answer to first coffee shot should have been Separation of duties. atleast based on the written question. However after you explained the scenario , then job rotation made sense. Please include the scenarios in your written questions as well. otherwise its confusing . Thanks. Good job. keep it up
I passed the CISSP exam on 4 December and I must say that Prabh's Coffee shots played a huge role in my success. I watched the coffee shots twice, once during preparation and then during the last two days before exam date. So thank you Prabh bhai for the valuable content :)
Congratulations! Which books did you find the most helpful and which ones the least so don't get them. Also which practice questions did you find the most helpful? Thank you
@@AnthonyGee-pn5wf I used the cissp CBK reference and read it twice. It's brief and covers all the necessary topics. I didn't use any other book. For practice questions, I used isc2 official practice questions. The key to success is to understand the concepts no matter from whatever book you learn. I recently passed the CCSP and again used the CBK REFERENCE as the main study guide.
@@mikealpha Thanks, I just got back from the exam and I passed. I honestly was kinda shocked at the questions because the Free training they gave didn't really cover that much depth. I had to draw on my years of experience doing the rolls. I didn't like their use of wording. Some English words I had never heard before used like that IT were confusing but like most say there are 2 obvious wrong answers so the other is just 5050.
@@AnthonyGee-pn5wf many congratulations 🎆🎉.. You are right the language used in the exam is very tough and sometimes you need to read the questions multiple times to get the point. Understanding through experience is the key to pass the exam as you did. I think you are talking about CCSP when you ask about giving the exam in the last sentence. I passed CCSP two weeks back on 5th April.
Hi Prabh first of all I appreciate and thanks what you have done for CISSP candidates keep gone, I am one of the candidate I will take the exam after two weeks and I couldn't address all the domain from Sybex but I read some of the domain with remaining of domain 3, 7 and 4 so what is your advice to me and is that enough to read what you told us to read only exam point areas in your video please leave your comment. THANK YOU!!!
Mitigate = make less severe. The risk is still there even if you perform employee training. Training employees might make the risk less likely to happen, but the impact "severity" is still there if an employee uploads a sensitive document to the cloud. The answer should be "D" acceptance. Mitigatation has nothing to do with likeliness, it has everything to do with overall severity. Ex..if sensitive information is leaked from the cloud.. the impact is still the same.
Mitigation can be partial, even if the risk remains it is an action taken to reduce the likelihood or impact of the risk to an acceptable level. "Acceptance" by definition is doing nothing about the risk at all, which is clearly not the case. The end result will be fewer cases of sensitive information in the cloud and thus less risk of leakage, when viewing the security stature of the company as a whole, not as a case by case basis.
Great efforts and explanations Thank you very much sir I got correct answers for almost all the questions in your videos; I watched all your coffee with Prabh. These questions seems to be very easy you areCISSP certified please let me know that the real questions in exam are that simple I have read in many forums that questions in CISSP exam are completely different from the practice exams Am I ready for the exam if I am getting all the correct answers in your video?
How is job rotation the correct answer? If the person or person's job rotates and the privileges vary then you are teaching the employee(s) multiple ways of interacting with the company or the service which would increase the likelyhood of fraud. Fraud is an after effect of immorals and education so by increasing the education of people in the company by rotating their jobs, you increase their ability put two-three-four functions together and come up with a plan for more in depth and clever fraud not to mention increasing the ability of said employees to interact with each other and network possibly finding likeminded people. Least privilege disallows the very ability for fraud to occur if you take away the privilege from the employees with the most likelyhood to commit such fraud. So then no matter where they go an employee only has the ability to do their specific function and must find someone with higher privilege to assist them. Which is a risk in itself, but less than forced job hopping?
Well, it's not just asking about reducing fraud in an absolute sense, its asking about reducing fraud and the possibility of employee collaboration (in doing fraud). What you're saying is true, but only half of the answer. By ensuring that jobs are routinely rotated, you know that fraud will be detected by the influx of new eyes on the processes and no ongoing long-term collaboration can endure because the teams are constantly shuffled.
@@JulieSquirrel42 Thank you for your consideration. I still disagree because of technologies and knowledge availability increase. Though you would have fresh eyes on information left by previous workers, this would not stop someone from committing fraud or any other attack especially if the employees were playing the long con and not trying to get rich quick. Just the ability to have a conversation on discord or use a cellphone makes it infintely easier for strangers to connect over long periods of time for common goals even if you had them move to entirely different continents. And if the job switching was not infinite in diversity, then employees would KNOW that eventually one or two or three of them would get back to their designated and planned stations so as to resume the attack. However, I am not an expert, I am just some dude asking why someone would think seperating peoples' duties would stop them from being a threat. It would be better to only higher low IQ or low intelligence people to avoid problems like the Military does... but that is a hateful and discriminitory practice.
Very useful especially with explanation in selecting the right answer
In addition to the clear explanation, your sense of humour is good!! "It doesn't mean we'll sponsor his GOA vacation!!" 😂
answer to first coffee shot should have been Separation of duties. atleast based on the written question. However after you explained the scenario , then job rotation made sense. Please include the scenarios in your written questions as well. otherwise its confusing .
