"He probably studies 3-4 hours at this rate, and will probably increase his frequency 5-6 hours on weekends. That's what it takes!"– Luke Ahmed

Today is Day 19 of Yihenew’s CISSP study plan, focusing on Vulnerability Testing — one of the most common yet often misunderstood security practices.

Key Areas Covered:

• Definition — systematic scanning to detect known weaknesses in systems, applications, or configurations.

• Tools — Nessus, OpenVAS, Qualys, and other automated scanners.

• Output — produces a list of vulnerabilities ranked by severity (CVSS scores).

• Limitations — scanners may generate false positives, require context, and don’t exploit vulnerabilities.

• Difference from Pen Testing — vulnerability testing identifies issues; penetration testing attempts to exploit them.

• CISSP Exam Tie-In — questions often test whether you can differentiate between vulnerability assessments, audits, and penetration tests.

In this CISSP study plan session, Yihenew saw that vulnerability testing is about visibility and prioritization. It doesn’t stop attacks on its own, but it equips managers with the information to make risk-based remediation decisions.

Quick CISSP Practice Question

What is the primary goal of vulnerability testing?

A. To exploit identified vulnerabilities

B. To identify and document known weaknesses in systems

C. To perform social engineering on employees

D. To validate disaster recovery capabilities

✅ Correct Answer: B. To identify and document known weaknesses in systems

Explanation:Vulnerability testing highlights and reports potential weaknesses before attackers can exploit them. Exploitation (A) is penetration testing, not vulnerability scanning. Options C and D are outside the scope of vulnerability testing.

Think Like a Manager: The exam expects you to see vulnerability testing as part of a risk management cycle. The value isn’t the scan itself — it’s what leadership does with the results: prioritizing remediation, allocating budget, and reducing business exposure. Managers ask, “How do these vulnerabilities affect our operations, compliance, and customers?” not just “What did the scan find?”

Check out Yani's TikTok or see Day 18 or Day 20.

👉 Can you take the Yani Challenge?

55 days of consistent CISSP prep, tackling one domain at a time, using only the resources below:

Course

Luke's CISSP Course (2 months access, $89.98)

One-to-one Zoom sessions with Luke Ahmed (2 weeks before exam)

Books, Notes, and Practice Questions

All-In-One Study Guide by Shon Harris (Around $45)

Sybex 10th Edition (Around $52.55)

Official CISSP Practice Tests, 4th Edition by Mike Chapple & David Seidl (Around $35)

How To Think Like A Manager for the CISSP Exam ($29.99)

Total Cost: approxiamately $250 depending on your geographic location. Yani is located in East Africa.

📚 Study Plan (55 Days of Dedication):

- Weekdays: 2–3 hours of focused study—late nights and early mornings (5 AM).

- Weekends: 5–6 hours of deep study sessions.

Pass CISSP in first attempt within 100 questions.

Yani's biggest expense was his time, committment, consistency, and dedication! It was worth it because he passed first attempt in 100 questions using the above resources only.

If Yihenew could do it, so can you.

All the best Future CISSP. You can feel free to contact me anytime as well.

Thank you.

Luke Ahmed