So you want to be a CISSP…???
For starters, it is worth noting that not one formula works for everyone… I have read different people express different views about different study materials and test question sets. The info contained herein are my experiences and not necessarily a pass-all guide. Lets get started:
First thing: This exam is a test of common sense (Prudent man/reasonable thinking), a test of your understanding of security concepts (how it works, when to apply, advantages/disadvantages) and a test of endurance (6 hours is just too much time to stay concentrated) as it is a technical test. Below are a few questions testing different things: These are not real exam questions, they are just for guidance.
1. Which is the most valuable technique when determining if a specific security control should be implemented?
A. Risk analysis
B. Cost/benefit analysis
C. ALE results
D. Identifying the vulnerabilities and threats causing the risk
The question above tests your understanding of the concept… if B was not your answer, you might not have understood the concept of Business Impact Analysis.
You were a bank clerk and noticed that a customer account has been compromised, what would you do first?
A. Note the details and inform senior management
B. Disable the customer account
C. Call the customer and ask that they change their password
D. Call the law enforcement
The above is a prudent man question, it tests you understanding of incidence response. Note that the question says “do first” meaning you could carry out all tasks. The best answer would be to contain and stop any further damage… B.
Who determines if an organisation if going to operate under a discretionary, mandatory or non-discretionary access control model.
A. Security clearance of objects and classification of objects.
B. The security clearance of subjects must dominate the classification of objects.
C. Access requirements for the objects
D. Data owner
As simple as the above question might look… it is very easy to get wrong if it was question number 200…. Because at about that time your endurance is being tested and you just want to get out of the exam hall… The watch word is “Who”…. Its not the same as “what”. D would be the correct answer in this instance.
If virtual memory is a memory management technique that extends memory by using secondary storage for program pages not being executed, what is a page fault?
A. An error message displayed when a page cannot be loaded
B. When a program accesses a page that is not mapped in physical memory
C. When a program accesses a page that is not mapped in logical memory
D. When a program accesses a page that is not mapped in CPU registers
I’ll leave the answer to this questions to those still studying for the exam. I formed this question and is typical of the questions on the exams. The sometimes throw in a waffle or a subtle hint to the answer.
The exam: The exam questions are not often straightforward although most of them are… watch out for the highlighted must, best, least… because they often have a massive impact on the answer. Rather than spend eternity on a question… trust your gut instinct, chose an answer and move on. Because you have read the question, it lingers in your brain… so when you make a second pass, your brain would have had at least an hour to process each question. I spent 5hrs 30 mins and went thru the exam twice… every question. There were questions I passed thru because I was certain of the answer, however, I was able to change a few answers due to inference (from another question) or brain processing power (had at least an hour to think about it) and I was not under pressure to finish and could look at the question more objectively and more time if needed. I had a higher degree of confidence after my second pass.
Test Questions: I would recommend the after-chapter questions in the back of the Shon Harris AIO book, especially the scenario based questions, because the test your comprehension and concept of the technology rather than a simple technical memory mind map. As an example… A question might ask, you clicked a link to a blog from your Facebook account, and you noticed that certain parts of the comment column on the blog was already filled in with your name and a photograph of you… considering it was your first time on the blog, what happened? Well… you knowledge of Federated authentication would be very useful here… as against a questions that asks, What is federated authentication?
Similarly the Total Tester and McGraw Hill questions are great… Unless you want to know how much of the CBK you have covered, i would not recommend CCCURE… they are good, but way too technical in my opinion.
Why you could fail the CISSP:
I know quite a few people that have failed the exam… and judging from their study pattern, they do not deserve to fail… or should I say, if the CISSP was a techie exam, they would never have failed. They failed not because of the technical questions… but because they are applying techie rules to every question. Bear in mind that some consistently score in the upper 80s% in the CCCURE exams
Unlike any other exam, it is easier for someone NOT technical to pass the CISSP exam than someone who is. Most technical guys view CISSP from a technical angle and want a “provable” technical answer to every question. I am sure we have all heard people say “attack the questions from a manager’s perspective”… well, they really meant to say was “a prudent man’s” perspective. An example is the second question above; Looking at it technically, one might argue that the bank clerk does not have the jurisdiction to carry out some of the tasks… especially when it comes to disabling a user account. However, the question asks “what would you do first” which is a clear indication that the clerk does have the authority to carry out all tasks. This is a prudent man type question…. Is one you could ask your non-technical friends and they would get right… but what stops a techie from looking at the question from the same perspective?
