Preparation for CISSP exam
Hi guys,
I am getting closer and closer to my cissp exam with a few weeks to go now!
I am doing fine on CCCure website in that am averaging between 75-80% at the moment, and looking to work on weaker areas. I noticed that sometimes I do well and at other times not so well, and this is mainly down to getting some of the questions wrong which are referenced to books/sources around 2001.
I know the actual exam is no comparison, but I feel like I know the current material fairly well but not sure if I should try and learn things that, well, may have been in the exam previously? Also, would it be worth buying the Studiscope questions to get an idea of what the exam questions maybe like? Even though they are a little expensive! Unless someone is willing to split the cost
I seem to find a number of situations where I seem to be undecided between 2 questions and go for the wrong answer more than the write answer. I guess with more practice I'll get used to it.
I'm using the Shon Harris 5th Edition and 6th Edition. I have access to book24x7 and have been going through some modules within the CISSP for Dummies book and at times the ISC2 CBK, and mixing this with the Eric Conrad Study Guide and probably finish with the 11th Hour book also.
Congrats to all the guys that have passed recently and everyone else that has been providing valuable information! It's been inspirational and very helpful! Apologies for all the questions!!
I am getting closer and closer to my cissp exam with a few weeks to go now!
I am doing fine on CCCure website in that am averaging between 75-80% at the moment, and looking to work on weaker areas. I noticed that sometimes I do well and at other times not so well, and this is mainly down to getting some of the questions wrong which are referenced to books/sources around 2001.
I know the actual exam is no comparison, but I feel like I know the current material fairly well but not sure if I should try and learn things that, well, may have been in the exam previously? Also, would it be worth buying the Studiscope questions to get an idea of what the exam questions maybe like? Even though they are a little expensive! Unless someone is willing to split the cost
I seem to find a number of situations where I seem to be undecided between 2 questions and go for the wrong answer more than the write answer. I guess with more practice I'll get used to it.
I'm using the Shon Harris 5th Edition and 6th Edition. I have access to book24x7 and have been going through some modules within the CISSP for Dummies book and at times the ISC2 CBK, and mixing this with the Eric Conrad Study Guide and probably finish with the 11th Hour book also.
Congrats to all the guys that have passed recently and everyone else that has been providing valuable information! It's been inspirational and very helpful! Apologies for all the questions!!
Comments
A week before the exam I was averaging 85-90% on the CCCure test bank. I spotted the weaker areas and re-read the whole chapter of the Shon Harris and Eric Conrad book and it did the trick for me.
I wish you the best of luck passing your exam!
Website: www.nxecurity.com
How big are the question pools you are working with on CCCure? Try for 250 questions at a time to help get you ready for the full test. I was taking about an hour and a bit for 250 on CCCure, and ended up taking a bit over two hours on the actual test.
Wes Allen, thank for the info, I did see that webcast by Dr Eric Cole I believe and found it very useful but will probably try and see it again.
I am doubling up the modules at the moment and doing 25 questions for each module.
I have sat an exam of 150 questions and scored 73% a couple weeks ago and then resat another 241 question (missed some questions as internet was slow and they didn't load) exam last week and scored 79-80%. I like you seem to not take that much time, it took me about 90mins to do 241 questions.
I am trying to focus more on domains which I probably was not scoring so well in and others where I may have scraped 70% which includes Cryptography and Security Architecture and Design.
Did the 5th Edition of Shon Harris help enough? I'm wondering whether to focus on that than on the 6th edition that I have recently begun working on.
I guess my real concern is how different the exam questions will be....
By the way, well done again for passing the CISSP, I can see how much of a monster it is and got to congratulate anyone that manages to pass the exam!
When you get down to the two possible answers, ask yourself this: is one more a technical answer, as opposed to a management answer? For example, putting a technical control in place versus addressing the issue in policy?
I passed the CISSP on my first try after studying Shon Harris 5th edition for about 2.5 months, plus attending a week long boot camp with the exam at the end. Much of the value of boot camp was in the discussion of how to dissect the questions to get down to what they are REALLY asking. First, try to determine which domain the question is addressing. That perspective alone sometimes gives you a clue as to which of those two good answers is the correct one.
Think about having support from the top down in a business model - You have to have the support of senior management, and good solid policy and procedure next, then the appropriate technical controls. Add audit and reporting, and you have come full circle. So where, in that model, do the two good answers apply? If you can place them, choose one highest in the heirarchy. I hope that helps. Oftentimes, when you are a techie, it is hard not to lean to the technical answer . . . maybe that's what is happening with your choices. Just a thought . . .
Thank you for the suggestions, next time I will try and tackle it from that approach!
> GMOB [MAR_2014] OSCP [MAY_2014] GREM [OCT_2014]
I was averaging 70-75% on those domains I was having issues with.
I hope that helps!
Website: www.nxecurity.com
Thanks, that sure does, I think I may have a couple modules with a similar average.
I just need to strengthen on a few domains.
Can someone confirm something for me as I seem to be seeing contradictory definitions in places.
Within Access Control, does non-discretionary apply to role-based (RBAC) and not MAC? From reading the 6th edition of Shon Harris she mentions MAC as a non-discretionary model.
Also, there was a question on CCURE which mentioned that the MAC model is implemented from the Lattice approach and not rule-based. I'm guessing Lattice would help set the structure and then rules would be setup based off this? Question below:
Which of the following would be used to implement Mandatory Access Control (MAC)? Lattice and Rule based were the options that stood out.