Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Certified Information Systems Security Professional (CISSP) Exam Guide

You're reading from   Certified Information Systems Security Professional (CISSP) Exam Guide Become a certified CISSP professional with practical exam-oriented knowledge of all eight domains

Arrow left icon
Product type Paperback
Published in Sep 2024
Publisher Packt
ISBN-13 9781800567610
Length 526 pages
Edition 1st Edition
Arrow right icon
Authors (3):
Arrow left icon
Ted Jordan Ted Jordan
Author Profile Icon Ted Jordan
Ted Jordan
Ric Daza Ric Daza
Author Profile Icon Ric Daza
Ric Daza
Hinne Hettema Hinne Hettema
Author Profile Icon Hinne Hettema
Hinne Hettema
Arrow right icon
View More author details
Toc

Table of Contents (28) Chapters Close

Preface 1. Intro I: Becoming a CISSP FREE CHAPTER 2. Intro II: Pre-Assessment Test 3. Chapter 1: Ethics, Security Concepts, and Governance Principles 4. Chapter 2: Compliance, Regulation, and Investigations 5. Chapter 3: Security Policies and Business Continuity 6. Chapter 4: Risk Management, Threat Modeling, SCRM, and SETA 7. Chapter 5: Asset and Privacy Protection 8. Chapter 6: Information and Asset Handling 9. Chapter 7: Secure Design Principles and Controls 10. Chapter 8: Architecture Vulnerabilities and Cryptography 11. Chapter 9: Facilities and Physical Security 12. Chapter 10: Network Architecture Security 13. Chapter 11: Securing Communication Channels 14. Chapter 12: Identity, Access Management, and Federation 15. Chapter 13: Identity Management Implementation 16. Chapter 14: Designing and Conducting Security Assessments 17. Chapter 15: Designing and Conducting Security Testing 18. Chapter 16: Planning for Security Operations 19. Chapter 17: Security Operations 20. Chapter 18: Disaster Recovery 21. Chapter 19: Business Continuity, Personnel, and Physical Security 22. Chapter 20: Software Development Life Cycle Security 23. Chapter 21: Software Development Security Controls 24. Chapter 22: Securing Software Development 25. Chapter 23: Secure Coding Guidelines, Third-Party Software, and Databases 26. Chapter 24: Accessing the Online Practice Resources 27. Other Books You May Enjoy

CISSP Exam Structure

The exam is made up of three types of items: multiple-choice questions, innovative questions, and scenario questions. The last two types of questions are legacy, meaning ISC2 will not be making any more questions of that type. The bulk of the questions are multiple-choice, and that is what this book will be focusing on. The other two types have been mentioned because you may see one or two in your exam.

“Innovative questions” is a fancy term for drag and drop. Imagine a graphic with four or five different boxes, where you have to drag the concept or term from one side of the screen to the other to match it up with an appropriate concept. If you know the material in this book, you should have no problem with this type of question. Another rare type of question is scenario questions. These questions have a long introduction scenario, followed by two to five questions based on that scenario.

As mentioned previously, today’s CISSP exam is predominantly made up of multiple-choice questions (MCQs). These questions have a to-the-point question portion (known as the item stem) and they have four options (A, B, C, and D). Only one option is the key or the correct answer; there cannot be more than one correct answer. The other three options are called distractors; they are incorrect answers.

To pass the exam, you need 700 out of 1,000 points. These points are scaled, which means that not all the questions are worth the same. Additionally, 25 questions are worth zero points. These are known as pre-test questions. If a pre-test question performs well, it will be promoted to a scored item in a future exam. Obviously, ISC2 does not indicate which questions are pre-test and which are scored, so try your best on all the questions.

So, what makes one question worth more than another? The more cognitively difficult the question, the more points it is worth. This cognitive difficulty is based on Bloom’s Taxonomy. See https://packt.link/eLxTU for more information on Bloom’s Taxonomy. In short, Bloom explains that there are different levels of understanding regarding concepts, with the most basic being Knowledge and the highest being Evaluation. For the CISSP exam, you only need to learn Knowledge, Application, and Analysis, as shown in the following diagram:

Figure 1.1: Bloom’s Taxonomy

Figure 1.2: Blooms Taxonomy

You can think of a knowledge-level question as pure memorization of a term or a concept you read. Application-level questions can be thought of as a deeper understanding of the underlying concept. Finally, the most challenging of cognitive levels is Analysis. It requires a deep understanding of multiple concepts; in particular, applying multiple concepts to solve a specific problem.

The idea of cognitive difficulty is best made clear with a few examples. Consider a concept from Domain 4, Communication and Network Security; specifically, 4.1:

  • At which layer of the Open System Interconnection (OSI) reference model does the Address Resolution Protocol (ARP) operate?
    1. 2 – Data Link
    2. 3 – Network
    3. 6 – Presentation
    4. 7 – Application

This is an example of a knowledge-level item. You only need to remember from reading or seeing an OSI model graphic that ARP is a layer 2 protocol. You need not know what it does, how it does it, about security issues with ARP, or how to fix them.

  • What is the purpose of the Address Resolution Protocol (ARP)?
  1. To resolve a Fully Qualified Domain Name (FQDN)
  2. To request an Internet Protocol (IP) address for a host
  3. To resolve an Internet Protocol (IP) address to a Media Access Control (MAC) address
  4. To build a loop-free topology in Internet Protocol (IP) networks

This is an example of an application-level item. It requires a deeper understanding of what the ARP does, why it is needed, and where it fits into the OSI and Transmission Control Protocol/Internet Protocol (TCP/IP) models.

  • Which attack leverages the Address Resolution Protocol (ARP)?
  1. Transmission Control Protocol (TCP) spoofing
  2. Distributed Denial of Service (DDoS)
  3. Man-in-the-Middle (MitM)
  4. Dynamic Host Configuration Protocol (DHCP) starvation

This is an example of an analysis-level item. Here, the exam is still just talking about ARP, but each question requires a progressively deeper understanding of the underlying ARP concept. For this item, you must understand what ARP is, how ARP works, and the cybersecurity attacks that use it. Notice that all the items are single sentences. Note that there is no correlation between the length of a question’s portion (item stem) and its cognitive difficulty.

You have been reading a chapter from
Certified Information Systems Security Professional (CISSP) Exam Guide
Published in: Sep 2024
Publisher: Packt
ISBN-13: 9781800567610
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image