CCT 315: Cybercrime Inc and Practice CISSP Questions (Domain 1.8)

Check us out at:  https://www.cisspcybertraining.com/

Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout

Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv

Cybercrime now runs like a tech startup—with roles, KPIs, and customer support—while most defenders are stuck in annual review cycles. We dive into how this underground economy operates as a service chain, why ransomware-as-a-service lowers the barrier to entry, and what leaders can do to close the agility gap. From faster iteration to data-driven decisions, we map out a defense that keeps pace with attackers rather than reacting months later.

We also shift into CISSP Domain 1.8 with scenario-driven insights you can apply today. You’ll hear how to design an insider threat program that respects privacy while delivering real defense in depth, including behavior analytics, transparent monitoring policies, and legal and HR oversight. We break down the executive-level risk when background checks slip during mergers, the right first move when a senior developer with admin access gives notice to join a competitor, and how to navigate employment gaps without crossing legal or ethical lines. Then we take on a thorny integrity case: a cloud security architect who lied about a required certification. Policy clarity, culture, and legal risk all collide—and we walk through the reasoning.

Throughout, we connect the AI arms race to practical security outcomes. Attackers are using AI to craft better phishing and faster exploits; defenders need AI for correlation, anomaly detection, and automation—without sacrificing governance. The throughline is speed with discipline: shorten feedback loops, harden the human layer, and align security operations to measurable risk reduction.

If you’re preparing for the CISSP or leveling up your security leadership, this episode blends strategy with concrete steps you can implement now. Subscribe, share with your team, and leave a review to tell us which scenario challenged your thinking most.

Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

Join now and start your journey toward CISSP mastery today!

Good morning everybody. It's Sean Gerber with CISSP Cyber Trading and hope you all are having a beautifully blessed day today. Today is CISSP question Thursday, and we are going to be focused specifically around domain 1.8 of the CISSP exam. So we are pretty excited about that. Well, at least I should say I'm excited about that. We're going to get into some pretty cool stuff related to domain 1.8. But before we do, had a quick article I wanted to show you all as it related to Cybercrime Inc. When hackers are better organized than IT. So this article comes out of CSO magazine, and this is by Thomas Cress, K-R-E-S-S. And it's basically Cybercrime Incorporated when the attackers are better than their IT departments. And we kind of will mention this is it's really interesting. I've been talking about this for years, and the reason is when I was formerly in the red team space, we knew of people that were uh basically acting like resident hackers for most organizations and for in uh I should say state sponsored kind of activities. So they they would work as a mercenary in many ways, so they would do things that against organizations from a day-to-day basis that was not possible, or not, I shouldn't say not possible, it was definitely possible, that was not a good thing to do from a standpoint of morals and activities, but they would also then flip the hat and then go work at a corporation and help uh secure that corporation. So very interesting world. But what they're saying is cybercrime now has evolved into a highly industrialized, efficient, and organized underground economy. And I totally get it. There they were, I think there was an FBI report that was out a while back that mentioned that the overall cybercrime numbers are in the at are basically in the levels that of small countries of their entire GDP. So it's it's impressive where that has all gone in a sad state. I mean, honestly, we it's not good. There's just a bunch of hooligans that are out there stealing money from people. Uh, this this transformation of this has changed dramatically. One of the articles in the article, they basically mentioned that the fact is they have defined departments, they have processes and KPIs. Uh, so they they have a measurement and metrics process, they have RD, and then they have customer-like support and product life cycles. Just again, all the things that they're doing to make it much more efficient from a hacker's standpoint. Uh, they call it the Amazon of Crime, and it's basically ransomware as a service. Is it's all set up so that you can come in, buy what you want to buy, and use it against whomever you want to use it against. Uh, they're all they're offered very similar to commercial type software, and they may use malware, they'll pick targets, they also help launch attacks without any sort of coding expertise. So, what it comes down to is if you don't like somebody, you can actually launch an attack and you can go to this wherever this is at, this location uh online, and you can then purchase these products and services from them, and they will do that for