72 hours and counting...for CISSP exam

datschmodatschmo Member Posts: 59 ■■□□□□□□□□
Down to about 72 hours before the exam and I'm still struggling to keep all the information in the Security Architecture and Design domain from bleeding together. Anyone have any study tips on memorizing all the Security Models (Bell-LaPadula, Biba, Clark-wilson, etc...) and when they should be used in scenario? The scenario types questions I using and expect on the exam keep throwing me for a loop, although I feel pretty good about all the other domains.



  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    I found some of the docs on cccure.org were great for reviewing the couple days before my test. You have to register on the cccure.org site and kinda dig around a little to find them - don't think I can link to them directly.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,881 Mod
    Hmm... you should have this committed to memory by now. Here are my cliff notes.

    Other notes:
    - "Simple Security" property refers to READ
    - Bell-LaPadula - enforces CONFIDENTIALITY
    ○ NO Read Up (simple security property)
    ○ NO Write Down (* property rule)
    ○ Strong start rule - subject can read and write to objects at its same security level
    ○ Strong tranquility - labels will not change while system is operating
    ○ Weak tranquility - labels wont change in a way that conflicts with security properties

    - BIBA - enforces INTEGRITY
    ○ NO Read Down (Simple security axiom)
    ○ NO Write Up (* integrity axiom)

    - Clark-Wilson - enforces integrity + separation of duties
    ○ Subjects access object via programs. Well formed transactions
    ○ Access triple: subject --> Transformation Procedure (program) --> object (Constrained Data Item)

    - Brewer-Nash: Chinese wall - if subject has access to company A HR folder, then he won't have anything on Company B. Prevents conflict of interest

    - Take-Grant Model :Uses a directed graph to specify rights a subject can transfer to an object or take from another

    If you have an example of the questions that throw you in a loop post them here so we can clarify. You must absolutely master this and be able to apply them in a scenario.
  • datschmodatschmo Member Posts: 59 ■■□□□□□□□□
    wes allen: I'll check on cccure, I've been using that test engine for a few weeks now.

    cyberguypr: think I'm having pre-test jitters, took some more practice tests yesterday and did a lot better than the two previous days. Thanks for the notes and input.

    What seems to have helped me the most with the scenario questions, is a post I found where someone referenced Eric Cole's deconstruction method. Wish I had found that sooner. Anyway, feeling better about the exam, schedule for a 1pm start of Friday.
  • hcaeb2000hcaeb2000 Member Posts: 10 ■□□□□□□□□□
    Good Luck tomorrow!
  • datschmodatschmo Member Posts: 59 ■■□□□□□□□□
    Didn't make it...scored a 681. As much as I thought I had cryptography nailed, it ended up being the worst domain for me on the exam. Little discouraging..but going to adapt my studying, now I know what to expect question wise. Probably take it again in 3-4 weeks.
  • cgrimaldocgrimaldo Member Posts: 439 ■■■■□□□□□□
    Sorry to hear that. I'm sure you will knock it out of the ballpark next time around. Good luck!
  • Jake007Jake007 Member Posts: 65 ■■□□□□□□□□
    Sorry to hear that, don't get discouraged look at my post, it may also help you... In the crypto area. Suggestion next time around concentrate more on your bottom 3 areas that were the weakest. Use the 2012 test bank link in my post.. Totally free. You will make it.
  • maronvomramaronvomra Member Posts: 40 ■■□□□□□□□□
    damn ... you are so close ..
    But you are ready now as you know what to expect. Next time you will nail it.

    Two of my colleague also gave the exam last week. One of them was in Security for over 2 years and the other one is in web operations. Guess what, the security guy failed (68icon_cool.gif and the other one passed.icon_sad.gif
Sign In or Register to comment.