Activity
Mon
Wed
Fri
Sun
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
Feb
What is this?
Less
More
Owned by Vincent
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Share resources, get advice, and connect with peers studying for OpenAI certifications! Join our Study Group and meet fellow professionals today!
Memberships
CyberMAYnia CAREER
227 members • Free
Skoolers
190.1k members • Free
709 contributions to CISSP Study Group
8h •Â
Quick Update
It has been a while since I posted anything. First I passed the CISSP on Dec 6th, and about one month later it was official. I couldn't have done it without this group. I would also say if you have not signed up for the CISSP.app, you really should. I found it to be very helpful resource. I also wanted to say the reason, I haven't been active on this site is I was pursuing my CCSP, which I passed yesterday. Anyway, thanks to everyone in this group and good luck with your CISSP journey.
0 likes • 34m
Congrats!! And I'm thrilled you found all the resources so helpful!
6h •Â
CISSP Practice Question (Domain 5: Identity and Access Management)
A newly acquired subsidiary uses shared administrator accounts for critical infrastructure management. The integration team wants to immediately enforce individual accounts, but operations warns this could disrupt 24/7 production systems. What is the MOST appropriate next step? A. Implement privileged access management with session recording for shared accounts B. Require individual accounts with emergency break-glass procedures for continuity C. Assess the shared account inventory and map dependencies before enforcing changes D. Accept the risk temporarily and schedule individual account rollout for next quarter Come back for the answer tomorrow, or study more now!
1d •Â
CISSP Practice Question (Domain 1: Security and Risk Management)
Your organization is expanding into a country that requires all citizen data to be stored within its borders. The legal team recommends immediate compliance, but the existing cloud architecture uses a single global tenant. What should you do FIRST? A. Negotiate a regulatory exception with the host country's data authority B. Conduct a data sovereignty impact assessment against current architecture C. Migrate all citizen data to an in-country data center immediately D. Update the privacy policy to disclose cross-border data transfers Come back for the answer tomorrow, or study more now!
0 likes • 6h
@Martin Joplin Correct Answer: B. Conduct a data sovereignty impact assessment against current architecture Explanation (CISSP logic): Data sovereignty mandates are legal constraints, not optional risks. Before migrating data or renegotiating terms, you must understand the gap between your current architecture and the regulatory requirement. CISSP's "assess before you act" principle applies directly: you can't design a compliant solution without first mapping where citizen data resides, how it flows, and what architectural changes are actually needed. Breakdown: A. Negotiating an exception - Assumes the regulation is flexible. Data sovereignty laws are typically non-negotiable, and this skips understanding your own exposure. B. âś… Correct. Establishes the scope of non-compliance and informs every downstream decision, from architecture to legal strategy. C. Immediate migration - Reactive and risky. Without an assessment, you could miss data flows, break integrations, or create new compliance gaps. D. Updating the privacy policy - Disclosure doesn't equal compliance. You're acknowledging a violation, not fixing it. Think like a manager: Compliance is a constraint, not a negotiation. Assess your gap first, then architect the fix.
2d •Â
CISSP Practice Question (Domain 8: Software Development Security)
A development team uses an AI-powered coding assistant that suggests code snippets from its training data. The tool recently generated functions containing logic similar to a competitor's proprietary algorithm. What should the security manager do FIRST? A. Conduct a legal review to assess intellectual property infringement risk B. Implement software composition analysis to detect and flag AI-generated code C. Restrict the AI tool's network access and require human review of all outputs D. Retrain the model on the organization's internal codebase only Come back for the answer tomorrow, or study more now!
0 likes • 1d
@Harrison Efijemue Why A Beats C (The Real Distractor Battle) Option C (wrong answer) addresses future risk but ignores current liability. If the code is already integrated and the competitor discovers it (through a product teardown, patent search, or leak), restricting the AI tool's access afterward is closing the barn door after the horse escaped. Option A (correct answer) addresses the immediate threat: "Do we have a liability we need to disclose to the board? Do we need to halt the product release? Do we need to scrub version control?" Legal must answer these questions before IT makes technical decisions. The Nuance: "Security Manager" Role The question says security manager, not developer or DevSecOps engineer. That's a governance role, and governance roles escalate legal risks to Legal—they don't unilaterally impose technical controls that might be insufficient (or excessive) for the actual legal exposure.
1d •Â
CISSP Study Group
I have completed 51 quiz & discussion session of this study group, it was an amazing experience of learning and shaping knowledge and mindset duly required by CISSP. My two month learning on this group were equal to my last one year studying alone.
1 like • 1d
That's awesome Hassan! Learning together compounds our knowledge! đź’Ş
1-10 of 709
Online now
Joined Apr 29, 2024
New York, NY
Powered by