you. So it's it's I mean, if it wasn't so sad, it is actually impressive because the ability for them to do something like this at a scale that uh it would rival many IT departments, right? So they the function they function as a service chain basically with initial access, brokers that sell the enterprise access, they have botnet operators that provide computing resources, and they also have exploit developers that craft tailored attack code. And then when it's all said and done, they have folks that are really good at negotiating ransomware and the demands that go associated with it. So that's why there's a whole cottage industry has been built up around all of this. So it's just it's just absolutely mind-blowing of where this can actually go and how efficient it can be. Now, the the problem with a lot of this is that these guys are very agile, and they talk about them being from a development standpoint in an agile mindset and an agile capability. Most big corporations are extremely bureaucratic, they're just like leviathans, they're large and they don't move real well. Well, these guys can actually do a lot of this stuff, and it makes them very efficient in how they do this. Uh, it talks how they deploy modern agile and data-driven methods, uh, they have recruitment and incentives resembling many startups and their culture, and they have rapid experimentation and iteration cycles that go along with it. So it's again, there's a lot of operational efficiencies that are built into with these attackers as well. Now, the operational defenses, as we I've talked about in my previous life, they do lag behind substantially. Security strategy reviews are done on an annual basis in most cases, right? Well, these guys are very agile. They're picking, they're changing on a daily basis. So when you set back with your bureaucratic, let's look at our strategy. When you do that, that's great. And you need to do that type of activity. However, these folks are not operating in that manner. They're operating very quick, very agile, to the point. Uh, the average detection time of you finding somebody within your organization that has been has attacked you that is basically inside, uh, is around 200 days. So that's two-thirds of a year is gone because of the fact that you're just trying to figure out who all these people are and what's going on within your network. The other part that I think is a key factor, and this is something that organizations can do relatively inexpensive. And I'll talk about how I'm I'm putting in a security awareness training for an organization right now as a consultant, and the overall cost for this product was around six grand, right? So it wasn't a lot of money, and it's all built there already for them. So that they're and the reason I bring that up is around there's over eight, eighty percent of all human or successful breaches will start with human error via the phishing or social engineering. So 80% of these attacks are basically being accomplished because of phishing and social engineering. Well, that is uh due in large part to the training that they receive. Now, it doesn't mean that just because you have the trainings, they're not gonna click on the links, but it does increase the risk or decrease the risk of that happening within your organization by having a good successful training program in place. So there's a lot of great things that are there. Uh, the data weaponization, they've extorted there, all kinds of things that are in place uh that these guys are doing to organizations. And it's a really great article and tonic talks about all of those different types of activities that are occurring. So, oh, the one thing that I also want to come back to was the AI arms race. They're they are pushing AI to the envelope of where it can go, which is totally anticipated. Uh, they're going to take that tool, that's a really great tool, and utilize it as a weapon. And the defenders are in the process of trying to incorporate AI within their environment, but they again have much slower response rate to what the attackers are doing. So it's just an interesting piece. I would come back to say I have a feeling of who's going to win and who's going to lose. Folks that pay big money for security folks and having a really great ecosystem in place are going to do much better at repulsing these types of activities. But those small and medium-sized businesses that are struggling, uh, they are going to have a hard time in this new world, especially as AI is coming out and spinning things up much faster than they ever have in the past. So interesting, very, very interesting article. Uh, highly recommend you go check it out. It's from CSO magazine, and uh, you can go get it out on the web. All right, let's get into what we're gonna talk about today. But before we do, wanted to quickly put a shout out for CISSP Cyber Training. Head on over to CISSP Cyber Training. If you are in the process of looking, studying for your CISSP and you want some help, that is where you can go to get it. CISSP Cyber Training. We have all of the content that's available for you. You've got questions, you've got answers, you've got ability to contact me and communicate with me directly. You have all of that's available to you at CISSP