HINT: Unless a question is technical… eg What size is the message digest of SHA1 or how many sweets are there in a dozen…? Never apply technical parameters.
My result shows my weakest domain to be BCP/DRP… but I could recite the whole domain front to back and in reverse again…!!! Well… the question is, did you identify the question as being from that domain when you saw it? There clearly is an overlap across all domains… A BCP/DRP could be viewed as an Operational Security question and vice versa…. Even the way the question was asked could throw you even further – eg application/prudent question. Say a question asks…
You were involved in a train accident. As the train grind to a halt, you could see a small section of the train cabin was on fire. In the panic, you could see an appropriate fire extinguisher hanging close by, what would you do?
A. Run for your dear life
B. Grab the extinguisher and put out the fire
C. Move into another carriage
D. Evacuate the train
You would be excused for thinking the above question has nothing to do with CISSP, however it is testing you application of what you learn as part pf BCP/DRP in a real life situation. The right thing to do in this case would be D. evacuate the train.
HINT: Any question that ask what you would do… irrespective of the circumstance, human safety takes priority.
If you failed the CISSP and are at a loss as to what else you could do/study….. the right answer is you probably do not need any further study. You should concentrate on your question answering techniques and your perception of the question. Stop being overly technical when answering every question.
To those that are looking to take the exam… You will never get a better feeling than after you just passed the CISSP exam. Not quite the feeling of seeing your first child, but close. To those that failed an attempt… regroup, retrain your mind… adopt a different strategy… trust me, you were closer than you think. And to those that have passed the exam…. Keep the flag flying.
EasyPeezy.
First thing: This exam is a test of common sense (Prudent man/reasonable thinking), a test of your understanding of security concepts (how it works, when to apply, advantages/disadvantages) and a test of endurance (6 hours is just too much time to stay concentrated) as it is a technical test. Below are a few questions testing different things: These are not real exam questions, they are just for guidance.
1. Which is the most valuable technique when determining if a specific security control should be implemented?
A. Risk analysis
B. Cost/benefit analysis
C. ALE results
D. Identifying the vulnerabilities and threats causing the risk
The question above tests your understanding of the concept… if B was not your answer, you might not have understood the concept of Business Impact Analysis.
You were a bank clerk and noticed that a customer account has been compromised, what would you do first?
A. Note the details and inform senior management
B. Disable the customer account
C. Call the customer and ask that they change their password
D. Call the law enforcement
The above is a prudent man question, it tests you understanding of incidence response. Note that the question says “do first” meaning you could carry out all tasks. The best answer would be to contain and stop any further damage… B.
Who determines if an organisation if going to operate under a discretionary, mandatory or non-discretionary access control model.
A. Security clearance of objects and classification of objects.
B. The security clearance of subjects must dominate the classification of objects.
C. Access requirements for the objects
D. Data owner
As simple as the above question might look… it is very easy to get wrong if it was question number 200…. Because at about that time your endurance is being tested and you just want to get out of the exam hall… The watch word is “Who”…. Its not the same as “what”. D would be the correct answer in this instance.
If virtual memory is a memory management technique that extends memory by using secondary storage for program pages not being executed, what is a page fault?
A. An error message displayed when a page cannot be loaded
B. When a program accesses a page that is not mapped in physical memory
C. When a program accesses a page that is not mapped in logical memory
D. When a program accesses a page that is not mapped in CPU registers
I’ll leave the answer to this questions to those still studying for the exam. I formed this question and is typical of the questions on the exams. The sometimes throw in a waffle or a subtle hint to the answer.
