วีดีโอ

thank you for this video. i will be taking the certification exam soon

Does the real exam has the same level of questions??

Thank you for your videos . I understand some terms better than before

Thank you for your videos . I understand some terms better than before

th-cam.com/video/SGwhE-T8kq8/w-d-xo.htmlsi=lOmtQ3GF4o7QOied

th-cam.com/video/SGwhE-T8kq8/w-d-xo.htmlsi=phyIrsDw5_IOLgUR

Will Questions be of the same level in the real CISSP exam ???

Thank you for your explanation. This was a good way to learn.

22-it only execute but hr set the direction..Think like manager because cissp not technical exam.if this q not for cissp exam definitely it people

The video is good but could you please edit the audio because it is barely audioble?

Very understanding and deep insights. Thanks

Thank you for sharing the video.Not able to understand star integrity Axiom example given in the video, Rest of the video is great source for clearing all the doubts related to security model

Despite there are few wrong answers, I would like to thank you for your efforts trying to help CISSP cert applicants. Please review the comments, make necessary correction and re-upload your video

Q16. Risk assessment in the Software Development Life Cycle (SDLC) is typically conducted during the planning and requirement analysis phase. This phase involves identifying potential risks, assessing their impact, and planning mitigation strategies. The results of this risk assessment are then used to supplement baseline security controls, ensuring that the software development process addresses potential vulnerabilities from the outset. However conducting a risk assessment and using the results to supplement baseline security controls should be a key activity during the development and acquisition phases of a software project. Here's why: Development Phase: Proactive Risk Management: Identifying potential risks early in the development process allows for proactive measures to be taken to mitigate them. Security by Design: Incorporating security controls based on identified risks can help ensure that the software is built with security in mind. Cost-Effective: Addressing security issues early on can be more cost-effective than trying to fix them later in the development cycle. Acquisition Phase: Vendor Evaluation: Risk assessments can help evaluate potential vendors and their security practices. Contract Negotiation: The results of the risk assessment can be used to negotiate appropriate security terms and conditions in the contract. Due Diligence: Conducting a risk assessment can help ensure that due diligence is performed on the acquired software and its associated risks. By conducting a risk assessment and using the results to supplement baseline security controls, organizations can significantly reduce their exposure to security threats and improve the overall security posture of their software systems.

Q #2 Answer is incorrect. Escrow agreements typically take place during the deployment and maintenance phases of the software acquisition life cycle. Here's a breakdown of why: Deployment: Once the software is developed and tested, it's often deployed to a production environment. An escrow agreement can be put in place to ensure that a backup copy of the software's source code is held by a neutral third party. This protects the buyer in case the seller becomes unavailable or goes out of business. Maintenance: Throughout the software's lifecycle, updates, patches, and bug fixes may be required. An escrow agreement can provide a mechanism for accessing the source code if the original developer is no longer able or willing to provide support. While escrow agreements can be established at other phases of the software acquisition life cycle, such as during contract negotiation, they are most commonly implemented during deployment and maintenance to address the risks associated with software ownership and continuity.

Question number 1 the answer is B.. Requirement gathering is indeed one of the most critical steps in the secure software development life cycle (SDLC) for preventing security vulnerabilities. Here's why: Foundation for Security: A clear and comprehensive understanding of the software's intended functionality, security requirements, and potential risks is essential for building a secure system.

Q.14 Provenance Methodology Provenance refers to the origin and history of a product or service. A provenance methodology is a set of processes and techniques used to verify the authenticity, origin, and journey of ICT products throughout the supply chain. Key Components of a Provenance Methodology: Traceability: The ability to track the movement of ICT products from their point of origin to their final destination. Transparency: The disclosure of information about the supply chain, including the identities of suppliers, manufacturing processes, and ethical practices. Verification: The use of evidence and documentation to confirm the authenticity and quality of ICT products. Ethical Sourcing: The commitment to sourcing ICT products from suppliers that adhere to ethical and sustainable practices. Implementing a Provenance Methodology Identify Critical Components: Determine which components of ICT products are most susceptible to counterfeiting, child labor, or other risks. Establish Traceability Systems: Implement systems to track the movement of these components throughout the supply chain, such as barcodes, QR codes, or blockchain technology. Conduct Audits and Verifications: Conduct regular audits and verifications of suppliers and manufacturing facilities to ensure compliance with ethical and sustainable practices. Educate Stakeholders: Educate employees, customers, and partners about the importance of provenance and the steps being taken to address supply chain risks. Collaborate with Industry Partners: Work with other companies in the ICT industry to develop shared standards and best practices for supply chain transparency and accountability. By implementing a robust provenance methodology, businesses can mitigate risks, enhance their reputation, and contribute to a more sustainable and ethical ICT supply chain.