Cyber Training, and just go over there, check it out. If you're looking for free stuff, it's there as well. So all kinds of stuff is available for you at CISSP Cybertraining.com. Okay, so these are deep dive questions related to domain 1.8. And the overall goal of deep dive questions is to have a good, hard question for us to walk through. And as we walk through it, then we will kind of work through what are not the correct answers to kind of help build that mindset of you as somebody that has to go and study for this exam. How do you do it? How should you think about these questions? So we're getting this again, you can get all this at CISSP Cyber Training. It's all available to you. But uh, let's just roll into some of these questions. An organization is implementing a new insider threat program. The CISO wants to balance security monitoring with employee privacy rights. Which approach best demonstrates the defense in depth while maintaining legal and ethical compliance? A deploy keystroke logging on all workstations and implement 24 by 7 video surveillance with in all work areas to create a comprehensive audit trail. B. Implement a behavior analytics on a network traffic, establishing clear monitoring policies with employee notification, combine technical controls with security awareness training, and ensure oversight by legal and HR departments. C restrict all monitoring to after hours activities only as daytime monitoring violates privacy expectations in most jurisdictions. And then the last question or last answer is focus exclusively on technical controls like DLP and firewall logs without informing employees, since security monitoring is legitimate business interest. Okay, so as we know, a lot of these questions or these answers have little vignettes of positivity. And yes, they are the correct answer, but they're vignettes of that. However, the best demonstrates this. Let's kind of walk through those a little bit, which ones are not the best. So D, focus exclusively on technical controls like DLP firewall logs without informing employees since security monitoring is a legitimate business interest. Okay, so focusing on technical controls like DLP and firewall logs, great idea. So that part of it is true. However, without informing employees, yeah, that's not good. You've got to inform your employees before doing any of these things. Focus exclusively on these tools. No, that's not the right word because you won't, you'll always want defense in depth, and focusing exclusively on anything will lead to problems. So D is not the correct answer. C would be restrict all monitoring to after hours activities only as daytime monitoring violates privacy expectations in most jurisdictions. So that is not true, uh, it but it can be true. So if in depending on the location where you're at, uh privacy monitoring could potentially be a privacy violation. Most jurisdictions will allow you to monitor employees due to the fact that they understand you have to have some level of monitoring on individuals and their systems to ensure the protection of your company. So again, app that's a that's really not as big of a deal. Now the after-hours activities only. So that most of these things happen, you know, all the time, right? They can happen during the day, they can happen in the in the evenings. But if you looked at just after hours activities, your people aren't that busy in the in the evening. When they go home, they go home. They don't actually turn on their computers in many cases. So that is really probably the worst answer of all four of them. Let's look at A. Deploy keystroke logging on all workstations and implement 24 by 7 video surveillance in all work areas to create a comprehensive audit trail. Okay, so this is not bad, it's but it's not the best, right? So your keystroke logging, um, there are situations where you would allow keystroke logging within your organization. Uh, very highly classified locations may require that type of activity. However, that would probably be pushing the privacy envelope a bit if you're doing all keystroke logging on all workstations. 24 by 7 is video surveillance, again, another one of those that could be a bit challenging just because uh you they have to you have to give employees some level of sense of privacy with their daily activities. Now, that doesn't mean you can't do it, but it would mean that you would have to have very strict uh criteria on which you are hiring people into your organization, and then also what are some of the different uh methods that you are going to be monitoring, and they have to be aware that they are being monitored. So it's it's not the worst, but it's definitely not the best. Now, the best one is B implement behavior analytics on network traffic, establish clear monitoring policies with employee notification, combine technical controls with security awareness training, and ensure oversight by legal and HR departments. So you can tell that's got everything in it. We're monitoring the traffic. You got clear monitoring policies with employee notification, key factor there. Combine technical controls with security awareness training, again, that's an important part, and then ensure oversight by legal and HR departments. So all of those are the best