Practice for the CISSP Exam • Steve Santy, MBA, CISSP • IT Security Project Manager • IT Networks and Security
Overview • Exam Overview • A Few Words Regarding Preparation and Strategy • Practice Questions • Answers to Practice Questions
Exam Overview • Covers the Ten CBK Domains: • Information Security and Risk Management • Access Control • Cryptography • Physical (Environmental) Security • Security Architecture and Design • Business Continuity and Disaster Recovery Planning • Telecommunications and Network Security
Exam Overview (continued) • Covers the Ten CBK Domains (continued): • Application Security • Operations Security • Legal, Regulations, Compliance and Investigations • 250 Multiple Choice Questions • Must earn a scaled score of 70% or greater • 6 Hours to Complete (including snack and comfort breaks)
Preparation and Strategy • Verify your Eligibility to Become a CISSP • (ISC)2 web site, especially CISSP Candidate Information Booklet • Choose a Study Guide • E.g. (ISC)2 Guide to CISSP CBK • Shon Harris CISSP All-in-One Exam Guide, 4th Edition
Prep and Strat (continued) • Each Book Above Includes a CD-ROM Test Engine • Answer as many as you can • 80% average • Group Study Recommended • Intensive “Boot Camps” • Both official and unofficial available • Lots of $$ • Designed for people who have already studied the material thoroughly!
Prep and Strat (continued) • Exam Grading • You must only get an average (scaled score) of 70% on the entire exam, not a 70% on each CBK domain within the exam. i.e. Your strong areas may very well compensate for one weak area • Try to average at least 80% in all domains when studying / practicing • You must pick the best answer according to (ISC)2; they grade the exam!
Practice Questions • Consideration for which type of risk assessment to perform includes all of the following except: • Culture of the organization • Budget • Capabilities of resources • Likelihood of exposure
Practice Questions (continued) • What are the three types of access control? • Administrative, physical, and technical • Identification, authentication, and authorization • Mandatory, discretionary, and least privilege • Access, management, and monitoring
Practice Questions (continued) • The two methods of encrypting data are: • Substitution and transposition • Block and stream • Symmetric and asymmetric • DES and AES
Practice Questions (continued) • Which of the following is a principal security risk of wireless LANs? • Lack of physical access control • Demonstrably insecure standards • Implementation weaknesses • War driving
Practice Questions (continued) • Computer forensics is really the marriage of computer science, information technology, and engineering with: • Law • Information systems • Analytical thought • The scientific method
References • http://www.isc2.org/ • Official Guide to the CISSP CBK, Auerbach Press