😂

Good one

There are very helpful and excellent questions. Thank you

And also number 35 ans should be B not C. DRP ensures IT is being restored and at full or partial operation( A written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities) while BCP is to sustain business operations while recovering from a significant disruption.

Thank you for this video but there's nothing like a mirror site. There are just three redundant sites - Cold, Warm, and Hot.

I just love the way you explain all other options making it clearer. Good job 👍

Thanks Everlast much appreciated will check this out later in the week

great pics! thanks

taking exam in one week

love it!

For question 3 right answer is risk avoidenxe

How is question 11 C?? Firewalls and SIEM both carry out automated workflow thru ML. Or am i learning wrongly

Absolute brilliant as always thank you. I done my CC last year but still checking this out for refresher. I will also share with a group that would appreciate it as some are prep for their CC or need to redo. Thanks

Thank you so much mam for your packaged information.

Edit: The correct answer for Question 11 is option A. Business Continuity. This is because it includes the vendor's ability to recover from disruptions, which is essential to maintaining the security and availability of your data and services.

Q27 official study guide says, electricity issues is man made disaster.

Q11 whats relation between vendor selection and answer D: data classification?

Thank you very much for your brilliant knowledge of cyber security and these great videos I keep watching your videos and sharing with our class.

Thank you. You videos are very thorough & easy to assimilate.. I am grateful. I have informed our group to like and subscribe to your channel as we are all getting ready for our Cissp in a few months

For Q27 I think the answer is A encryption is to hide information from anauthorzed users D is for IDS

the correct answer for question 19 should be b... kerberos is primarily authentication. ldap is commonly used to authenticate users, even though it is not itself an authentication protocol. tls and ssl both offer password as well as client-side certificate authentication as part of the channel creation. oauth on the other hand it authorization only, and the protocol does not specify anything related to authentication. from the oauth website... "OAuth 2.0 was intentionally designed to provide authorization without providing user identity and authentication, as those problems have very different security considerations that don’t necessarily overlap with those of an authorization protocol. "

question 2 should be c. according to google searches and the official testing guidebook, you don't establish an escrow agreement until the system has been accepted. up until that point you don't know if the system meets your needs and that you will use it, so establishing an escrow agreement at the development stage could result in spending money on escrow that is not needed, as you may need to switch vendors if the system is not acceptable.

question 14 should be provenance, not prevenance. the correct answer is not listed.

Gonna start Domain 5 soon, so using your video as prep while on my lunch break :D

Great video and well explained

I don't speak Spanish but could make out what all that was and got all right cool vid wish I knew what that stuff meant tho

Question 10, shouldn't the answer be D. Identifying the scope and impact of the incidents, which would be carried out by Response Team?

Great job you are doing pls keep it up. However, i think question 8 should be reviewed as Hashing doesn't provide authenticity. The right answer should have been digital signature if it was an option. But pls note that hashing only provide integrity.

Thanks

For user account provisioning I would argue the process definitely starts (aka initializes) from HR dept

Thank you very much love this

your videos are great. the only issue was the colors you chose. the blue is too light and makes me squint to see the words properly. it would have been better if dark blue was used throughout. my eyes are very sensitive to light so watching the video and reading the questions gave me a headache. thanks in advance.

I am an ametuer and want to get into the IT space. I have done a linux course I am now studying for a CompTIA A+ exam. Wanted to ask if the compTIA certification is enough to get me into the door of the IT world?