answer for that question. Okay, so let's move on to the next one. During a merger, an ACCA acquiring company discovers that a target company has been conducting back background checks on candidates after they have already started work. Some employees have been working for weeks before the checks were completed. What is the primary risk that should be communicated to executive leadership? Okay, so what basically what they're saying is background checks were important. They should have been something that they were done before they even were brought in, but these people were hired and then they did the background checks later. And so that's a problem, right? Okay, so A, the organization has been operating with individuals in trusted positions who may have undisclosed criminal histories, conflicts of interest, or falsified credentials that could enable insider risks or compromise sensitive information. So again, this is supposed to be something to the leadership. So this is you're communicating to them. B, increased costs due to having to terminate employees who fail background checks after onboarding. C, if high HR efficiency metrics to show poor performance indicators during the merger integration period. Or D, organize may the organization may face discrimination lawsuits from employees who terminated based on background check results. Okay, so this is again, you've acquiring the company, you should have done background checks, you didn't do it. Been here, done that, got the t-shirt, and it's got holes in it. Yeah, that's fun. Because when you're doing mergers and acquisitions, you don't always get the ability to kind of control what you're bringing on and who you're bringing on. So there's a lot of squishiness in this space. So uh I I really like this question because it's great. It's great. So let's talk about the answers that are not correct. So let's go D. An organization may face discrimination lawsuits from employees who are terminated based on background checks. So you may and that you may face some of these lawsuits. Now, again, this back to kind of gauge the question. This is what you're gonna primary communication that you're gonna give to executive leadership. So you're telling leadership that they may face some discrimination lawsuits from employees who are terminated based on the background checks, which is true, but it probably wouldn't be you as a security professional given on that information. Most likely, I'd say in 90% of the situations, uh, that would be your HR team or maybe your legal or compliance team that might be telling them that. That wouldn't be necessarily you. I say that, but depending on the size of your organization, it may be you. You just never know. So that that is something that could be taught to or could be said to the executive leadership team, but it's not likely that that would come from you. Uh C, HR efficiency metrics will show poor performance indicators during the merger and integration period. Again, this is something that HR team should probably be doing, and it would be something they would show that there would be some metrics that are poor because of this. We need to have uh KPIs and performance indicators for all of these activities. The KPIs need to be developed. Uh, the next one would be C, or I should say B, increased cost due to having to terminate employees who fail background checks after onboarding. Now that would be more of a finance CFO type of activity, but yes, they would probably have increased costs due to terminating employees who do fail these background checks. And I've had to deal with bringing employees on board and end up not doing a background check. And because we didn't do a background check, they were still put in a position of trust. And leadership was like, well, we really don't want to fire them because we don't well, we'll do the background check, but we really don't want to ask too much. So there was a little bit of squishiness in that. And then what ended up happening is, well, uh, they ended up staying on with the company, and then you just look for cause anytime you can. Uh, but they never did. Some of them were very, very good and very, very good employees, and they never had a problem. However, you just you just never know sometimes. All right, so then the one that is the most correct, the primary risk that should be communicated to the executive leadership is A. The organization has been operating with individuals in trusted positions who may have undisclosed criminal histories, conflicts of interest, or falsified credentials, which could enable the insider's risk or compromise sensitive information. So, out of all four of those, those are more in line with what you would do as a CISO or as a security professional. And there's really, in most cases, that is what the leadership wants to know. They they would like to know what are what are some of the risks they would have to deal with from a cyber standpoint. So that would be the answer to questions. The next question is A. Next question A senior developer with administrative access to production system gives two weeks' notice. Mmm, not good. The developer was joining is will be joining a direct competitor. Oh, that's really not good. According to personal security best practices, what