Memorizing TCSEC and ITSEC charts for CISSP?

mkohi

How important is memorization the TCSEC/ITSEC and CC evalution standards chart? Should I spend few hours memorizing these charts on my Sybex 7th Official Study Guide?

gespenstern

CC should be memorized for certain, you can have a couple of straight questions on which EAL is that. Regarding TCSEC I've been arguing lately that they are not worth the effort. No mentions of them being asked since April 2015 as well. In worst case you might get a few questions out of 250.

Some concepts from the rainbow series are still relevant, like reference monitor concept etc.

Christian.

I took a lot of certifications and the CISSP was really different to what I was used to. Other certifications like to ask you things written in the footnotes, or stuff that maybe you have never ever seen (like obscure/unused commands, or flags), things you may not know even if you had a lot of years working on that technology/product. This certification is really different. Imagine is like a troubleshooting test.. you have to understand how something works to find out the problem. You can't memorize it and answer it in split second.

You need to understand the material and know how to apply it. There are a few questions that you will be able to answer because you remember things from memory, but I would say 95% of the test relies in you being able to apply that concept in an hypothetical scenario, taking things from your real work experience. You have to understand the content, differences between them, their advantages and weaknesses, not the details that you will forget in the short-term. I don't remember seeing anything about TCSEC/ITSEC, I think there were a few regarding CC, but not a lot. Even if no one reports seeing a question about it (or let's say, about fire extinguishers), you still should dedicate some time and reading about it because tests can really differ between people.

mkohi

I understand it's not a memorization test and I'm definitely not memorizing the words and charts. Just want to know where I should focus my energy towards.

Hunter85

I would also add US laws that are mentioned

I really dont believe anyone should memorize the date and detailed concepts that are introduced by each law

Anyone disagrees?

mkohi

Hunter85 wrote: »

I would also add US laws that are mentioned

I really dont believe anyone should memorize the date and detailed concepts that are introduced by each law

Anyone disagrees?

Second that! I would also like to know about the laws.
-I've look studied all of them but when I go back to review I would have to study all of them again..there are a few important ones but there are so many!

TechGuru80

A lot of best practices and requirements came along to remain compliant with law xyz. I cannot imagine anybody remembering the entire CBK cover to cover.