Added new CISSP practice exam

WebmasterWebmaster Admin Posts: 10,292 Admin
Here's my first set of practice questions for the CISSP exam:

icon_arrow.gifwww.techexams.net/isc2/exams/start.php?exam=cissp

(note that it contains the same question as in the SSCP practice exam in addition to some new ones. This is because of the huge overlap between the two exams.)

I hope you like it :D

Comments

  • skully93skully93 Member Posts: 323 ■■■□□□□□□□
    Wow! you really work hard to keep this place running!

    Eventually I want to go over the CISSP material, even though I don't come remotely close to being qualified to take it. I figure the more the merrier, and security has always been interesting to me.\

    I dunno that it's the new 'hot' path to take, but it's something a lot more people are becoming aware of as a necessity for a functional network.
    I do not have a psychiatrist and I do not want one, for the simple reason that if he listened to me long enough, he might become disturbed.

    -- James Thurber
  • /usr/usr Member Posts: 1,768
    I really have a problem with the requirements for this exam.

    Don't get me wrong, I am glad that they have some type of screening process since it weeds out the less qualified and keeps braindumpers from obtaining high level certs.
    However, if you have four direct years of Information Security experience, why would you "need" the CISSP? It just seems that four years is a bit much. Add the fact that a bachelors degree can only substitute for a year of experience.

    Though I suppose it's the trend of the IT industry. You need experience to obtain a position, and can't get experience for that very reason.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    skully93 wrote:
    ]Wow! you really work hard to keep this place running!
    Thanks! I love doing it though :D
    skully93 wrote:
    Eventually I want to go over the CISSP material, even though I don't come remotely close to being qualified to take it. I figure the more the merrier, and security has always been interesting to me.
    Same here. I have almost 10 year professional experience in IT, but no matter how I define it, I'm not even close to the 4 years IT security experience required for CISSP. I'm sure I meet the 1 year requirement for the SSCP though, so I started studying for that one, but by using CISSP material. Eventually I'll have to get a SSCP book to fill in some gaps, but I won't be able to sit for the exam until next summer (June or July). The ISC2 tests are available only twice a year here. icon_sad.gif

    You might want to look into the ISC2 Associate option, which allows you to take the exam without having the required years of experience. If you pass it and meet the requirements years later, you'll automatically become CISSP (after endorsement).

    Security is the hot path indeed, but frankly I don't care much about that, it's just so darn interesting and kinda feels like the logical next step for me. (plus is makes writing Sec+ notes a lot easier ;))
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I really have a problem with the requirements for this exam.

    Don't get me wrong, I am glad that they have some type of screening process since it weeds out the less qualified and keeps braindumpers from obtaining high level certs.
    However, if you have four direct years of Information Security experience, why would you "need" the CISSP? It just seems that four years is a bit much. Add the fact that a bachelors degree can only substitute for a year of experience.

    Though I suppose it's the trend of the IT industry. You need experience to obtain a position, and can't get experience for that very reason.

    Before experience comes knowledge, and you can gain that from studying for the exam (without even taking the exam). But you're right, it is the trend in IT, a lot of Cisco certified pro's have the same problem, you need experience before you can get a job to get experience. I think the most common solution is to try and make security a part of your sys admin or net admin job for example, which is often easier at smaller companies (ie. where the MCSE sys admin manages the 2 cisco routers and 3 switches as well, or a net admin who implements basic security policies).

    Four years does seem like a lot indeed. I have experience with a lot of topics of the ISC2 exams, but not as a security professional with a corresponding job title so it doesn't count. But the requirements are the main reason why the ISC2 certs are so valuable, and differ from MS and Cisco certs for example. 8-10 years ago an MCSE got similar respect as an CCIE now... 'system engineer'... nowadays it is common to require MCSE for a helpdesk position. This will never happen to the CISSP exam as long as they keep these requirements.

    Without the requirements the exam would be like Security+++, just a bunch of concepts and theory. The exam itself (based on the many practice exams and study material I've read so far) isn't as hard as people may think. Passing 7 MS tests to become MCSE is much harder than 250 questions (25 not scored, passing score 700) about security concepts (based on information which can easily fit in a 1000 pages book). Because it is so much, they don't try to trick you as much as many other exam vendors do. So anyone who can read and memorize a single book can pass the exam, without having any skills whatsoever. So without the 4 years requirement, it would be 'just' another cert. With the requirements CISSP is proof of both experience and knowledge (see my first sentence.)

