Taking CISSP, only have 50 days to prepare -- HELP!

Jake007

Mike,

Stay focus my friend, dont get discourgaed, read why the answers are what they are, use this as rational for answering the questions. you just have to keep hammering away daily.. . The book is a guide and not an all inclusive exam book. Personally i have never seen or read Conrad book.. Keep your focus and study study study. Email me if you need to you have it... Jake

NavyIT

Thanks guys. Hopefully you're right. I took a break yesterday to clear my head and I started back again today. Hopefully I can keep my head clear and stay focused!

NavyIT

Well,

I have 13 days left until my exam and I am losing motivation. I don't have the motivation to read. I am mainly just taking practice questions now and notice that my weak domains are still Software and Cryptography. Anyone have any advice on what kept you motivated? Thanks.

da_vato

What other sources have you tried so far? I'm thinking you should read another book (just the domains you're weak on) like "CISSP for dummies" (no pun intended). I've heard many people like that book.

Another thing you can do is post some of the questions you're not understanding and we can elaborate and tell why the answer is the answer.

For every single question you should be able to remove two answers right off the bat, cross those out and focus on the remaining two.

NavyIT

@da_vato, maybe I'll try the dummies book but at this point (2 weeks left) I think I might be better off just brushing up on software/crypto and doing practice questions and reading the 11th hour.

On another note, can anyone explain to me the difference between fail-safe and fail-secure. I missed a question and this was the explanation I was given and it doesn't really make sense to me. Thanks.

incorrect because fail-secure does not default to unlocked. A fail-secure configuration means that the doors default to being locked if there are any problems with the power. Be careful not to confuse fail-secure with fail-safe. You can think of it this way: If a fail-secure lock fails, the door is secure; i.e., the door is locked. If a fail-safe lock fails, then the people it protects are safe because they can leave through the door.

da_vato

In terms of fail-safe think "safety" if your ship lost power you would want it to fail safe so that people could out of the ship safely. You want all the doors to open up and allow full access.

Fail-secure is just the opposite if power goes out you don't want anyone getting into your safe and stealing your secrets just because it lost power so it will fail-secure.

These are things to take into account when designing a security program cause as an attacker I could cut power to relatively easy.

NavyIT

Thanks man, I think it makes enough sense to where I'll be able to distinguish between the two.

Jake007

Mike,

Since you are short on time, i suggest you continue the quiz bank only reading and trying to get a good understanding with only 2 weeks left may not be, the best approach.. Keep at the quiz bank.. Like most of us the motivation to keep going and studying was the determination to get the Certification. Some peple passed the 1st time others the fourth time.. the point is to stay determined no matter how long it takes you to pass. YOU CAN DO IT, think of key words to remember certain things.. Example: Fail Safe= Safe Exit or way out .... Fail Secure= "secured" or locked exit no way out.

whatever it takes for you to remember certain things you have to come up with your own pharse just like with the OSI Layers. and TCP/IP DOD layers (All People Seem To Need Data Processing) etc...

Bell–LaPadula Model: a Bell faces DOWN, you can only read DOWN at your security level or lower no higher (NO READ up). A user/object at a certain security level must not write to any object at a lower security level (No write down)...

these are examples of how i remembered certain things on the exam and it was a HUGE help... i hope i didnt confuse you.

RanMic

Jake007 wrote: »

Mike,
Bell–LaPadula Model: a Bell faces DOWN, you can only read DOWN at your security level or lower no higher (NO READ up). A user/object at a certain security level must not write to any object at a lower security level (No write down)...

these are examples of how i remembered certain things on the exam and it was a HUGE help... i hope i didnt confuse you.

Jake, funny how you did the Bell-LaPadula trick to help remember. I did mine like this: Bell = fell (as in down). Windows perms are usally said as read\write so in my mind I did Bell = fell, read down (fell) and write up.......and then I was able to remember Biba was opposite.

No trying to highajck the thread, I just thought I'd toss out my weird way of thinking.

Jake007

Yeah its cool RanMic, whatever works for him we all have a method, i just want Mike to have one. We all our here to help him and others so hopefully he has a good idea of what we're saying.

NavyIT

Thanks for the clarification guys. Both methods helped.

One of the more common problems I am having is answering questions like:

Who is responsible for "XYZ" if "XYZ"?

The choices will be CIO, CEO, System Admin or Information Officer.

I don't see anything in these books I'm reading that really clarifies who is responsible for specific decisions. It seems pretty subjective. Also, the person writing the question for cccure might have a different opinion on who should "direct short-term recovery actions immediately following a disaster". Just seems confusing.

da_vato

NavyIT wrote: »

Thanks for the clarification guys. Both methods helped.

One of the more common problems I am having is answering questions like:

Who is responsible for "XYZ" if "XYZ"?

The choices will be CIO, CEO, System Admin or Information Officer.

I don't see anything in these books I'm reading that really clarifies who is responsible for specific decisions. It seems pretty subjective. Also, the person writing the question for cccure might have a different opinion on who should "direct short-term recovery actions immediately following a disaster". Just seems confusing.

On something like this always think Chain of Command vs legality. If you did something stupid say left your firewall open with no real security and your network gets hacked and trade secrets or PII are stolen, who has to answer to the stakeholders/courts? you may get fired but the company still has to deal with this issue. Almost always the CEO will be responsible.

