A multinational enterprise operates a highly distributed microservices architecture across multiple cloud providers.All traffic between microservices must be encrypted and authenticated. To simplify governance, the company wants a single global certificate hierarchy for all workloads across all clouds and on-prem systems. However, several constraints apply: - Private keys must never leave the host or container where they are created. - Certificate issuance must support auto-scaling, ephemeral workloads, and identity rotation every few minutes. - The environment includes legacy systems that cannot use modern service mesh sidecars. - Security monitoring requires centralized revocation and trust-state visibility across all issuers. Which PKI architecture BEST satisfies these requirements? A. single monolithic root CA issuing certificates directly to all cloud and on-prem workloads. B. Multiple independent PKIs, each cloud provider managing its own root and workload certificates. C. A federated PKI with one offline enterprise root and cloud-specific subordinate CAs, each issuing short-lived, locally generated keypairs. D. Use self-signed certificates generated per workload and synchronize fingerprints centrally for trust verification.

If you missed it last time, May Brooks is graciously welcoming CISSP Study Group members back into her CISSP Masterclass! Completely free! This live session will be held on: Sunday, December 7th — 7:00 PM to 9:00 PM *Dubai time* (please check your time zone conversion) May is one of the most respected CISSP instructors worldwide. She’s an ISC2 Board Member, co-author of the Official CISSP Study Guide, a TEDx speaker, bestselling author (Scams, Hacking, and Cybersecurity). Having her open her masterclass to our group speaks volumes about the reputation you all have built here. Here’s what this means for you: 📚 Free Access to Mae’s Masterclass – If you’re serious about passing the CISSP, this is one of the most valuable sessions you can attend 💡 Ideal for All Levels – Whether you’re early in your studies or testing soon, Mae’s perspective will give you insights you won’t get anywhere else. 🤝 Community Recognition – May specifically wanted our study group to join because she believes in what you’re building here. See you there! Link & Access Info

A global enterprise adopts a strict zero-trust network architecture. All workloads—on-prem, cloud, and containerized—must mutually authenticate before communicating. To comply with regulatory requirements, the company must also maintain full packet-level visibility for threat analysis and incident response. Which solution BEST satisfies all of these requirements simultaneously? A. Deploy full end-to-end TLS between all workloads and rely on IDS/IPS to inspect only metadata and flow logs. B. Use a TLS termination proxy at network choke points and decrypt all internal traffic for inspection before re-encrypting. C. Implement mutual TLS within a service mesh that supports encrypted telemetry export and out-of-band traffic mirroring for deep packet inspection. D. Use host-based agents to perform inline decryption on each workload and send decrypted payload streams to the central IDS via secure channels.

https://www.skool.com/cybersecurity-study-group/calendar?eid=476eaa3719bc42eca0344b3e8b76508a

I am excited to share that I have provisionally passed the CISSP exam today It took a while, months of effort and discipline, including overcoming a previous failed attempt. Thanks to my family, friends and CISSP Study Group Community, i could have not done this without any of you! @Vincent Primiani thanks for putting together this wonderful community of liked minded people, with a common goal of achieving the much sought after CISSP certification. I'm not going anywhere, i am still going to be a member of this community and help where i can, and of course onto the next one ......