Took the exam recently and passed. This video is so accurate that I wish I saw this video before attempting the exam. Thank you for sharing these tips, it will be helpful for my friends who are still trying to attempt the exam.
I do not understand why management approval is not the right answer on your pentest question. The question is quite vague on describing "penetration testing activities" which basically refers in my opinion to the entire pentest process which should have management approval prior to taking any actual activities, or am I missing something here?
Excellent question. Yes, however the impact to organizational assets should drive every aspect of the pentest process, including management approval. Also pay close attention to the wording when analyzing questions like these. The key word in this question is "considered". If the question read "What must occur" then I would agree with your analysis. Management approval is a required action, not a consideration. Methods change, as does the criticallity level of any given asset.
@@CISSPrep But question is "MUST be considered" (you missed it) and without management approval you cannot do it. I think Seba is correct, you are wrong on this one !!
@@luvkashyap Hi LUV, thanks for the comment. Management approval is a necessity, not a consideration. The wording is intentionally tricky. Real CISSP exam questions will require deep analysis and thinking of this nature, which is why we created questions like this. Notice the placement of the phrase "are performed" and "considered". The question alludes to management approval already being done, and activities about to be performed, which is where consideration should be given to the impact to assets.
Not officially, as our videos are free. We are a very small team of learning enthusiasts who primarily write high quality correctly-styled practice questions for the CISSP exam. We also enjoy creating mnemonics and other tools to help candidates adequately prepare for the exam.
@@Exigopro HI, I was thinking the same as you because it's a type of response. However, looking further, mitigation is also a response and includes unpluging so a better option. Word play is something to look out for and it's done to make sure we understand what's being asked. Also, one instructor said unplugging is never the correct answer in any questions.
I don't believe I identified the actual answer in this video, sorry! Mitigation is the right answer because it is the immediate action taken to stop the bleeding. **Edit** You asked about response - response can be thought of as the triage/analysis and determining whether an incident actually occurred, what category or severity level, and declaration of incident, etc.
Response is not over of the steps in the incident response process. Plus mitigation is the correct answer since it's an action taken to stop the bleeding kind of effect.
Cisspfree.net is a little misleading. It is currently $18. May be a great price but there is so much material and practice questions for the cissp that it is hard to choose where to spend your time..
CISSPrep.net is the name of our site; I haven't seen the one you're referring to, but yes, it would be misleading if the site was charging with the name "free" in it. At one point in time we did not charge any fees, but as our question bank grew we decided it was best to protect the questions behind a paywall (and thus protect the profession).
Took the exam recently and passed. This video is so accurate that I wish I saw this video before attempting the exam. Thank you for sharing these tips, it will be helpful for my friends who are still trying to attempt the exam.
It's well worth the investment, questions that make you think.
Very nice and informative ✌🏻
I do not understand why management approval is not the right answer on your pentest question. The question is quite vague on describing "penetration testing activities" which basically refers in my opinion to the entire pentest process which should have management approval prior to taking any actual activities, or am I missing something here?
Excellent question. Yes, however the impact to organizational assets should drive every aspect of the pentest process, including management approval. Also pay close attention to the wording when analyzing questions like these. The key word in this question is "considered". If the question read "What must occur" then I would agree with your analysis. Management approval is a required action, not a consideration. Methods change, as does the criticallity level of any given asset.
@@CISSPrep But question is "MUST be considered" (you missed it) and without management approval you cannot do it. I think Seba is correct, you are wrong on this one !!
@@luvkashyap Hi LUV, thanks for the comment. Management approval is a necessity, not a consideration. The wording is intentionally tricky. Real CISSP exam questions will require deep analysis and thinking of this nature, which is why we created questions like this. Notice the placement of the phrase "are performed" and "considered". The question alludes to management approval already being done, and activities about to be performed, which is where consideration should be given to the impact to assets.
The answer of the last question should be B since a token isn't an authentication mechanism but the permission to speak mechanism.
Can you explain why the correct answer to the last question is B? D seems like a more complete and correct answer.
Hello CISSPrep, are you a trainer, I want to know more about your course?
Not officially, as our videos are free. We are a very small team of learning enthusiasts who primarily write high quality correctly-styled practice questions for the CISSP exam. We also enjoy creating mnemonics and other tools to help candidates adequately prepare for the exam.
The network cable in response to possible malware on device. Mitigation is best answer vs response in regards to steps in a security breach?? How?
Response is more about figuring out what is going on and getting this to the incident response team to further follow-up
@@Exigopro HI, I was thinking the same as you because it's a type of response. However, looking further, mitigation is also a response and includes unpluging so a better option. Word play is something to look out for and it's done to make sure we understand what's being asked. Also, one instructor said unplugging is never the correct answer in any questions.
I don't believe I identified the actual answer in this video, sorry! Mitigation is the right answer because it is the immediate action taken to stop the bleeding. **Edit** You asked about response - response can be thought of as the triage/analysis and determining whether an incident actually occurred, what category or severity level, and declaration of incident, etc.
reviewing All replies. Mitigation is the only option. Finding a way to counterattack the matter. Thank you for taking the time.
Response is not over of the steps in the incident response process. Plus mitigation is the correct answer since it's an action taken to stop the bleeding kind of effect.
Hello
Cisspfree.net is a little misleading. It is currently $18. May be a great price but there is so much material and practice questions for the cissp that it is hard to choose where to spend your time..
CISSPrep.net is the name of our site; I haven't seen the one you're referring to, but yes, it would be misleading if the site was charging with the name "free" in it. At one point in time we did not charge any fees, but as our question bank grew we decided it was best to protect the questions behind a paywall (and thus protect the profession).
I dont trust this video