Nice video. It's unlikely that any company will restrict access to application in absense of patch .in my opinion compensationg control may be their best bet which could be like Host based IDs ,NID ,a proxy or internal firewall that will intercept all traffic to application and scan critical files .

Great video prabh! Your coffee shots are very insightful, but I think real CISSP questions are more intensive and confusing. Request you to please add such questions which makes us to think like a manager.

Thank You Prabh for this wonderful video. Can we have video on Common Criteria. Thank You!

Love your Confidence prabh

Hi Prabh. Great videos you have and I am learning a lot. Just a quick question on Part 7 of the question that I need clarification on: Would the answer be not "B", Implementing new training to be aware of the risks in accessing the application? My reasoning for that is that if the application is critical since it is a financial application, that means that not having access to the application can cause an availability issue and maybe potential work stoppage for the organization since the application is critical? I understand option A is incorrect and option D is also incorrect. I was able to eliminate those two myself. However, option C says to restrict access until the vulnerability is patched. In that option, the question says that There is no patch available which means the application that is critical to the organization will not be accessible to the users until that patch is available which we don't know when. Can you or any viewer please clarify this? Thank you for your time!

No.snacks in this coffee..😔