A large financial services company is updating its security testing program. The red team reports that modern AI-driven attack tools can automatically craft polymorphic payloads, evade signature-based controls, and generate targeted spear-phishing content indistinguishable from human-written messages.The CISO wants to ensure that the organization’s security testing program can accurately measure resilience against these new capabilities. Which testing approach MOST effectively validates the organization’s defenses against AI-augmented attack techniques? A. Perform quarterly vulnerability scans using updated threat signatures and CVE databases. B. Conduct adversarial machine learning (AML) evaluations to measure susceptibility to model poisoning and evasion attacks. C. Integrate AI-enabled BAS (Breach and Attack Simulation) tools that continuously replicate evolving attacker TTPs across email, endpoint, and network layers. D. Run annual red-team exercises focused on social engineering and spear-phishing campaigns executed manually by trained personnel.

During a quarterly access review, an organization discovers that several DevOps engineers have accumulated multiple privileged roles across different cloud environments due to automated provisioning workflows that never revoked old permissions. No misuse has been detected, but the roles collectively exceed least-privilege requirements and present a potential lateral-movement risk. What should the security manager do FIRST? A. Immediately disable all excessive roles and force users to request access again B. Conduct a risk analysis to understand business impact before removing permissions C. Implement just-in-time privileged access to eliminate standing permissions D. Escalate the issue to HR for potential policy violations

As the lead cybersecurity engineer for a medium-sized financial institution, you are tasked with reviewing and improving the organization's disaster recovery plan. The organization recently experienced a significant outage due to a failure in the primary data center caused by a natural disaster. The disaster recovery plan involves replicating critical systems and data to a secondary site located 200 miles away. However, during the recent outage, it was discovered that the replication lag was substantial, resulting in significant data loss. Which of the following changes would most effectively enhance the disaster recovery strategy to minimize data loss? Options: A. Upgrade the network bandwidth between the primary and secondary sites to support real-time data replication. B. Implement a tape-based backup solution at the primary site and store tapes off-site for redundancy. C. Increase the frequency of scheduled data replications from daily to twice daily. D. Deploy a cloud-based backup solution to periodically store snapshots of critical systems. Study more at: www.cissp.app

I passed CISSP this Friday and thought I’d share my resources. Thor Pederson’s CISSP series/easy, medium and hard questions Think Like a Manager - YouTube Video Destination CISSP WannaBe practice questions Official Study Guide and Tests The test is something else, had no idea how I was doing the whole time. But at question 100 it told me the test was done, so I either did really good or really bad. I looked at the clock and had only been testing for an hour and some change. I didn’t even look at the print out when they handed it to me, and when I did check it in the car as I sat in the parking lot I didn’t even look shed a few tears of joy. Anyway, this is just me saying this is very possible and you can do it. Thinking like a manager is the most important part of this test. You can be the most technically gifted person when it comes to Information Security but if you don’t think from the business perspective you won’t pass this test. Good luck to those who haven’t passed yet and congrats to my fellow CISSP’s