Hi All, Im happy to announce, the im officially passed CISSP exam today. Our study sessions helped me a lot, I will try to join todays call at 6PM CST to share my experience. Thank you all 😃

Developers at your company use an LLM-powered coding assistant that auto-generates functions pulled into production via CI/CD. A recent audit reveals several generated functions contain hardcoded credentials and insecure deserialization patterns. What should the security manager prioritize FIRST? A. Ban the AI coding assistant until the vendor eliminates hallucinated vulnerabilities B. Require developers to manually review all AI-generated code before committing C. Integrate automated AI security testing into the CI/CD pipeline to catch flaws pre-production D. Report the insecure patterns to the LLM vendor for model fine-tuning Come back for the answer tomorrow, or study more now!

Hi Everyone, I’m pleased to share that I have provisionally passed the CISSP today (10/04/2026) - a great way to head into the weekend! It was certainly a tough exam (perhaps tougher in my own head at times). Some of the questions were genuinely challenging, but I’m really glad to have gone through the experience and come out the other side and crossed the finish line 🏁 I wanted to take a moment to thank this community - it has been a fundamental pillar in my preparation. The support around exam technique, content, and discussions have been invaluable. A special thank you to @Vincent Primiani and the CISSP team for running the group sessions - creating a space where we can learn, challenge ourselves, and grow together. Huge respect to everyone here - and for those still on the journey, keep pushing… it’s absolutely worth it, and you’ll get to that finish line. On to the next one! Cheers, Indy

A multinational organization is migrating its data to a third-party cloud provider. The Chief Information Security Officer (CISO) is concerned about maintaining compliance with various international privacy regulations. What is the BEST way to ensure the cloud provider meets the organization’s security requirements? - A. Conduct a point-in-time vulnerability scan of the provider’s infrastructure. - B. Include "right-to-audit" clauses and Require Service Level Agreements (SLAs). - C. Review the provider’s SOC 2 Type II report and audit results. - D. Implement a Cloud Access Security Broker (CASB) to monitor traffic.

A financial services firm acquires a pre-trained ML model from a third-party vendor for fraud detection. During onboarding, the security team discovers the vendor cannot provide documentation on the origin of the training dataset. What should the CISO address FIRST? A. Commission an independent bias audit before production deployment B. Classify the model and its training data as high-value intellectual property C. Assess whether the undocumented data sourcing introduces unmanageable supply chain risk D. Require the vendor to retrain the model using only internally sourced datasets Come back for the answer tomorrow, or study more now!