The exam: The exam questions are not often straightforward although most of them are… watch out for the highlighted must, best, least… because they often have a massive impact on the answer. Rather than spend eternity on a question… trust your gut instinct, chose an answer and move on. Because you have read the question, it lingers in your brain… so when you make a second pass, your brain would have had at least an hour to process each question. I spent 5hrs 30 mins and went thru the exam twice… every question. There were questions I passed thru because I was certain of the answer, however, I was able to change a few answers due to inference (from another question) or brain processing power (had at least an hour to think about it) and I was not under pressure to finish and could look at the question more objectively and more time if needed. I had a higher degree of confidence after my second pass.
Test Questions: I would recommend the after-chapter questions in the back of the Shon Harris AIO book, especially the scenario based questions, because the test your comprehension and concept of the technology rather than a simple technical memory mind map. As an example… A question might ask, you clicked a link to a blog from your Facebook account, and you noticed that certain parts of the comment column on the blog was already filled in with your name and a photograph of you… considering it was your first time on the blog, what happened? Well… you knowledge of Federated authentication would be very useful here… as against a questions that asks, What is federated authentication?
Similarly the Total Tester and McGraw Hill questions are great… Unless you want to know how much of the CBK you have covered, i would not recommend CCCURE… they are good, but way too technical in my opinion.
Why you could fail the CISSP:
I know quite a few people that have failed the exam… and judging from their study pattern, they do not deserve to fail… or should I say, if the CISSP was a techie exam, they would never have failed. They failed not because of the technical questions… but because they are applying techie rules to every question. Bear in mind that some consistently score in the upper 80s% in the CCCURE exams
Unlike any other exam, it is easier for someone NOT technical to pass the CISSP exam than someone who is. Most technical guys view CISSP from a technical angle and want a “provable” technical answer to every question. I am sure we have all heard people say “attack the questions from a manager’s perspective”… well, they really meant to say was “a prudent man’s” perspective. An example is the second question above; Looking at it technically, one might argue that the bank clerk does not have the jurisdiction to carry out some of the tasks… especially when it comes to disabling a user account. However, the question asks “what would you do first” which is a clear indication that the clerk does have the authority to carry out all tasks. This is a prudent man type question…. Is one you could ask your non-technical friends and they would get right… but what stops a techie from looking at the question from the same perspective?
HINT: Unless a question is technical… eg What size is the message digest of SHA1 or how many sweets are there in a dozen…? Never apply technical parameters.
My result shows my weakest domain to be BCP/DRP… but I could recite the whole domain front to back and in reverse again…!!! Well… the question is, did you identify the question as being from that domain when you saw it? There clearly is an overlap across all domains… A BCP/DRP could be viewed as an Operational Security question and vice versa…. Even the way the question was asked could throw you even further – eg application/prudent question. Say a question asks…
You were involved in a train accident. As the train grind to a halt, you could see a small section of the train cabin was on fire. In the panic, you could see an appropriate fire extinguisher hanging close by, what would you do?
A. Run for your dear life
B. Grab the extinguisher and put out the fire
C. Move into another carriage
D. Evacuate the train
You would be excused for thinking the above question has nothing to do with CISSP, however it is testing you application of what you learn as part pf BCP/DRP in a real life situation. The right thing to do in this case would be D. evacuate the train.
HINT: Any question that ask what you would do… irrespective of the circumstance, human safety takes priority.
If you failed the CISSP and are at a loss as to what else you could do/study….. the right answer is you probably do not need any further study. You should concentrate on your question answering techniques and your perception of the question. Stop being overly technical when answering every question.
To those that are looking to take the exam… You will never get a better feeling than after you just passed the CISSP exam. Not quite the feeling of seeing your first child, but close. To those that failed an attempt… regroup, retrain your mind… adopt a different strategy… trust me, you were closer than you think. And to those that have passed the exam…. Keep the flag flying.
EasyPeezy.