should be the first action? Okay, so you got a senior developer who's leaving to go to a competitor. What should you do immediately? Right away. Do not delay. Okay. A immediately disable all accounts and escort the developer off-premises to prevent data exfiltration. Okay. B. Conduct an exit interview and understand the developer's reasons for leaving and gather the information. C. Require a developer to sign a non-compete agreement and threaten legal action if they violate confidentiality. D. Review and adjust access rights based on risk assessment, considering business continuity needs, acknowledgement, knowledge transfer requirements, and data sensitivity while implementing enhanced monitoring. Okay, so this is a tough one. So if these are, I would say, in a situation you may have to really kind of weigh this out, but look at it from a senior level executive. He has never given you any indication. The senior developer uh has access to these systems. He's given you two weeks' notice. Okay, this isn't like he's saying, I'm out of here. Now he's giving you two weeks' notice. You also got to think about this from the perspective of is this senior developer somebody you've had on your your role for quite some time and has given you no indication that he or she is a bad seed. Um then moving to a direct competitor. That typically happens a lot, right? So if you're in one space, especially when I was in the manufacturing space, we had people would go to competitors on a routine basis. So you you have to weigh all these different things out of it. And as a security person, you have to decide what you should do. Now, there will be some roles that will require specific activities and actions immediately, and we're gonna kind of go into those just in just a second here. So, what are the ones that are not correct? Okay, so let's require, let's do C, let's start with that one. Require the developer to sign a non compete agreement and threaten legal action if they violate confidentiality. Okay, so yeah, they should have signed it before they started, but if they didn't, yes, they would definitely sign it before they leave. And giving them that um not ultimatum is probably important, depending on the person and where they're at within the company and how they've done. You may not come down and threaten legal action. You may not say that per se. You may be more along the lines of uh yeah, if you do anything, you'd realize that we have legal recourse if something were to happen. So, you know, you can soften that up a bit, but when it comes right down to it, they should have signed it when they started. B, conduct an exit interview to understand developers' reasons for leaving and gather information about the competitor. So an exit interview is important. Uh that would probably not be the first thing you would do. Uh, you would probably be more like the seventh or eighth thing you would do. But you would definitely conduct an exit interview and understand the reasons that they're leaving and understand the information why a little bit more about the competitor. Uh the next question is the real squishy one, immediately disable all accounts or all access and escort the developer off-premise to prevent data exfiltration. So that's a good one. That is a really good one. And I would say it's probably not the first. However, it's probably like number two or three that you'd want to do this. And we'll kind of get into that just in just a minute. The correct answer is review and adjust access rights based on risk assessment, considering business continuity needs, knowledge transfer requirements, and data sensitivity while implementing enhanced monitor. Lots of big words. Uh, but really what it comes down to is you take a risk and you try to understand where is this person at? So based on the risk assessment, are they somebody who's been a good employee? Okay, risk goes down. Are they somebody that has been nothing but a pain in your side? Risk goes up. Uh so you got to decide, hmm, what do I want to do in that regard? Uh business continuity needs. Is this person the only person that is one deep in your organization in this area? And if he or she leaves, you have true you're in trouble. So that's a business continuity problem. You got to decide, hmm, we need to keep them on. You also need to consider knowledge transfer. If this person is the one that is the best and the brightest and the smartest in your organization, and they're leaving to go to a competitor, how can you do a knowledge transfer with some of the things that they know? So you got to think, keep that into mind. And then data sensitivity as well. And then you just throw on the monitoring piece. So I'm telling you all of this because of A, right? We talked about A, we'll come back to it. You'll immediately disable all access and escort the developer off-premise to prevent data exfiltration. So there's gonna be people in certain roles that you will do this with. Very few, but there are, where if they're in a role that is highly critical to your organization and you are deep in there, right? You have plenty of people, uh, and you you've already been keeping up on this individual, so you know from a risk standpoint where they're at, there's gonna be a situation where