Clarification Needed on Practice Questions.

It's my understanding that as (ISC)2 is a global and vendor agnostic organization, I shouldn't expect and USA centric questions regarding specific laws or vendor specific software. Is that actually true? Additionally, as I understand things, is it true that all questions are multiple choice consisting of four questions and NOT true/false? Many of the online testing resources have good questions, but I'm not certain that they're 100% applicable to the CISSP exam. Is there any validity in my assumptions?

Find more posts tagged with

Comments

digitheads

from what I have seen, they are all multiple choice, some requiring you to choose 3 to 5 correct entries. there are true/false questions, like: "which statement is true about bla bla bla" or "which statement is false about bla bla bla".

GenrericSecurityGuy

So to clarify....You will never see a question with only two options: True or False.

!nf0s3cure

Not sure how you can rule that out? More importantly I am not sure how that will make any difference to the preparation for the exam?

GenrericSecurityGuy

Well, a lot of the testing resources online try to mimic the CISSP exam as much as possible. I don't want to waste my time with test questions that:

1. Aren't relevant to the exam.
2. Not in the style of a CISSP question.

If constructive criticism is given to the test makers, they'll improve their sites and it will benefit everyone. Thus my question.

TheFORCE

GenrericSecurityGuy wrote: »

Well, a lot of the testing resources online try to mimic the CISSP exam as much as possible. I don't want to waste my time with test questions that:

1. Aren't relevant to the exam.
2. Not in the style of a CISSP question.

If constructive criticism is given to the test makers, they'll improve their sites and it will benefit everyone. Thus my question.

There are different types of questions. As mentioned already you can not rule out true or false questions. Besides the multiple choice question/answer format, there are also scenario based questions or as they are known simulation questions where you are asked to identify various requirements based on the scenario.

GenrericSecurityGuy

What about regional specific questions? Would you expect to see questions regarding US law, or perhaps something application specific? If I understand it correctly, you won't I just want to clarify because some of the tests questions I'm coming across in CISSP quizzes don't look like they're applicable.

TheFORCE

GenrericSecurityGuy wrote: »

What about regional specific questions? Would you expect to see questions regarding US law, or perhaps something application specific? If I understand it correctly, you won't I just want to clarify because some of the tests questions I'm coming across in CISSP quizzes don't look like they're applicable.

Your reading material quizes or your test engines base your practice questions on the subjects covered in those reading/study material.
With that said. CISSP and ISC2 is a vendor neutral, application neutral and an international exam. It's up to your discretion on what not to read or what to read.
No one here will give you specific answers because simply stated, no one knows what the question mechanism is. That is why CISSP is a tough exam and you require 5 years of experience and a good understanding of the subjects covered.

gespenstern

GenrericSecurityGuy wrote: »

It's my understanding that as (ISC)2 is a global and vendor agnostic organization, I shouldn't expect and USA centric questions regarding specific laws or vendor specific software. Is that actually true?

Don't think so. I think you may get questions on stuff like Sarbanes-Oxley and FIPS and almost certainly get questions on stuff like 3DES and AES. This is USA specific.

Probably that's why we have 60k out of 90k CISSPs inside the US. The rest of the world doesn't seem to bother much.

But again, things in IT tend to happen in the US with high probability, so, it may worth to know what happens here anyway. Or maybe you are heading to be proficient in some unknown secret proprietary non-US national information technology?