You're reading from Certified Information Systems Security Professional (CISSP) Exam Guide Become a certified CISSP professional with practical exam-oriented knowledge of all eight domains

Product type Paperback

Published in Sep 2024

Publisher Packt

ISBN-13 9781800567610

Length 526 pages

Edition 1st Edition

Tools

Kali Linux

Concepts

Cryptography

Authors (3):

Ted Jordan

Ric Daza

Hinne Hettema

View More author details

Table of Contents (28) Chapters

Preface

1. Intro I: Becoming a CISSP FREE CHAPTER

2. Intro II: Pre-Assessment Test

3. Chapter 1: Ethics, Security Concepts, and Governance Principles

4. Chapter 2: Compliance, Regulation, and Investigations

5. Chapter 3: Security Policies and Business Continuity

6. Chapter 4: Risk Management, Threat Modeling, SCRM, and SETA

7. Chapter 5: Asset and Privacy Protection

8. Chapter 6: Information and Asset Handling

9. Chapter 7: Secure Design Principles and Controls

10. Chapter 8: Architecture Vulnerabilities and Cryptography

11. Chapter 9: Facilities and Physical Security

12. Chapter 10: Network Architecture Security

13. Chapter 11: Securing Communication Channels

14. Chapter 12: Identity, Access Management, and Federation

15. Chapter 13: Identity Management Implementation

16. Chapter 14: Designing and Conducting Security Assessments

17. Chapter 15: Designing and Conducting Security Testing

18. Chapter 16: Planning for Security Operations

19. Chapter 17: Security Operations

20. Chapter 18: Disaster Recovery

21. Chapter 19: Business Continuity, Personnel, and Physical Security

22. Chapter 20: Software Development Life Cycle Security

23. Chapter 21: Software Development Security Controls

24. Chapter 22: Securing Software Development

25. Chapter 23: Secure Coding Guidelines, Third-Party Software, and Databases

26. Chapter 24: Accessing the Online Practice Resources

27. Other Books You May Enjoy

Exam Tips and Tricks

This section will present some tried and tested exam tips and tricks to help you study for the CISSP exam, as well as some tips on how to approach the questions. First, consider the ISC2 website. There is a wealth of resources there, two of which you should be familiar with. The first is the ISC2 Community (https://packt.link/OT5sN), where you can explore the community you are trying to join. Be sure to check out the CISSP study group at https://packt.link/mEwXi.

The second resource is the ISC2 official acronym list, which is made available to you during the exam. However, you can preview it here: https://packt.link/AZxpN. Every acronym used anywhere in an ISC2 item bank is made public here. The item bank is a sneak peek into the concepts the items cover. Note that this covers all the acronyms for all nine of the tests that ISC2 offers (CISSP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP, SSCP, CCSP, CAP, CSSLP, and HCISPP); they are not broken down by certification.

The goal of ISC2 is to ensure that exam candidates have a true command of the exam’s material, thus avoiding on-paper CISSPs. These are people who have their certification, but once they are in a professional setting, they do not understand the CISSP Common Body of Knowledge (CBK), which would threaten ISC2 and its CISSP certification’s hard-fought reputation as the best in cybersecurity. To that end, this section will discuss your study strategy. Unlike other tests you may have taken in the past, the CISSP exam will require more than just memorization to pass. It is important to keep this in mind. With each concept you are exposed to as you prepare, ask yourself: Why is this important? How does it work? What other concepts does it relate to?

A good example of the axiom understand, don’t memorize is aptly illustrated concerning security frameworks such as ISO 27001, NIST 800-53, and COBIT. While it is important to be familiar with these and other fundamental documents, these three frameworks all cover the same concepts—it is just that they are published by three different organizations: ISO, NIST, and ISACA, respectively. You do not want to spend your precious study time memorizing which framework says what or how it says it. Rather, focus your efforts on understanding the concepts contained within, why they are important, and who tends to use one framework over another and why.

Moving on to the test itself, take a look at some strategies to use during the test. Remember that the bulk of the exam questions will be in multiple-choice format, that is, the format where the question portion of the item is known as the item stem, and the four potential answers are known as options. Each part of these items is discussed next. First, keep in mind that the length of the item stem can mislead you into a false sense of security.

As mentioned earlier in this chapter, the length of the item stem is not representative of its underlying complexity. So, be sure you understand the nuance of what is being asked. It can be easy to quickly read a question, especially one with a short item stem, and assume you know what they are asking. The best way to avoid this pitfall is to read the question slowly and carefully. Your eyes can play tricks on you when you speed read. Missing or misreading just one word can change its meaning. Anxious test-takers tend to rush, afraid they will run out of time. If you know the material, then there will be plenty of time.

Now, take a look at the options portion of an item. Remember that there are only four options (A, B, C, and D). Only one of those options is the correct answer or the key. The other three options are aptly named distractors. ISC2 does not set out to trick you but to test how well you know the material. Sometimes, the difference between one answer option and another is one word or the sequence of a list. So, the wrong answer will look right to someone who only slightly knows the concept being tested. That is the mark of a good distractor: not to trick someone who understands the concept but to distinguish between the ones who do and do not know the concept well.

Sometimes, you can know the material too well. This can happen in a couple of ways. One way is that you work or have worked in the domain that is being tested so you have real-world experience. This can cause you to overthink the question. Keep in mind that every item on the CISSP exam must be backed up with a valid reference. Exam items are never based solely on an item writer’s personal experience unless their personal experience is common practice. It would be unfair to expect any CISSP candidate to have knowledge that is not publicly available, such as from non-proprietary sources such as books, journals, and websites.

If you find yourself facing an item where, after reading the stem, you cannot find the right answer among the options, here are a few tips. First, look for the best answer from the given choices. Next, all else being equal, choose your answer while wearing your manager hat and not as a technical person. Remember that the CISSP is meant to be broad, not deep—a perspective prized among managers. Finally, if those two tips do not illuminate the best choice, try to understand the differences among and between all the options given. If all else fails, guess. In the CAT version of the CISSP exam, you cannot mark questions or go back to a question later, so never leave a question unanswered.

You're reading from Certified Information Systems Security Professional (CISSP) Exam Guide Become a certified CISSP professional with practical exam-oriented knowledge of all eight domains

Table of Contents (28) Chapters

Exam Tips and Tricks

Authors (3)

Personalised recommendations for you