Adrenaline rush, this morning I passed 😅 , what did I use? Al Whole lott, 🤯 perhaps I'm unable to inclusive all, i divide it in 2 parts.. quantitative and qualitative ;) Qualitative : - First global overview with the Pete Youtube Video's (feel the knowledge needed, can I do it..) - Started first Learnzapp assement, which domains are shortage in knowledge - Get the official study guide (10th Edition) it covers new territory - Breakdown the learning 'blackspots' subjects, domain after domain. So I selected in learnzap 1 domain after the other. - Take notice of the Best Practice tips, eliminating, sesamstreat, (in the exam I found myself on a Time Stress path...) - On of my black spots (during Learnzapp) was to select multiple answer where it says "All that apply" - Took my own time to read every answer and really understand each answer on each question. Why it is what it is - Discussion with Chatgpt about the English Grammer / Meaning, I was struggling some words. Quantitative - Mainly I used learnzap, 25 questions in the "Apps Smart Logic" it envolves - To add the more 'strange' hard questions I added : - Andrew https://www.youtube.com/watch?v=qbVY0Cg8Ntw Paused the question answered first myself - Halfway I discovered "CISSP Study Group" from Vincent, valuable information!! 😀 - Gwen https://www.udemy.com/course/cissp-mock-exams-master-all-8-domains/ - I partly used Mike Chapple on Linkedln - to much video's to slow, even on 1.75 speed. - I loved the free video's on https://destcert.com/ During the study I noticed myself in conflict with answers from Andrew / Gwen / Pete etc etc. I think it could be me.... So to be sure, I only tried to find an answer in the Official Study guide, not in the Last Mile from Peter of DestCert material. It's older, so my idea was, look it up in the official one and make my own choice, imagination.

Which of the following criteria ensures information is protected relative to its importance to the organization?

An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?

An international trading organization that holds an International Organization for Standardization (ISO) 27001 certification is seeking to outsource their security monitoring to a managed security service provider (MSSP). The trading organization’s security officer is tasked with drafting the requirements that need to be included in the outsourcing contract. Which of the following MUST be included in the contract?

To minimize the vulnerabilities of a web-based application, which of the following FIRST actions will lock down the system and minimize the risk of an attack?