CISSP :: Need help on Network & communications domain

veronica321veronica321 Member Posts: 10 ■□□□□□□□□□
I am new to this forum.

Many pass threads mentioned that CISSP is management exam. I am having trouble in understanding Network & communications domain in management perspective. Most of the information in this domain is pure technical and needs memorization of almost every concept like OSI layer, TCP, WAN technologies, Wireless communications, IPsec, ports, protocols etc...


I did quiz on Total Tester, MCGrawHill, Transcender, CCCure on this Network & communications domain and observed that questions on this domain are totally technical.


I really dont understand how can questions from Network communications domain can be asked in management oriented perspective.


Can someone please help me how should be the CISSP mindset especially for this domain. Will CISSP exam focus on indepth concepts of IPsec, VOIP, VPN, packet swithching etc...

Thanks in Advance.

Comments

  • splash24splash24 Member Posts: 30 ■■□□□□□□□□
    Some things have to be memorized but there are easy ways given in the books but you need to grasp the concepts as well.I will try to give some examples You will be given a scenario with multiple network or telecommunication issues and you will be asked to pick the best solution which solves the problem.Like Routers , ACL's , IDS , IPS.If you see an option which can cover all like "Defense in Depth" or "Strong Security Policy" or "Configurations baseline" or Inventory which can potentially cover the specific answers then that's the right answer from the management perspective.But these questions are not an easy spot.It is the largest domain in the CBK and I am sure you will have to put double the effort to get through it.Being fron Networking domain even I found it hard to go through the chapter multiple times with so many key words but you will get through eventually.Key is NOT thinking it is enough , None of the books cover everything.We should just be content with what we can really learn apply and be confident that these concepts will help us eliminate the wrong answers.
  • EburonEburon Member Posts: 29 ■□□□□□□□□□
    The explanations by Kelly Handerhan from http://www.cybrary.it/course/cissp/ is crystal clear and provides good insights into this domain. And the AIO book by Shon Harris is detailed but written in a fairly consumer-friendly way. Take your time and you will grasp this domain, even without a deeply technical background.
  • Mike7Mike7 Member Posts: 1,074 ■■■■□□□□□□
    I am new to this forum.

    Many pass threads mentioned that CISSP is management exam. I am having trouble in understanding Network & communications domain in management perspective. Most of the information in this domain is pure technical and needs memorization of almost every concept like OSI layer, TCP, WAN technologies, Wireless communications, IPsec, ports, protocols etc...


    I really dont understand how can questions from Network communications domain can be asked in management oriented perspective.

    @Veronica, technical and not people management.

    A infra network engineer manages firewall rules.
    The CISSP knows what the firewall is, how it protects business operation and decides where to place it. She manages the information security strategy of the company. In order to do that, she needs to have sufficient technical knowledge, not at a hands-on level (though that helps) but at a level that allows her to make correct decisions and advise technical staff accordingly.

    Another example.

    The company security policy and PCI DSS regulation requires personal data to be protected when in transit across the network. How do you manage this and ensure confidentiality (the C in CIA) of this data if you are not aware of technologies such as IPSec and SSL/TLS?

    You implemented IPSec. A security researcher announces TLS vulnerability that affects IPSec. Senior management is concerned and ask you (the security manager) to respond. With your CISSP crypto background knowledge, you are able to evaluate, analyze, mitigate and assure management.
Sign In or Register to comment.