Options
Exam questions I always get wrong
Aggregation and Inference - I keep mixing these up
Due care and Due diligence - As above. no matter how much I read about this I always seem to get a question that seems to blur the difference
TCSEC levels - can never remember them!
And double negative questions tie my brain in knots - i.e. What is not a negative feature of ......
Sorry, rant over.
Due care and Due diligence - As above. no matter how much I read about this I always seem to get a question that seems to blur the difference
TCSEC levels - can never remember them!
And double negative questions tie my brain in knots - i.e. What is not a negative feature of ......
Sorry, rant over.
Comments
-
Options
Pengu
Member Posts: 46 ■□□□□□□□□□
No CISSP
Currently using CCcure and Official Practice tests questions -
OptionsNabsh07
Member Posts: 72 ■■□□□□□□□□
Aggregation : you add multiple information
Inference : you have multiple information sources. Key is lower classification information. and you use logic
Due diligence : Research
Due care: Action
TCSEC levels: Try to understand what makes them difference from one another. dont memorize. -
Optionstrueshrewkmc
Member Posts: 107
Aggregation: building up little piles of information/piling up information
like a coral reef or a leaf pile, piles of garbage during a sanitation strike
Inference: making guesses/assumptions based on what information nuggets you have...If I see bags of candy at someone's home, I might infer that the person is expecting trick-or-treaters.
Due diligence: Enforcing due care (I think Conrad's 11th Hour kept me straight on this one.)..."Diligence" is a longer word than "care," so it must be more sophisticated, more advanced, right?
TCSEC levels and other level-based concepts: just memorize the general trend....is it low to high or high to low? -
OptionsPengu
Member Posts: 46 ■□□□□□□□□□
Thanks guys. There are some good tips there. I will hopefully make the connection to this thread the next time one of these type of questions come up.
-
Optionstrueshrewkmc
Member Posts: 107
The Official Practice Tests---at least the individual domain tests---are pretty brutal. Don't let the amount of detail discourage you.
-
OptionsPengu
Member Posts: 46 ■□□□□□□□□□
What is really stressing me out is BCP/DRP
Every source I have conflicts with each other when detailing the steps. This references the official ISC2. which conflicts with NIST 800-34 and also conflicts with Sybex which again conflicts with 11th hour!- Project initiation
- Business impact assessment
- Recovery strategy
- Plan design and development
- Implementation
- Testing
- Monitoring and maintenance
-
OptionsZela
Member Posts: 8 ■□□□□□□□□□
Just know the basic flow and key concepts of each step of the BCP/DRP.
I used flash cards for certain things I had trouble remembering. -
Optionskabooter
Member Posts: 115
This is how I read and understood also.trueshrewkmc wrote: »Aggregation: building up little piles of information/piling up information
like a coral reef or a leaf pile, piles of garbage during a sanitation strike
Inference: making guesses/assumptions based on what information nuggets you have...If I see bags of candy at someone's home, I might infer that the person is expecting trick-or-treaters.
Due diligence: Enforcing due care (I think Conrad's 11th Hour kept me straight on this one.)..."Diligence" is a longer word than "care," so it must be more sophisticated, more advanced, right?
Care means research, plan etc. Diligence means enforcement.
WRONG
According to CBK book, Q 7 its other way round. " due diligence is understanding the current threats and risks and due care is implementing
countermeasures to provide protection from those threats."
