Full Report
On this edition of CertByte, we discuss a question from N2K’s ISC2® Certified Information Systems Security Professional (CISSP®) practice test. As your news-to-knowledge partner, N2K will advance your career while bringing you the industry news and trends that help you stay a step ahead. Through our bi-weekly episodes of CertByte on the CyberWire Daily podcast, and these companion articles, we aim to support your certification journey and fast-track your career growth in IT, cybersecurity, and project management. As your host, I or my guest will share a practice question from N2K’s suite of industry-leading content and a study tip (or study “bit” as I like to call it) to increase your confidence and readiness on exam day.
Analysis Summary
# Main Topic
Analysis and breakdown of a specific practice question from the N2K ISC2 Certified Information Systems Security Professional (CISSP) practice test, focusing on the Security Management Life Cycle phases.
## Key Points
- The segment involves discussing a CISSP practice question with guest host Steven Burnley.
- The question centers on identifying the correct Security Management Life Cycle phase based on the activity described.
- **Key Activity:** Reviewing audit results to assess if security baselines are maintained.
- The analysis emphasizes contextual logic and mapping verb choices (e.g., "review," "assess") to phase descriptions.
- A key study "bit" advises candidates to focus on unfamiliar material, such as the new DevSecOps objective recently added to the CISSP exam scope.
## Threat Actors
- Not applicable. This content focuses on certification readiness and security management processes, not specific threat actors or campaigns.
## TTPs
- Not applicable. The focus is on management lifecycle phases, not offensive TTPs.
## Affected Systems
- Not applicable. The discussion is centered on organizational *processes* and governance principles relevant to the CISSP domain.
## Mitigations
- **Study Strategy Recommendation (Proactive "Mitigation" for Exam Failure):** Focus study efforts on parts of the exam material that are unfamiliar or cause concern.
- **Procedural Note:** Pay close attention to verb tense (past, present, future) in procedural questions to correctly map activities to the appropriate phase.
## Conclusion
The primary topic is educational support for the CISSP certification, specifically clarifying that **reviewing audit results and assessing accomplishments** falls under the **"Monitor and Evaluate"** phase of the security management life cycle. This highlights the importance of understanding the sequential nature of security governance processes.