you would do just that. Disable all access, escort them off premises, and say, Thank you very much, have a nice day. Our lawyers will be in contact with you. Uh, that is very doable. So you've got to wait, those are probably the two that are the quick closest to, but always think about it. Look at it from a security perspective and a senior level security perspective. It's all about risk. It's all about risk. Next question An organization's background checks policy requires criminal history checks, an employment verification, and educational verification. A candidate for a senior security position has a 10-year employment gap. When questioned, they cite personal reasons and become defensive. What is the most appropriate response? The most appropriate response is you walk away and let them stay there in the room and you never come back. No, that's not the appropriate response. No, that's that's not correct. But it's something you might want to do. Okay, so let's go through some of the answers. Uh a. Document gaps, seek document the gap, seek additional references for the period if possible, escalate to the hiring manager and security leadership for risk-based decision and consider sensitivity of the role when making the determination. B. Reject the candidate immediately and unexplained gaps indicate attempted deception and represent unacceptable security risks. C. Proceed with the hiring since the criminal checks came back clean, employment gaps are protected, personal information in many jurisdictions. And then D. Require the candidate to provide detailed medical and personal documentation, including blood samples. I'm joking with that. Explaining the gap before proceeding. Okay. So what is the most appropriate thing to do? So let's go into things that are not appropriate, right? You don't take blood samples. That's not something you would want to do. Uh, it would be very gross and it's definitely not right. No. So we're looking at D. Require the candidate to provide detailed medical or personal documentation, explaining the gap before proceeding. Um, yeah, that one really is one of those you could easily throw out. It just doesn't make a whole lot of sense, right? Why would you ask for medical or personal documentation? I guess unless they made a comment and said I was out due to whatever XYZ medical condition. But even then, it's none of your business. So uh you really wouldn't do that. C, uh, proceed with hiring since the criminal checks came back clean and employment gaps are protected, personal information, and in many jurisdictions. So they don't have to tell you anything, right? So they can say it's just a personal, it's I had a personal problem, right? You don't know what's going on in their family. Uh, they could have had a death in the family, they could have had some sort of addiction issues, they could have, you know, you know who knows? Maybe they were a missionary in Uganda. I don't know. And and so the part is that they're keeping that to themselves. You cannot ask too detailed questions around that. You can ask some questions and try to get some more information around it, but you also have to be if they come back and say, I just don't want to talk about it. That's good. You're you're done, done there. You don't have to talk about it. So you got to keep that in mind when you're doing this. Um, so I would say a logical choice over the not the that is a not correct answer, would be C, uh, would be possible. Uh so you might bite off on that one, so but don't, don't bite off. That's the wrong answer. Reject Canada immediately, and unexplained gaps indicate attempted deception, represent unacceptable security risks. Okay, well, that doesn't make a whole lot of sense either. Uh, you can reject them immediately, I guess, but an unexplained gap, if they're just being totally evasive and they don't want to tell you and they don't want to give you an indication, that may tell you something. Um, it just kind of comes down to personal preference. And if you don't like it, then don't hire the person. That's fine. You don't have to don't have to go that path. But it wouldn't be the primary or the most appropriate response. The report most appropriate is A. Document the gap, right? So you're paying attention to the gap, you find the gap, you see conditional references for the period if possible. If they don't want to give you anything, you're done with trying to dig any deeper. If not, see if you can get some more information. Escalate to the hiring manager and the security leadership to make them let them know what's going on and to also get their input on what they recommend. And then finally consider the sensitivity of the role when making that determination. The role may be a situation where you want to not allow them in your organization. So it just kind of depends on what you want to do there. Okay, last question. A cloud security architect is uh is discovered to have lied about having required CISSP cert during hiring. Naughty naughty. The individual was performed excellently for the 18 months and has since obtained the certification. What should the organization's response to this be? Hmm. So they lied. They said, Yeah, I'm a CISSP. I'm 1, 2, 3, 4, 5, 6, 7, 8, 9, 10. Ha ha. I'm I'm one. And you all