CISSP Cloud resources needed
Johnmueller
Member Posts: 12 ■□□□□□□□□□
in CISSP
I'm seeing a lot of folks saying there has been a lot more cloud computing questions on the exam. Are there cloud-specific resources you'd recommend outside of the standard CISSP 8-domain texts?
Comments
-
TheFORCE Member Posts: 2,297 ■■■■■■■■□□Look at the ccsk material. The resources are free,should be good enough for the cissp.
-
dony2015 Member Posts: 27 ■■■□□□□□□□I was hammered with Cloud security questions I did not see anywhere in all the CISSP books I used. Cloud security and polyinstantiation was the reason I failed my CISSP. I have now got CCSP CBK from a friend to deal with those cloud security issues.
-
momolicious Member Posts: 28 ■□□□□□□□□□I'm currently studying for CISSP. I can't really speak about the exam as I haven't taken it yet. However, I did just cover the last domain (8. Software Security) in the Sybex book (7th edition), and the term poly-instantiation is covered pretty well.
It seems most people associate it with lying, but there's actually a bit more to it.
First, the term is used with regards to relational databases. If you understand databases (e.g. object-oriented, relational, tables, tuples, attributes, etc), then the simplification below should make some sense.
Poly-instantiation is the fake record (row or tuple) that is added into a database (relational type), associated with other tables through keys (primary & foreign keys), and presented to the users (subjects) as a the real record.
It's not really meant to mislead users, but rather, to have them not suspect a thing. As far as the users are concern, the information they are viewing is accurate.
I imagine the Military, particularly in operations, implement poly-instantiation; especially in their more critical operations. In that kind of world, I imagine Top Secret employees, even those with a Need to Know, don't always know if they're even viewing accurate information.
I always think of the Bin Laden raid, and how that was all hush-hush until it was too late for him to escape. Allies in Pakistan, who were receiving leaked information from the U.S. and ensuring Bin Laden's compound was safe, were owned by poly-instantiation.
Made that last part-up. I wanted to use allegedly, but without it, it sounds more compelling. -
kabooter Member Posts: 115I was hammered with Cloud security questions I did not see anywhere in all the CISSP books I used. Cloud security and polyinstantiation was the reason I failed my CISSP. I have now got CCSP CBK from a friend to deal with those cloud security issues.
-
Johnmueller Member Posts: 12 ■□□□□□□□□□have you read cbk book?
no, I have the Sybex 7th edition. I know it quite well.
if ISC2 sponsors this book then how could they test us on content outside it? -
momolicious Member Posts: 28 ■□□□□□□□□□Perhaps they were throwaway questions. If so, you didn't fail due to these, as you claim.
-
JDMurray Admin Posts: 13,091 AdminPeople tend to remember the exam items they have the most trouble in completing. In the past, candidates have exclaimed that they had a lot of items on cryptography and application security on their exams, and these are two domains that candidates typically have had a lot problems in learning.
If the current CISSP CBK does have a lot of Cloud info, and candidates aren't studying much "Cloud" before taking the CISSP exam, it's not surprising people are perceiving that there are a lot of Cloud-based items on the CISSP exam. (Also realize that one exam item can contain information from 2-3 different domains.)
It is likely the CISSP draws its Cloud-based items from the (ISC)2 CCSP exam, so getting familiar with that cert's objectives should be beneficial. I also notice that Cybrary has a free CCSP course that might be worth looking at. -
Johnmueller Member Posts: 12 ■□□□□□□□□□People tend to remember the exam items they have the most trouble in completing. In the past, candidates have exclaimed that they had a lot of items on cryptography and application security on their exams, and these are two domains that candidates typically have had a lot problems in learning.
If the current CISSP CBK does have a lot of Cloud info, and candidates aren't studying much "Cloud" before taking the CISSP exam, it's not surprising people are perceiving that there are a lot of Cloud-based items on the CISSP exam. (Also realize that one exam item can contain information from 2-3 different domains.)
It is likely the CISSP draws its Cloud-based items from the (ISC)2 CCSP exam, so getting familiar with that cert's objectives should be beneficial. I also notice that Cybrary has a free CCSP course that might be worth looking at.
Forgot to look at Cybrary. Thanks!