How well do we need to know the Rainbow Series in order to pass the CISSP exam in 2019? Do we only

isc2cisspbouncr

Hi,

How well do we need to know the Rainbow Series in order to pass the CISSP exam in 2019?  Do we only need to know the Orange Book?

Thanks!

mikey88

You have to know at least the Rainbow Siege series. Know all the operators like Tachanka, Smoke etc. Wait, this is not a video game Question? 

I would say just know what Orange Book is and a brief description of what it does. You don't need to know it in detail. Same for rainbow.

cyberguypr

LORD Tachanka that is. 

On a serious note, agree with mikey88. I wouldn't worry too much about it. When I studied for this test a had a few things that I filed under "not worth my time memorizing". This was one. The other one was details on different encryption algorithms. Block size, key length. etc? Hell no! Symmetric vs. asymmetric, stream vs block and that was it. 

isc2cisspbouncr

Thanks folks!  I'm freaking out because the CISSP syllabus is much broader than ISACA's CISM (which I had passed).  I've also passed my Comptia Security+.  CISSP syllabus is all over the shop! 

StrikingInfluencer

Took the CISSP and passed in March.  I can say I personally didn't almost any questions about the rainbow series and the two I can recall were very basic.  Just knowing the main book colors and what they pertain to was what I studied.  

SteveLavoie

I didnt care about the Rainbow Series. 

CyberJosh95

Yeah, during my studies I didnt care too much about that as well. 

FSF150

I believe the fact that you know what they are is probably enough. Don't think I saw a single question about them on my exam (though with the depth of the question pool that probably doesn't mean anything). 

PeterHands

Know what the Orange book is...thats it.

X5c0r

From what I've heard from instructors the exam is much more modern so the Rainbow Series is largely removed.  Same with proprietary frameworks and specific laws since its an international exam.

JDMurray

I thought they removed the much of the historical InfoSec references from the CISSP question pool after Hal Tipton died in 2012. He was the one who insisted that those topics remain in the CISSP CBK.

The only thing I remember is that if you plugged a network cable into a computer that was certified to be Orange Book compliant then the computer would no longer be Orange Book compliant. Networked computers weren't covered until the Red Book. This is also why most Windows NT systems never met C2 compliance because most are either network clients or servers.

isc2cisspbouncr

Hi all, I passed with 106 questions in 90 minutes.  There were exactly 2 US-centric questions about US laws.  The rest of the questions were country-agnostic.  Thanks for all your help!

JDMurray

So no Rainbow Series questions? (I know that I shouldn't be asking about exam content.)

And congratz!

laurieH

I took no notice of it whatsoever apart from knowing that there were a load of coloured books. Not to say that it won't come up but I didn't think it warranted space in my limited brain capacity!

isc2cisspbouncr

JDMurray said:

So no Rainbow Series questions? (I know that I shouldn't be asking about exam content.)

And congratz!

Thank you!  I guess the series is too US DOD-centric!

laurieH

I'm not saying that there will or won't be any questions on that - I don't know. All I do know is that I didn't study the detail of them and I passed.