Exam questions I always get wrong

Aggregation and Inference - I keep mixing these up

Due care and Due diligence - As above. no matter how much I read about this I always seem to get a question that seems to blur the difference

TCSEC levels - can never remember them!

And double negative questions tie my brain in knots - i.e. What is not a negative feature of ......

Sorry, rant over.

Find more posts tagged with

Comments

Infosec85

This the SSCP exam? Have you sat it yet?

Pengu

No CISSP

Currently using CCcure and Official Practice tests questions

Nabsh07

Aggregation : you add multiple information
Inference : you have multiple information sources. Key is lower classification information. and you use logic

Due diligence : Research
Due care: Action

TCSEC levels: Try to understand what makes them difference from one another. dont memorize.

trueshrewkmc

Aggregation: building up little piles of information/piling up information

like a coral reef or a leaf pile, piles of garbage during a sanitation strike

Inference: making guesses/assumptions based on what information nuggets you have...If I see bags of candy at someone's home, I might infer that the person is expecting trick-or-treaters.

Due diligence: Enforcing due care (I think Conrad's 11th Hour kept me straight on this one.)..."Diligence" is a longer word than "care," so it must be more sophisticated, more advanced, right?

TCSEC levels and other level-based concepts: just memorize the general trend....is it low to high or high to low?

Pengu

Thanks guys. There are some good tips there. I will hopefully make the connection to this thread the next time one of these type of questions come up.

trueshrewkmc

The Official Practice Tests---at least the individual domain tests---are pretty brutal. Don't let the amount of detail discourage you.

Pengu

What is really stressing me out is BCP/DRP

Every source I have conflicts with each other when detailing the steps. This references the official ISC2. which conflicts with NIST 800-34 and also conflicts with Sybex which again conflicts with 11th hour!

Project initiation
Business impact assessment
Recovery strategy
Plan design and development
Implementation
Testing
Monitoring and maintenance

Zela

Just know the basic flow and key concepts of each step of the BCP/DRP.

I used flash cards for certain things I had trouble remembering.

kabooter

trueshrewkmc wrote: »

Aggregation: building up little piles of information/piling up information
like a coral reef or a leaf pile, piles of garbage during a sanitation strike

Inference: making guesses/assumptions based on what information nuggets you have...If I see bags of candy at someone's home, I might infer that the person is expecting trick-or-treaters.

Due diligence: Enforcing due care (I think Conrad's 11th Hour kept me straight on this one.)..."Diligence" is a longer word than "care," so it must be more sophisticated, more advanced, right?

This is how I read and understood also.
Care means research, plan etc. Diligence means enforcement.
WRONG
According to CBK book, Q 7 its other way round. " due diligence is understanding the current threats and risks and due care is implementing
countermeasures to provide protection from those threats."