See if you can answer this question within 75 seconds As a senior security analyst for a large corporate firm, you are tasked with designing a comprehensive security testing strategy. The organization has recently migrated several critical applications to a hybrid cloud environment. You need to ensure that security assessments are effectively conducted across both on-premise and cloud environments. The existing legacy applications are known to have multiple interdependencies and complex configurations. Considering the constraints of limited resources and the variety of application environments, how would you prioritize and structure the security assessment to ensure maximum coverage and risk mitigation? A. Focus on conducting external black-box testing on the cloud environments first, due to higher exposure risks. B. Implement a combination of white-box and static code analysis to address internal threats within legacy systems. C. Prioritize dynamic testing and fuzz testing on both cloud and on-premise applications to uncover real-time vulnerabilities. D. Schedule regular automated vulnerability scans for cloud systems while conducting manual penetration tests for on-premise applications.

I passed the CISSP exam today! For a long time, I kept postponing it, thinking it would be too difficult. However, the daily questions shared in this group helped me build the right mindset. The tips and guidance from those who had already cleared the exam were also incredibly helpful. I used the following study resources: OSG and Official practice tests cissp.app app - Helps with time management and provides clear explanations. Destination Cert YouTube series and their app for questions Eric Cornard CISSP study guide and other you tube videos/Questions

I passed the CISSP yesterday. It has been an immense journey and this community has been instrumental and has been great to collaborate and I will continue to do so. You will never feel 100% ready to take this exam, you just have to go for it! I used official study materials to prepare and this community for Q&A which I believe is a great preparation source. Keep pushing, you will get there all that hard work will pay off.

I’m excited to let you all know that I passed the exam today. I’m still pretty overwhelmed am not sure how well I did but I guess it was good enough!

105 questions, 45 minutes left on the clock. After failing in February, I've provisionally passed. What changed between February and today: Mindset shift — I stopped thinking like a technician and started thinking like a manager. Every question, I asked myself: "What would a CISO advise?" not "What would I configure?" This was the single biggest change. Reading discipline — More than half my practice errors came from misreading questions, not from lack of knowledge. I trained myself to identify the qualifier (FIRST, BEST, PRIMARY), any constraints (budget, minimal impact), and dual requirements (balance X with Y) BEFORE looking at the answers. Trust your first instinct — On my mock exams, I lost points every time I changed an answer. If your first choice is based on reasoning, don't switch it because of doubt. Time management — I set milestones: Q50 by 1 hour, Q100 by 2 hours. This kept me from rushing at the end. I finished with plenty of time. Study approach — I used practice questions to identify patterns in my mistakes, not just to memorize content. Knowing WHY you got something wrong matters more than knowing the right answer. Tips for exam day: The exam tests whether you can make security DECISIONS, not whether you can recall facts "More security" isn't always the best answer — look for what's proportional and meets ALL the requirements in the question Policy/governance before technology. Assessment before implementation. Root cause fix before compensating controls. Don't panic if questions feel hard — the CAT adapts. Hard questions mean you're doing well. Thank you all for the support through this journey. The group study sessions made a real difference. For those still preparing — the knowledge is probably already there. Focus on how you READ and THINK through questions, not just what you know. See you on the other side. 🏆