. After both controls are deployed and verified, the residual risk remains above the organization’s formally documented risk appetite. What should the information security manager recommend NEXT? A. Accept the residual risk since reasonable controls have been implemented. B. Transfer the residual risk through a cyber-insurance policy. C. Escalate the residual risk to senior management for a risk acceptance decision. D. Implement additional detective controls to reduce exposure further.

An enterprise is moving to a hybrid cloud model and wants to centralize user authentication across on-premises systems and multiple SaaS providers. The solution must support single sign-on (SSO), enforce multi-factor authentication (MFA), and minimize administrative overhead for provisioning and deprovisioning accounts. Which of the following approaches BEST meets these requirements? A. Deploying Kerberos across all environments, including the SaaS providers B. Implementing a Security Assertion Markup Language (SAML)–based federation with an identity provider C. Using RADIUS servers for all authentication requests to centralize credential management D. Requiring each SaaS provider to integrate directly with the corporate LDAP directory

“Lauren's team of system administrators each deals with hundreds of systems with varying levels of security requirements and finds it difficult to handle the multitude of usernames and passwords they each have. What type of solution should she recommend to ensure that passwords are properly handled and that features like logging and password rotation occur? A credential management system A strong password policy Separation of duties Single sign-on

Whether you’ve been a part of our group since the start or just found us recently, we’ve built something really special here, a supportive and knowledgeable group of cybersecurity professionals. I've gotten to see first hand how much we can help each other grow, both professionally and personally. It's funny, this community has been in the background of my life for almost 3 years now. I've constantly thought about it and the members how I can try to make it better. I'm extremely excited to announce our AI assisted practice question app. There's full length mock exams, AI generated practice, questions and insights. You can even upload your own study materials to extract your own practice questions! I'll be demoing more on upcoming study groups and will let you know soon how you can sign up!

I passed CISSP this Friday and thought I’d share my resources. Thor Pederson’s CISSP series/easy, medium and hard questions Think Like a Manager - YouTube Video Destination CISSP WannaBe practice questions Official Study Guide and Tests The test is something else, had no idea how I was doing the whole time. But at question 100 it told me the test was done, so I either did really good or really bad. I looked at the clock and had only been testing for an hour and some change. I didn’t even look at the print out when they handed it to me, and when I did check it in the car as I sat in the parking lot I didn’t even look shed a few tears of joy. Anyway, this is just me saying this is very possible and you can do it. Thinking like a manager is the most important part of this test. You can be the most technically gifted person when it comes to Information Security but if you don’t think from the business perspective you won’t pass this test. Good luck to those who haven’t passed yet and congrats to my fellow CISSP’s