Practice for the CISSP Exam - PowerPoint PPT Presentation

practice for the cissp exam n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Practice for the CISSP Exam PowerPoint Presentation
Download Presentation
Practice for the CISSP Exam

play fullscreen
1 / 13
Practice for the CISSP Exam
313 Views
Download Presentation
morrison
Download Presentation

Practice for the CISSP Exam

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Practice for the CISSP Exam • Steve Santy, MBA, CISSP • IT Security Project Manager • IT Networks and Security

  2. Overview • Exam Overview • A Few Words Regarding Preparation and Strategy • Practice Questions • Answers to Practice Questions

  3. Exam Overview • Covers the Ten CBK Domains: • Information Security and Risk Management • Access Control • Cryptography • Physical (Environmental) Security • Security Architecture and Design • Business Continuity and Disaster Recovery Planning • Telecommunications and Network Security

  4. Exam Overview (continued) • Covers the Ten CBK Domains (continued): • Application Security • Operations Security • Legal, Regulations, Compliance and Investigations • 250 Multiple Choice Questions • Must earn a scaled score of 70% or greater • 6 Hours to Complete (including snack and comfort breaks)

  5. Preparation and Strategy • Verify your Eligibility to Become a CISSP • (ISC)2 web site, especially CISSP Candidate Information Booklet • Choose a Study Guide • E.g. (ISC)2 Guide to CISSP CBK • Shon Harris CISSP All-in-One Exam Guide, 4th Edition

  6. Prep and Strat (continued) • Each Book Above Includes a CD-ROM Test Engine • Answer as many as you can • 80% average • Group Study Recommended • Intensive “Boot Camps” • Both official and unofficial available • Lots of $$ • Designed for people who have already studied the material thoroughly!

  7. Prep and Strat (continued) • Exam Grading • You must only get an average (scaled score) of 70% on the entire exam, not a 70% on each CBK domain within the exam. i.e. Your strong areas may very well compensate for one weak area • Try to average at least 80% in all domains when studying / practicing • You must pick the best answer according to (ISC)2; they grade the exam!

  8. Practice Questions • Consideration for which type of risk assessment to perform includes all of the following except: • Culture of the organization • Budget • Capabilities of resources • Likelihood of exposure

  9. Practice Questions (continued) • What are the three types of access control? • Administrative, physical, and technical • Identification, authentication, and authorization • Mandatory, discretionary, and least privilege • Access, management, and monitoring

  10. Practice Questions (continued) • The two methods of encrypting data are: • Substitution and transposition • Block and stream • Symmetric and asymmetric • DES and AES

  11. Practice Questions (continued) • Which of the following is a principal security risk of wireless LANs? • Lack of physical access control • Demonstrably insecure standards • Implementation weaknesses • War driving

  12. Practice Questions (continued) • Computer forensics is really the marriage of computer science, information technology, and engineering with: • Law • Information systems • Analytical thought • The scientific method

  13. References • http://www.isc2.org/ • Official Guide to the CISSP CBK, Auerbach Press