Thanks. Good job. keep it up
Horribly worded questions
I passed the CISSP exam on 4 December and I must say that Prabh's Coffee shots played a huge role in my success. I watched the coffee shots twice, once during preparation and then during the last two days before exam date. So thank you Prabh bhai for the valuable content :)
Congratulations! Which books did you find the most helpful and which ones the least so don't get them. Also which practice questions did you find the most helpful? Thank you
@@AnthonyGee-pn5wf I used the cissp CBK reference and read it twice. It's brief and covers all the necessary topics. I didn't use any other book. For practice questions, I used isc2 official practice questions. The key to success is to understand the concepts no matter from whatever book you learn. I recently passed the CCSP and again used the CBK REFERENCE as the main study guide.
@@mikealpha Thanks, I just got back from the exam and I passed. I honestly was kinda shocked at the questions because the Free training they gave didn't really cover that much depth. I had to draw on my years of experience doing the rolls. I didn't like their use of wording. Some English words I had never heard before used like that IT were confusing but like most say there are 2 obvious wrong answers so the other is just 5050.
@@AnthonyGee-pn5wf many congratulations 🎆🎉..
You are right the language used in the exam is very tough and sometimes you need to read the questions multiple times to get the point. Understanding through experience is the key to pass the exam as you did.
I think you are talking about CCSP when you ask about giving the exam in the last sentence. I passed CCSP two weeks back on 5th April.
@@AnthonyGee-pn5wf are you asking about whether I am currently working as a CISSP?
Hi Prabh first of all I appreciate and thanks what you have done for CISSP candidates keep gone, I am one of the candidate I will take the exam after two weeks and I couldn't address all the domain from Sybex but I read some of the domain with remaining of domain 3, 7 and 4 so what is your advice to me and is that enough to read what you told us to read only exam point areas in your video please leave your comment. THANK YOU!!!
U can use my coffee shots + cbk to cover the gap of domain 3 , 7 and 4
Hey how did it go? It's been 1 year... Did you get your CISSP?
Mitigate = make less severe. The risk is still there even if you perform employee training. Training employees might make the risk less likely to happen, but the impact "severity" is still there if an employee uploads a sensitive document to the cloud. The answer should be "D" acceptance. Mitigatation has nothing to do with likeliness, it has everything to do with overall severity. Ex..if sensitive information is leaked from the cloud.. the impact is still the same.
Mitigation can be partial, even if the risk remains it is an action taken to reduce the likelihood or impact of the risk to an acceptable level. "Acceptance" by definition is doing nothing about the risk at all, which is clearly not the case. The end result will be fewer cases of sensitive information in the cloud and thus less risk of leakage, when viewing the security stature of the company as a whole, not as a case by case basis.
@@JulieSquirrel42 either way I passed my CISSP first try. Prahbs videos were a good help.
@@bipedalhominid6815 Congratulations!! :)
I was wondering why acceptance is not the right answer and you answered it. Thanks
Thank you very much!!! very useful, please continue!
Thank you for the sample CISSP exam. Please publish douible negation problems. Thanks.
Hi Prabh, if you could share and make questions on ISO and RM.
Thank you Sir . For awesome coffee really refresh concept.
thanks a lot
Great efforts and explanations
Thank you very much sir
I got correct answers for almost all the questions in your videos; I watched all your coffee with Prabh.
These questions seems to be very easy
you areCISSP certified
please let me know that the real questions in exam are that simple
I have read in many forums that questions in CISSP exam are completely different from the practice exams
Am I ready for the exam if I am getting all the correct answers in your video?
Excellent video.
Glad you liked it!
Thank You, Sir. 🙏
Most welcome!
Thank you sir!
You are welcome!
WAITING FOR NEXT PART
How is job rotation the correct answer? If the person or person's job rotates and the privileges vary then you are teaching the employee(s) multiple ways of interacting with the company or the service which would increase the likelyhood of fraud. Fraud is an after effect of immorals and education so by increasing the education of people in the company by rotating their jobs, you increase their ability put two-three-four functions together and come up with a plan for more in depth and clever fraud not to mention increasing the ability of said employees to interact with each other and network possibly finding likeminded people.
Least privilege disallows the very ability for fraud to occur if you take away the privilege from the employees with the most likelyhood to commit such fraud. So then no matter where they go an employee only has the ability to do their specific function and must find someone with higher privilege to assist them. Which is a risk in itself, but less than forced job hopping?
Well, it's not just asking about reducing fraud in an absolute sense, its asking about reducing fraud and the possibility of employee collaboration (in doing fraud). What you're saying is true, but only half of the answer. By ensuring that jobs are routinely rotated, you know that fraud will be detected by the influx of new eyes on the processes and no ongoing long-term collaboration can endure because the teams are constantly shuffled.
@@JulieSquirrel42 Thank you for your consideration. I still disagree because of technologies and knowledge availability increase. Though you would have fresh eyes on information left by previous workers, this would not stop someone from committing fraud or any other attack especially if the employees were playing the long con and not trying to get rich quick.
Just the ability to have a conversation on discord or use a cellphone makes it infintely easier for strangers to connect over long periods of time for common goals even if you had them move to entirely different continents. And if the job switching was not infinite in diversity, then employees would KNOW that eventually one or two or three of them would get back to their designated and planned stations so as to resume the attack.
However, I am not an expert, I am just some dude asking why someone would think seperating peoples' duties would stop them from being a threat. It would be better to only higher low IQ or low intelligence people to avoid problems like the Military does... but that is a hateful and discriminitory practice.
Thank you.
You're welcome!
Thank you! Please publish more Q/A
thanks a lot
Thanks Sir
More scenario based questions required on all 08 domain
thanks a lot sure
great stuff prabh bhai
Most welcome!