CISSP Memorisation Techniques

jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
in SSCP
Hi all,

So I'm prepping for the exam, and have a strict, obsessive study regime I've adhered to for the last few months, and will continue to until the exam. I've written extensive notes, which I'm reading over and over again. However, one weakness I have is memorising facts that include numbers or phases. So far I've written up the following memorisation charts to accompany my notes:

Symmetric Algorithms
Hashing Algorithms
Bitwise operations
IEEE 802, ICMP Type Codes, TCP Flags, Ports
Common Criteria EALs, ITSEC, Orange Book
SDLC, S-SDLC, CMMI, IDEAL, ACID, Aggregate functions
BCP, BIA, DRP, Fire
Risk formulas and framework phases
Control types & functionalities
Classification labels
RAID levels

Anything I'm missing? And does anyone have any tips? Particularly to memorising how Orange Book, ITSEC and CC EALs relate to each other. Also, which NIST 800 series are worth memorising? Surely not all of them.

Thanks.

Jon
· Share on FacebookShare on Twitter

Comments

  • kiki162kiki162 Member Posts: 635 ■■■■■□□□□□
    D = Min
    C = D
    C1= DSP
    C2= CAP
    B = M
    B1= LS
    B2= SP
    B3 = SD
    A = V
    A1 = VD


    Risk Mgmt (NIST 800-30) = SVT CLI RCR
    · Share on FacebookShare on Twitter
  • jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
    kiki162 wrote: »
    D = Min
    C = D
    C1= DSP
    C2= CAP
    B = M
    B1= LS
    B2= SP
    B3 = SD
    A = V
    A1 = VD


    Risk Mgmt (NIST 800-30) = SVT CLI RCR

    Great, thanks!
    · Share on FacebookShare on Twitter
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    It’s cool that you’re memorizing all kinds of ****, but the little I memorized for the test did not help at all. The test is more understanding than trivial memorization.

    ....Just trying to save you some time.
    · Share on FacebookShare on Twitter
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    Cyberscum wrote: »
    It’s cool that you’re memorizing all kinds of ****, but the little I memorized for the test did not help at all. The test is more understanding than trivial memorization.

    ....Just trying to save you some time.

    This is true, try to understand the info and where to apply it.

    Sometimes when I tried to remember the different models for example I wrote it in a blog and try to explain in my words how the model works, because I was thinking "I was explaining to a person that doesn't have a lot of knowledge" I used easy words, then begin to click in my head.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

    · Share on FacebookShare on Twitter
  • dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    Read and understand the high level concepts...Memorisation is for your peace of mind only wont help one bit regarding the test.
    · Share on FacebookShare on Twitter
  • jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
    Cyberscum wrote: »
    It’s cool that you’re memorizing all kinds of ****, but the little I memorized for the test did not help at all. The test is more understanding than trivial memorization.

    ....Just trying to save you some time.

    A good point. I guess I'm afraid I'll be asked something I should've memorised. Regarding understanding, I think I'm 70% of the way to understanding all the concepts. I struggle on some of the models (risk, SDLC, S-SDLC) and processes/phases. This is because I've not have real-world experience in many of them (except NIST 800-30). Any suggestions? I've read about all of the models etc. until I'm blue in the face, but it's just words, lol.
    · Share on FacebookShare on Twitter
  • dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    I can understand your fears, but i'm not sure how i can reword what I and others have said without violating the NDA.... the CISSP is a test of high level concepts & decision making not about detail facts and trivia that you can remember. Studying the models to that level of degree can be done after the test for your own pleasure. Hope this helps.
    · Share on FacebookShare on Twitter
  • ArchonArchon Member Posts: 183 ■■■□□□□□□□
    Whats a good way to remember which algorithms are asymmetric and symmetric?
    · Share on FacebookShare on Twitter
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    Archon wrote: »
    Whats a good way to remember which algorithms are asymmetric and symmetric?

    Make a list of symmetric and asymmetric algorithms and out them side by side. You will see that the majority of the popular symmetric algorithms are just acronyms but the asymmetric algorithms have the names of their invetors. That's how i did it.
    · Share on FacebookShare on Twitter
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    jonwinterburn wrote: »
    A good point. I guess I'm afraid I'll be asked something I should've memorised. Regarding understanding, I think I'm 70% of the way to understanding all the concepts. I struggle on some of the models (risk, SDLC, S-SDLC) and processes/phases. This is because I've not have real-world experience in many of them (except NIST 800-30). Any suggestions? I've read about all of the models etc. until I'm blue in the face, but it's just words, lol.

    Again, do you understand the concept of Risk, SDLC, S-SDLC and why they do what they do? Do you understand why NIST 800-30 is there and what it does? Understand the why's more than the facts. Explain some of these concepts to people that have no idea what they are. If you can explain it to someone then you have understood the topic.
    Archon wrote: »
    Whats a good way to remember which algorithms are asymmetric and symmetric?

    BRAIDS/REDD

    Blow Fish 2 Fish
    Rc4 and others
    Aes
    Idea
    Des/ 3Des
    Serpant

    Rsa
    Elliptical Curve
    El Gambel
    Diffie Hellmam
    · Share on FacebookShare on Twitter
  • slinuxuzerslinuxuzer Member Posts: 665 ■■■■□□□□□□
    Cyberscum wrote: »
    It’s cool that you’re memorizing all kinds of ****, but the little I memorized for the test did not help at all. The test is more understanding than trivial memorization.

    ....Just trying to save you some time.

    Totally agree with this. I used CISSP All in One (Shon Harris) for 95% of exam prep and it was very good.
    · Share on FacebookShare on Twitter
  • amol9wamol9w Member Posts: 47 ■■□□□□□□□□
    R u kidding I am not going to memorize ICMP types or ports. What is the use of that if in real life I never memorize them. I thinkif iI get those question then I am OK to fail but will not compromise my way of learning and applying knowledge for sake of exam. Probably I will never look to this exam then...let's see after 3 days wht happens. But I am clear not to memorize info which will not contribute to my real life. I Dont want to be god but normal human with brains. If exam proves me wrong be it I am what Iknow
    · Share on FacebookShare on Twitter
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    Do not worry to memorize, learn the information, know where to apply it mixed with your experience.

    When I said learn the information means you will not able to repeat all the symmetric and asymmetric encryptions, no, you will able to identify where to apply those and also identify what kind of encryption is better, etc, etc.

    People says that it is one 1 inch deep and 1 mile wide, it is true, but remember, the better you know the info lets say 2 or 3 inches deep then the better you will increase the chance to pass because you will know better where to apply the knowledge.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

    · Share on FacebookShare on Twitter
Sign In or Register to comment.