2015 Goals: ISO27001:Lead Auditor COLOR=#FF0000]Passed[/COLOR...
2016 Goals: M.Sc Cyber Security :study:, ITILF COLOR=#FF0000]Passed[/COLOR, COBIT5 F COLOR=#ff0000]Feb[/COLOR][COLOR=#ff0000].[/COLOR, CGEITCOLOR=#ff0000]Jun[/COLOR][COLOR=#ff0000]. ???[/COLOR, CIPMCOLOR=#ff0000]???[/COLOR
2016 Goals: M.Sc Cyber Security :study:, ITILF COLOR=#FF0000]Passed[/COLOR, COBIT5 F COLOR=#ff0000]Feb[/COLOR][COLOR=#ff0000].[/COLOR, CGEITCOLOR=#ff0000]Jun[/COLOR][COLOR=#ff0000]. ???[/COLOR, CIPMCOLOR=#ff0000]???[/COLOR
Comments
-
tprice5 Member Posts: 770Wow.. +1
Great post. I love the questions and explanation. Great tips. especially the one on human safety. Great advice all around. Circling back in a month and +1ing this again.Certification To-Do: CEH [ ], CHFI [ ], NCSA [ ], E10-001 [ ], 70-413 [ ], 70-414 [ ]
WGU MSISA
Start Date: 10/01/2014 | Complete Date: ASAP
All Courses: LOT2, LYT2 , UVC2, ORA1, VUT2, VLT2 , FNV2 , TFT2 , JIT2 , FMV2, FXT2 , LQT2 -
LionelHutz32 Member Posts: 11 ■■■□□□□□□□Fantastic write-up EasyPeezy, one of the most helpful I've seen on this site. I'm taking the exam soon and will be reviewing your post closer to exam time.
-
jvrlopez Member Posts: 913 ■■■■□□□□□□GREAT post. Thank you for taking the time to "demystify" the CISSP.And so you touch this limit, something happens and you suddenly can go a little bit further. With your mind power, your determination, your instinct, and the experience as well, you can fly very high. ~Ayrton Senna
-
impelse Member Posts: 1,237 ■■■■□□□□□□Good, thanks for the hintsStop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack. -
Paperlantern Member Posts: 352I actually just had my first child, not really close at all, ha!Check out my blog: http://securityslam.tumblr.com
Or my twitter: www.twitter.com/securityslam -
AquaInferno Member Posts: 2 ■□□□□□□□□□Thank you! This thread is exactly what I needed to read as I get ready to prepare for this exam.
-
bigdummy Member Posts: 30 ■□□□□□□□□□Thanks for this great post, very helpful and informative!
Seems like lots of people come here asking questions and looking for help before their test...but then they don't offer much meaningful insight or advice to others after taking their test. So you get much respect for giving back to the community with such a great post
I understand there is a NDA and that people have to be careful not to share too much information, but that doesn't mean you can't say anything about the test. This is a great example of how it's possible to help others out, within the bounds of the NDA. -
EasyPeezy Member Posts: 111 ■■■□□□□□□□Thanks everyone.... I hope this post pushes someone's score over the 600+ to that magical "Congratulations you successfully passed the CISSP".2015 Goals: ISO27001:Lead Auditor COLOR=#FF0000]Passed[/COLOR...
2016 Goals: M.Sc Cyber Security :study:, ITILF COLOR=#FF0000]Passed[/COLOR, COBIT5 F COLOR=#ff0000]Feb[/COLOR][COLOR=#ff0000].[/COLOR, CGEITCOLOR=#ff0000]Jun[/COLOR][COLOR=#ff0000]. ???[/COLOR, CIPMCOLOR=#ff0000]???[/COLOR -
LionelTeo Member Posts: 526 ■■■■■■■□□□Great post, but the TheProffezor and I has given an alternative view regarding the containment scenario that the Bank Teller should not be doing the containment first. For those who are interested in the underlying reasoning, you may read here and decide yourself.
http://www.techexams.net/forums/isc-sscp-cissp/96431-how-do-you-genius-pass-cissp-i-got-645-fail-3.html
Another Approach in taking this exam is to focus on eliminating overlapping answer. Some answers are never correct.
Pay attention to the following.
A. Risk analysis
B. Cost/benefit analysis
C. ALE results
D. Identifying the vulnerabilities and threats causing the risk
As you would had known, Risk Analysis is about identifying the Risk and Vulnerabilities, this means that for this answer, A and D would not be correct. There is no two correct answer in a questions.
