Question: You are an information security professional who discovers that your company is planning to implement a new system that you believe could violate customer privacy laws and compromise personal data. However, you are not directly responsible for this system, and your manager insists that the implementation is legal and business-critical. According to the ISC2 Code of Ethics, what is your best course of action in this scenario?

I found this article and image that helps clearify the differences between IAAS, CAAS, PAAS, FAAS, and SAAS. https://cloud.google.com/learn/paas-vs-iaas-vs-saas

Integrity is protection of data from all of the following EXCEPT: A.Unauthorized changes B.Accidental changes C.Data analysis D.Intentional manipulation

I passed today! It's difficult to summarize the exam experience. I've scheduled it thinking "OK, I'm confident on about 80% of the content, so I should be able to do some damage control on the 20% left". CISSP exam from the 3rd question until the end : "So, let's talk about those 20% 😏" Even with the knowledge, it was sometimes (often) completely impossible for me to rationally select an answer, as if knowledge was necessary but not sufficient. If it happens to you, don't give up and trust your intuition. Study strategies I've found useful : 1. Being part of this community, where I've been feeling supported and valued. Hello @Vincent Primiani 🙂 2. The awesome and comprehensive study sessions @Josh Botz 3. Books I used and loved : Destination CISSP ebook (super useful to understand quickly a lot of content), All-in-One CISSP exam guide (super useful to go into greater detail) 4. Learnzapp for the practice questions and practice tests, really a good training for the exam 5. Taking the CC exam. Thanks to @Clifford Jenkins and @Jon Brown for suggesting that.

I got this question from my upcoming practice quiz from my ebook: CISSP Exam Certification Companion. I will hold off on giving all of you the correct answer until later to see what everyone is picking. "In the context of IT management and governance, the Control Objectives for Information and Related Technology (COBIT) framework serves as a valuable tool. Who among the following roles would typically choose and utilize the COBIT framework to balance security controls and business requirements?" Source: CISSP Exam Certification Companion, page 183 practice questions. A. Data owners B. Information stewards C. Enterprise owners D. Data custodians