"Took me years to build that course my friend, I'm glad students like you are absorbing it — it's not for everyone due to its difficulty."– Luke Ahmed

Today is Day 18 of Yihenew’s CISSP study plan, focusing on Security Assessment and Testing — critical practices that ensure controls are effective and aligned with business objectives.

Key Areas Covered:

• Purpose of Testing — validates whether security controls function as intended and remain effective over time.

• Common Assessments — vulnerability assessments, penetration testing, security audits, log reviews, and code reviews.

• Types of Testing — black-box, white-box, and gray-box approaches with varying levels of knowledge.

• Continuous Monitoring — using automated tools to provide ongoing assurance instead of one-off checks.

• Documentation & Reporting — results must be actionable, traceable, and tied to governance requirements.

• CISSP Exam Tie-In — the exam tests whether you know the why (purpose and value) behind these assessments, not the how (tool-specific commands).

In this CISSP study plan session, Yihenew learned that security assessment is about assurance and accountability. It’s not just running tools — it’s about proving controls align with organizational risk appetite and compliance obligations.

Quick CISSP Practice Question

Which of the following best describes the goal of security assessment and testing?

A. To create new security controls

B. To validate that existing security controls are effective

C. To eliminate all vulnerabilities

D. To automate governance processes

✅ Correct Answer: B. To validate that existing security controls are effective

Explanation:Security assessment and testing confirm that implemented controls are performing as expected. They don’t create new controls (A), can’t guarantee the elimination of all vulnerabilities (C), and while they support governance, their goal isn’t automation (D).

Think Like a Manager: The CISSP exam often disguises these questions by asking about value to the business. A manager doesn’t run scans to check boxes — they demand evidence that investments in security controls are working, measurable, and defensible to auditors and regulators. Always tie assessments back to governance and accountability.

Check out Yani's TikTok or see Day 17 or Day 19.

👉 Can you take the Yani Challenge?

55 days of consistent CISSP prep, tackling one domain at a time, using only the resources below:

Course

Luke's CISSP Course (2 months access, $89.98)

One-to-one Zoom sessions with Luke Ahmed (2 weeks before exam)

Books, Notes, and Practice Questions

All-In-One Study Guide by Shon Harris (Around $45)

Sybex 10th Edition (Around $52.55)

Official CISSP Practice Tests, 4th Edition by Mike Chapple & David Seidl (Around $35)

How To Think Like A Manager for the CISSP Exam ($29.99)

Total Cost: approxiamately $250 depending on your geographic location. Yani is located in East Africa.

📚 Study Plan (55 Days of Dedication):

- Weekdays: 2–3 hours of focused study—late nights and early mornings (5 AM).

- Weekends: 5–6 hours of deep study sessions.

Pass CISSP in first attempt within 100 questions.

Yani's biggest expense was his time, committment, consistency, and dedication! It was worth it because he passed first attempt in 100 questions using the above resources only.

If Yihenew could do it, so can you.

All the best Future CISSP. You can feel free to contact me anytime as well.

Thank you.

Luke Ahmed