Now if you rolled out a patch without testing as a SysAd and crash the network (in a fail-secure state) who's to blame then? Most likely the person that made the decision... could be the SysAd... could be the next level manager or could be the CIO. Ultimately who ever disobeyed policy will be hung out to dry in this case.

Think of the severity of "XYZ" then think who usually deals with that level. In other words what would your company commander deal with at his level and what would be taken out his hands and dealt with by the Admiral? If it could be a legal issue most likely will be CEO.

mugsym

I am not an expert, but will offer my thoughts. I would think it really depends (great answer I know). Management/Executives are responsible for a lot, ensuring there is a BCP for example. Now your lower managers, BCP Manager/Leader would be responsible for day to day operations... overseeing BCP testing training for example. Hope this helps.

zenrandom

One thing that I do not think receives enough attention is the ISC2 Studiscope exams. Hands down, these most closely represent the wording of the questions that you will see on the CISSP exam. The questions are similar in terms of topic and difficulty, they also utilize the same grading algorithm as used on the actual exam. You get detailed explanations of the answers, and an analysis of your strengths, opportunities, threats, and weaknesses.

If you want to know if you're ready, I really do suggest paying for one of the three 100 question exams. They are not cheap though, I think just one is around $100 or so.

-zr

JoJoCal19

zenrandom wrote: »

One thing that I do not think receives enough attention is the ISC2 Studiscope exams. Hands down, these most closely represent the wording of the questions that you will see on the CISSP exam. The questions are similar in terms of topic and difficulty, they also utilize the same grading algorithm as used on the actual exam. You get detailed explanations of the answers, and an analysis of your strengths, opportunities, threats, and weaknesses.

If you want to know if you're ready, I really do suggest paying for one of the three 100 question exams. They are not cheap though, I think just one is around $100 or so.

-zr

I agree they don't get enough attention (due to costs) but I for one will be getting them before I sit the exam.

mister704

I am using Transcender and Shon Harris testbank of questions.

patrick26

Hi all, I also also looking for good exam questions for CISSP. Could anyone explain me what this transcender should be, where I can find it? Alternatively, I am considering signing up to the CCCure quiz engine, it seems to give best value for Money, apparently.Thanks for your Feedback guys

mister704

mister704 wrote: »

I am using Transcender and Shon Harris testbank of questions.

Transcender is another testing engine. Consists of 900+ questions ranging from easy to difficult. Here is the site Transcender IT Certification Prep Training Products - Practice Exams and More. I signed up for the 6 months and have been using it for now 4 months. Seems to really help in remembering and identifying weak areas. I think Shon Harris website McGraw-Hill Education | CISSP Practice Exams which you have to sign up for but is free has A LOT of tough questions. Really helps thinking also.

NavyIT

Well, it's the day before the exam and I'm not sure how ready I am but I've come a long way in the short time I've been studying. Not sure what I should be doing. I think I'm just going to review my notes and read the code of ethics one more time. I don't want to over-do myself the day before. Hopefully all goes well tomorrow morning and I come back with good news to report. Thanks everyone for all of the help!

da_vato

Good luck.

Take it easy today, get some good rest tonight have a good breakfast tomorrow and think like a manager when you go in there.

Jake007

Mike,

Please let us know how you did!!!.. We will be waiting.

NavyIT

Well, I'm back from the testing center and am pleased to report that I PASSED!

It really hasn't hit me yet, since when I ended the exam I was about 85% sure that I had failed. I finished in 4 hours. I flagged about 15 questions throughout the exam, and at the end I only reviewed the flagged questions.

So I had about 37 days or so to prepare and probably didn't study at all on about 5-7 of those days. I used:

Eric Conrad 2nd Ed.
11th Hour Study Guide
CCCURE paid questions
Eric Conrad practice exams
Some study notes graciously provided by some TE members.

Overall, I learned a great deal of information (some useful and some not so useful) and enjoyed the studying process. The exam was extremely tough and had many questions where I just had to guess what I thought the answer was they were looking for. There were also several VoIP questions that threw me for a loop, but I'd like to think those were part of the 25 test questions.

Thank you to everyone on this forum who helped me during this process, you really helped me out!

RanMic

Sweet!!!!!!!!!!!! Congrats my man! Very happy happy happy for you.

da_vato

Congrats! I knew you would pass. I am very glad to hear the good news because you seemed to become very discouraged a few times during your studies. This will become a TE's epic tale of slaying the CISSP dragon.

abhi78sen

Congrats man. I also passed on 14 th.

joebanny

Very glad you made it, anything is possible when you put you mind to it! Now you can chill a little, Congrats!!!

RanMic

joebanny wrote: »

anything is possible when you put you mind to it!

That's what Marty McFly's dad told him.

NavyIT

Thank you everyone! I wish I could say it's time to rest but I'm starting my last 3 classes for my B.S. degree on Monday. They are in 8-week format so there will be little downtime. I'll just try to enjoy this free weekend!

Thistleback

Congratulations on your pass!

NavyIT

UPDATE: Just got my endorsement e-mail. So now I'm officially a CISSP!