know better than that, right? So that's the but he lied. But he did get it. So he was probably close to getting it. So we'll see. Hmm. So A, immediately terminate for cause and integrity violations in security roles are grounds for dismissal regardless of subsequent performance. Okay. B, performal reprimand and probation since individuals now have a certification and has demonstrated competence. C or C document the incident but take no action as a certification requirement was arbitrary and the individual's performance proves competent. Proves competence. Or D transfer the individual to a non-security role where the certification isn't required. Okay. So what should you do? Now there's the right answer on this test or on this question, and then there's the answer of real life, and you're going to have to figure that one out. So again, when you're looking at this test, think of it as a way of a security professional, and it is somewhat black and white. And so we're going to go into that. D, transfer the individual to a non-security role where the certification isn't required. That can be done. Um, it's probably depends on the individual, right? It may be a situation where you may want to do that. Uh I will say I've made plenty of mistakes in my life, and I've had some people that have given me grace, and because of that, I'm where I am today because of the grace they gave me. Uh so you will have to decide if that's something you want to provide to somebody if this were to happen to you. Uh document the incident, but take no action as a certification requirement was arbitrary and the individual's performance proves competence. Okay, so document it, take no action as the requirement was arbitrary and the individual's performance was competent. Okay, so that is hard to say, right? I don't know if it doesn't say from the question that it was arbitrary to have it, but it said he lied about having it. Oh no, actually, I shouldn't say that. The question does has it having a required CISSP certification. So if you read that, that you throw that one out right away because the CISSP was not uh was not a requirement or arbitrary, it was an actual requirement. B, a formal reprimand and probation, since the individual now has a certification and has demonstrated competence. Okay, so that one, again, a reprimand and a probation period, possibly, if that's you feel that that's what's needed. Um, since the individual now has a certification as demonstrated competency. Again, that's one of those, it's kind of like the last one. You kind of have to look at the person and determine what is the best course of action around that. Now, the answer for the test. Okay, this is again, this is a test type question. Immediate termination for cause as integrity violations within the security roles are grounds for dismissal, regardless of subsequent performance. So, not knowing the person, not knowing the situation, not knowing who the individual is, this is the most correct answer. Because, again, when you're dealing with integrity, and if you have a violation related to it, the security is an important part of any company. And if you were to uh to basically allow this person to stay, it it could cause more ramifications. The other thing to think about in this space that you would have to back it up is the fact that if you were ever had us an incident that you had to go and you were being sued, one of the things that they would most likely dig up is hey, you had people working for you that's you had a requirement that they were to be a security professional and they lied and weren't. Um, so that could come back and bite you in the end. So those are all the risk-based decisions you will have to make when you decide if you're going to give grace or not to the individual. But the most correct answer is immediate termination for cause, as integrity violations in security roles are grounds for dismissal, regardless of subsequent performance. So again, that is the that's pretty awesome. I hope I hope you guys like these questions. These are some really good questions as we're digging deeper and trying to get the mindset of a cybersecurity professional and the risk aspects that you need to know for the test. So, again, that's the CISSP test. Well, all right, so that's all I have for you today. Go to CISSP Cybertraining.com. Check it out. There's some really great stuff in there, guys. I mean it. I truly, truly mean it. Um, we have some great stuff coming in 26, and I'm excited about where the future is going for CISSP Cyber Training, and my other uh site is reducedcyberrisk.com. So there's a lot of great stuff to go. So go check out both of those reducedcyberrisk.com and CISSP Cyber Training. Okay, I hope you all have a beautifully blessed day and you enjoy your week. We will catch you on the flip side. See ya. Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes and I would greatly appreciate your feedback. Also, check out my videos that are on YouTube and just head to my channel at CISSP Skyber Training, and you'll find a flip through the contacts of content to help you pass the CISSP exam the first time. Lastly, head to CISSP Skyber Training, and it's time up for 363 CISSP questions to help you in your CISSP journey. Thanks again for listening.