    Just my 3 cents... icon_rolleyes.gif
  • /usr/usr Member Posts: 1,768
    I get your point completely and it's valid. The cert is a badge of sorts, you've got the experience and took the time to obtain the certification itself, so it's the reward.
    It just seems that at that point in your career, the cert is going to be null as far as resume candy goes. If you've got 4 years IS experience, then you most likely won't need the CISSP to get that job you're shooting for.

    I just wish the certification was attainable by those of us that can't get the direct security experience, but posess some of the knowledge and are willing to learn even more.
  • garv221garv221 Member Posts: 1,914
    How do you even prove that you meet the CISSP requirments? Who vailidates you?
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I just wish the certification was attainable by those of us that can't get the direct security experience, but posess some of the knowledge and are willing to learn even more.
    Although you won't be able to call yourself a CISSP, becoming a CISSP associate does proof that you passed the test and surely that is something you can put on your resume.

    As for the value of CISSP after those 4 years, I agree it is probably not the most important thing at that point, but we have to see it from an employers perspective for who experience+CISSP > experience alone. Certs like those from MS and Cisco are nowadays used typically for getting into IT, whereas CISSP is pure carreer advancement. I recently read that some companies give their employees a fat bonus 'just' for passing the exam. I guess, what I'm saying basically is that you'll be more marketable with CISSP. There's also something to say for the fact that you can have that 4 years experience in just one of the 10 domains. In that case CISSP would definitely add something to that list of experience on your resume.
    How do you even prove that you meet the CISSP requirments? Who vailidates you?
    You don't, as long as they don't ask. To register, you will need to specify how you meet the requirements (per domain). If you pass the test, you need to be endorsed by another CISSP (who won't do that if he doesn't know you have the experience) before actually getting certified. 1 out of X are actually checked, thoroughly. In that case you'd have to submit a detailed resume and company information and they'll do a background check. If then it shows you don't meet the requirements, you won't become certified (in case they already certified you, they'll take it away again) and won't ever get a chance to become ISC2 certified. Note that you pay for the exam (around $500) before they check you, and the exams is available for groups once in a long while. So you'll be sitting together with several, perhaps many other security professional who mostly will have the required experience and can easily pick out an imposter. Also once you are certified, you will need to do a lot of security related work to remain certified. So all in all, I don't think there are many CISSP out there who don't meet the requirements. Although I might be biassed and have a too idealistic view on the CISSP cert. icon_wink.gif
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,406 Admin
    One other thing to keep in mind is that the CISSP and SSCP are really expensive certs compared to most other IT/security certs, and that they more-or-less economically chain you to to the (ISC)2 organization. And I'm not talking expensive in what they cost to take ($499 early registration, $599 standard registration, $100 reschedule/cancellation fee for the CISSP, $369/$469/$100 for the SSCP). The MSCE easily tops that.

    To remain in "good standing" with the (ISC)2 you must obtain a certain number of Continued Professional Education (CPE) credits within the three-year period of your certification. 120 credits are needed by CISSPs and 60 credits by SSCPs. You get these credits by attending (ISC)2-sponsored training, and the costs vary considerably.

    You must also pay an Annual Maintenance Fee (AMF) each year that you retain certification. The AMF is $85/year for CISSP, $65/year for SSCP, and $35/year for CISSP Associates. According the the (ISC)2 FAQ, the [AMF] fees are used to recover the costs for administering the continued education and recertification processes, and to maintain individual records.

    The CISSP and SSCP do not expire as long as you remain in good standing.


    I would definitly rather my employer pay all this homage than myself.


    References:
    https://www.isc2.org/cgi-bin/content.cgi?page=8
    https://www.isc2.org/cgi-bin/content.cgi?page=44
    https://www.isc2.org/cgi-bin/content.cgi?page=47
  • /usr/usr Member Posts: 1,768
    A bit money hungry, aren't they?
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,406 Admin
    Well, considering the quality of the training that the (ISC)2 gives, and their overall reputation, I suppose it's quite a bargain. However, they do price their certs with the idea that businesses--not individuals--will be paying for the on-going "maintenance" of the certs.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I think the exam is quite expensive (although you get 5 times as many questions as in an average MS exam), but I agree, the $85 dollar is a bargain. Just getting your required CPE's should give you plently of money to pay that $85 (I.e. write a TechNotes for us ;)).

    Although a lot have been added over the past 2 years, in 2002 there were only 8000 CISSP's worldwide...
Sign In or Register to comment.