A. Security clearance of objects and classification of objects.
B. The security clearance of subjects must dominate the classification of objects.
C. Access requirements for the objects
D. Data owner
This is another dead give away. Both A and C are talking mostly about the same thing, with B going a little further telling you that subjects must dominate objects.
A. An error message displayed when a page cannot be loaded
B. When a program accesses a page that is not mapped in physical memory
C. When a program accesses a page that is not mapped in logical memory
D. When a program accesses a page that is not mapped in CPU registers
A and D are another Dead Give away that both are wrong answers, leaving you with either physical or logical memory. You shouldn't get this question wrong is you are fresh from your CISSP studying.
Update Edit: One way to prevent side effects exam fatigue is to lay down some steps for yourself and force yourself to strictly follow it
1) Read the question, take note of words like NOT, BEST, and CHRONOLOGICAL details
2) Read the answer
3) Eliminate overlapping or out of place answers
4) Read the question again, underline or highlighting keywords
5) Eliminate more possible answer
6) Select the answer
Sometimes you can get questions that all answers are very similar
Consider the following
X to insert into Z after inserting Y
X to insert into Z before inserting Y
X do not insert Z first, but insert Y before inserting Z
Y to be inserted by X before inserting in Z
In such case, make use of the piece of paper and write down all answer and rephrase them in a more cleared mannered. -
EasyPeezy Member Posts: 111 ■■■□□□□□□□Great contribution LionelTeo... The answer elimination technique is a great technique. With regards the link... I am pretty certain that am correct on that one... even a straw poll sees my answer correct 10:2... I suppose no one gets 100% on the exams anyway. You will be forgiven for getting this one wrong...
In addition to the above... there may be instance where you do not have the faintest clue what the question is all about, however you know what the wrong answers were...!!!
As an example, a question might ask; What is ScriptJack?
A. Process of creating a message digest
B. Cognitive password algorithm
C. Mandatory access control mechanism
D. A bot
In the above question, whilst you might not know what ScriptJack is (actually it doesn't exist).... but you certainly know what a message digest, mandatory access control and cognitive passwords are... and by process of elimination or inference, you were able to deduce the correct answer.2015 Goals: ISO27001:Lead Auditor COLOR=#FF0000]Passed[/COLOR...
2016 Goals: M.Sc Cyber Security :study:, ITILF COLOR=#FF0000]Passed[/COLOR, COBIT5 F COLOR=#ff0000]Feb[/COLOR][COLOR=#ff0000].[/COLOR, CGEITCOLOR=#ff0000]Jun[/COLOR][COLOR=#ff0000]. ???[/COLOR, CIPMCOLOR=#ff0000]???[/COLOR -
LionelTeo Member Posts: 526 ■■■■■■■□□□While its common for people to disagree over points between topics. There is no concrete evidence that I am wrong at that question in terms of proper theory other than a poll, therefore the forgiveness is not necessary while I definitely welcome the direction this is going.
-
EasyPeezy Member Posts: 111 ■■■□□□□□□□I thinks we should collect all the test taking tips... bind them into this thread and make it a sticky.
Anyone else agree?2015 Goals: ISO27001:Lead Auditor COLOR=#FF0000]Passed[/COLOR...
2016 Goals: M.Sc Cyber Security :study:, ITILF COLOR=#FF0000]Passed[/COLOR, COBIT5 F COLOR=#ff0000]Feb[/COLOR][COLOR=#ff0000].[/COLOR, CGEITCOLOR=#ff0000]Jun[/COLOR][COLOR=#ff0000]. ???[/COLOR, CIPMCOLOR=#ff0000]???[/COLOR -
E Double U Member Posts: 2,233 ■■■■■■■■■■Thanks for the info guys!Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
anoeljr Member Posts: 278 ■■■□□□□□□□Very helpful information! Thank you! I'm still early in my career and not sure where my path will take me, but it couldn't hurt to have this knowledge.
-
TheProfezzor Member Posts: 204 ■■■□□□□□□□I thinks we should collect all the test taking tips... bind them into this thread and make it a sticky.
Anyone else agree?
Having read your thread before I wrote the test and after using your insight about the exam, I managed to get a better grip on the examination and also, get my confidence back. I agree to your suggestion.OSCP: Loading . . .