Hello all, I am so happy to State that I have cleared my exam today. Big shout out to Vincent who created such an amazing app and the group and ofcourse our beloved May Brooks. Her quote "Train hard, Fight easy" is priceless.

Alright folks, here it is! The registration link for the FREE MasterClass you don’t want to miss:👉Registration Link - Let us know in the comments if you'll be there! Tuesday, September 16th at 7:00 PM UAE We’re thrilled to welcome May Brooks-Kempler (@May Brooks) to our community!May is one of the most respected CISSP instructors worldwide. She’s an (ISC)² Board Member, co-author of the Official CISSP Study Guide, TEDx speaker, bestselling author (Scams, Hacking, and Cybersecurity), and a recognized leader in the global infosec community. What this means for you: 📚 Study Group MasterClass Takeover – May is giving our members free admission to her upcoming CISSP MasterClass. This is your chance to learn directly from one of the best and show her what our study group is all about. 🎤 Pop-In Q&A – Keep joining our study groups, because you never know when May might drop in for a quick Q&A. 🤝 Exciting Collaboration – This is just the beginning. May is backing our community as the place for anyone self-studying or preparing for the CISSP together. 💡 Earn 2 CPE Credits – Self-submit for 2 CPEs just for attending the MasterClass.

Senior management has approved funding for a new information security program. The CISO wants to ensure that the program is sustainable and aligned with business strategy. Which of the following is the MOST important first step? A. Develop detailed security policies and procedures for all business units. B. Conduct a comprehensive risk assessment across the organization. C. Implement baseline technical controls to address known vulnerabilities. D. Establish a security steering committee with representation from business leadership.

During a risk assessment, management learns that a legacy system critical to operations has several known vulnerabilities. The vendor no longer provides patches, and replacing the system would take over a year and significant budget. 👉 As a security manager, what would be your BEST recommendation to management in this situation? Think it through ...

If you were tasked with testing an organization’s password security, what would you prioritize first: trying credential stuffing with real-world breach data, attempting brute force against weak accounts, or assessing the organization’s password policy and controls? From a CISSP perspective, which approach best balances technical depth with business risk?