During our last study session, we came across this concept, "Virtual Patching", from a question on the cissp.app, and it seemed a bit strange to some of us. According to OWASP, Virtual patching is a security policy enforcement layer which prevents and reports the exploitation attempt of a known vulnerability. The virtual patch works when the security enforcement layer analyses transactions and intercepts attacks in transit, so malicious traffic never reaches the web application. The Question A CISO must manage legacy systems that cannot be upgraded but contain sensitive data. What strategy best ensures business continuity while mitigating vulnerability risks? A. Implement a segmented network for outdated systems and apply strict firewall rules to limit their network access. B. Upgrade all outdated systems to the latest operating systems, regardless of the cost and downtime. C. Use a virtual patching solution to mitigate vulnerabilities and allow these systems to remain operational while planning for future upgrades. D. Disconnect all outdated systems from the network until they are upgraded or replaced. Answer You may be fixed between options A and C, but in the end, the answer is option C because virtual patching provides a critical layer of protection against attacks, whereas option A, which is the segmentation, only reduces the blast radius or exposure and does not prevent the attack.

Hi Group, I’m happy to share that today (7th April 2026) I passed my CISSP exam. I prepared using the official materials: the Official Study Guide, the Official Practice Tests, the Learnz app for flashcards and questions, and Mike Chapple’s official course on LinkedIn Learning. And last but not least, the discussions and meetings within this group really helped me deepen my understanding of several topics. Thank you all for the support, and good luck to everyone on your journey. Feel free to reach out if you want

I couldn’t have done this alone. Thanks to everyone who supported me along the way—I’m excited to say I’m now CCIE and CISSP certified!

I passed the CISSP today 03/23. I studied for roughly 3 months using various resources. I wanted to thank this study group for the practice questions. Here is a jumbled list of the resources I used and probably forgot a few. Exam Questions: Learnzapp and CISSP app The Destination Certification App also comes with over a thousand free questions and flash cards that are somewhat like the exam LinkedIn Learning Practice Exams (pretty good) Books ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition by Mike Chapple (I read this whole book and used the companion site for questions) CISSP Exam Cram: https://www.youtube.com/playlist?list=PL7XJSuT7Dq_XPK_qmYMqfiBjbtHJRWigD Why you will pass the CISSP: https://www.youtube.com/watch?v=v2Y6Zog8h2A 50 CISSP Practice Questions. Master the CISSP Mindset: https://www.youtube.com/watch?v=qbVY0Cg8Ntw Destination Certification Mindmaps and the practice questions on their channel: https://www.youtube.com/watch?v=hf5NwUSEkwA&list=PLZKdGEfEyJhLd-pJhAD7dNbJyUgpqI4pu Luke Ahmed's Video : https://www.youtube.com/watch?v=MHbdNMRLafA Prabh's coffee shots: https://www.youtube.com/watch?v=3doR2wA2nJM

Passed CISSP (2nd attempt)! Big thanks to Vincent Primiani and the CISSP Study Group team — the daily quizzes, app practice, and sessions (despite IST timezone challenges) made a real difference. Formal thank-you message to Vincent Primiani and team (direct message or email) #CISSP #Certification