CISSP- Key To Success Kaushlendr Partap CISSP-ISSAP | CISA |Cobit5 | ISMS LA | BCMS LI E-Mail :
[email protected]
Tools for Exam Preparation and Readiness •A number of popular study guides, tools and references are available •The (ISC)2Official Guide is just one •Several Popular Books contain test engines •There are numerous test engines and assessment tools available •The (ISC)2Self-Assessment Tool (StudiScope) •The Training Seminar facilitates your preparation by tying key principles and concepts together.
studISCope •Official self assessment tool for CISSP and SSCP
•Exam-style practice questions •After completion presents a personalized study plan •How knowledgeable are you on each of the domains •Which areas need more study •Suggested materials to help you study for the exam
Philosophy of the Examiners •We test concepts, standards and best practices •We do NOT test exceptions to the rule •The exam is given in English, worldwide •It is not a test of language skills or math •There are no double negatives •You won’t need a calculator
•There may be more than one question on the same topic. The right answer to a different question is the wrong answer to the question you are currently attempting •Read the entire question carefully, don’t assume •Many wrong answers are true statements
Managerial Focus on Information Security •This is a Management Level Exam. •The way you do things in the engineering or technical sense is specific to technology. •The way management does things is specific to the BUSINESS, and this is what usually counts.
•The Exam is NOT written for your company •What is common practice at your company may not even be close to best practice anywhere else
•Consider questions as if you work somewhere else
International and Generic Approach to Exam •This is an International Exam, not country-specific •The way you do it at work is influenced by the laws and regulations of your state or country. •That makes it right at work, but possibly wrong on the exam. •The Exam is NOT written for any Industry •What is common practice in the Government may not even be close to best practice in a Bank or Hospital •Consider what might happen in a different industry
Golden Rules in Logic •People Safety always comes First •Policy is the key to nearly everything •Get Management buy-in to ensure success •Education/Training is essential •Everyone is responsible for Security •Anything a person can do will likely circumvent a technical control
Golden Rules for Logistics •READ THE ENTIRE QUESTION (RTFQ)! •Sometimes the KEY word is the LAST word. •This is where “EXCEPT”, “FIRST”, “LAST” appear.
•Consider ALL FOUR answers before committing •Sometimes all four are feasible •If you can eliminate TWO of the answers, mark your initial thoughts in the book, and come back later •DO NOT OVER-ANALYZE •The question will be easier on the second pass. •RESIST changing answers unless you are SURE you mis-read the question (like missing the word NOT/EXCEPT)
Exam Strategies •TAKE FREQUENT BREAKS
•Time is not your enemy, Fatigue is •No prize for finishing first
•No penalty for last •Read the whole question and all answers
•DON’T MAKE FOOLISH MISTAKES
Rank-em Which car will give the best mileage? A. 12 Cylinder stretch limo B. 4 Cylinder sub compact C. 8 Cylinder SUV D. 8 Cylinder Luxury Car
You might not be sure about the sequence of C and D, but they pretty clearly come in the middle. The big limo will be worst and the compact will be best. Note that it is not necessary to know the exact mileage estimates to answer the question.
Focus on Business Logic (Test is 85% non-technical) You work for a health care provider. Your country's privacy rules dictate large fines for any unauthorized use of personal health information. The best way to protect your company is via
A. Firewalls B. Intrusion Protection Systems C. Encryption D. Training
There is no technical solution to an authorized user reading data aloud over the phone.
Sequence Which of these is not part of the development process? A. Detail Design B. Management Approval C. End User Training D. Functional Design
Even if you think all four are part of development, put them in chronological order. That gives you B-D-A-C. The answer has to be the first or, as in this case, the last.
True or False In which city did George Washington take his first oath of office? A. London, England B. Chicago, Illinois C. New York City, NY D. San Francisco, California
Eliminate answers impossible or extremely unlikely to be true. Neither Chicago nor San Francisco were part of the US when Washington took office [impossible] and London is extremely unlikely. The answer is [C]
Wrong Technology Which of these is used to identify accidental changes during transmission? A.RC4 B.DES C.RSA D.MD5
Handle these by thinking about what the technology does. MD5 is an integrity checker. The others are encryption methods.
All Except Which of the following does NOT address Integrity? A. Biba B. Bell-La-Padula C. Clark-Wilson D. Brewer-Nash
Treat these as choose 3 (the three that do address Integrity), then fill in the circle on the other. In this example, the answer is B. BLP is confidentiality only.
Impossible to be correct What is the goal of Risk Management? A. Reduce risk to zero B. Identify a way to blame others for security failures C. Reduce Risk to a Manageable Level D. Transfer 90% of identified risks E. Transfer enough risk to satisfy shareholders
Rule 1. Answers with absolutes such as all, none or a fixed percentage are nearly always wrong. (A),(D)
Rule 2. Ethical violations or illegal activities are ALWAYS wrong (B) Rule 3. Answers that are too vague are nearly always wrong (E)
Answer the question asked 1. Which is key to success of any project?
2. Which is the first step in any project?
A. Cost-benefit analysis B. Management Buy-in C. Certification and Accreditation D. Choosing the Project Leader
Same answers, but question 1. is B, while question 2. is A.
The right answer to a different question is the wrong answer.
Scenario •A scenario will present a fact pattern, then several questions based on it. •You need to read and understand the fact pattern, then treat each question as a stand-alone event.
•If the fact pattern is complex, read the questions (but not their answers) first so that when you read the fact pattern, the pertinent facts will stand out.
Drag-and-Drop Questions #1 (drag-and-drop): Which of the following algorithms are examples of symmetric cryptography. Drag and drop the correct answers from left to right.
To solve the question, simply click, drag and drop each correct answer from the “Possible Answers” section to the “Correct Answers” box. In this case, we should drag-and-drop AES, Blowfish and DES into the “Correct Answers” box.
Hot Spot Questions #2 (hotspot): To secure outbound connections from internal computers, protect internal resources from inbound connections from Internet, and use a separate “DMZ” segment to allow web connections from the Internet, the security practitioner wants to deploy a single firewall. Click on the area below where the firewall should be placed.
To solve the question, hover your mouse cursor on one of the areas on the diagram. All available areas will light up as your mouse travels over them, and your selected answer will stay lit when you click on it. In this case, we’d want to deploy a firewall where we could have a “three legged” configuration: Internet, internal (with Desktop and File Server) and DMZ (with the Web Server).
Salient Features of CISSP training at Koenig: • • • • •
The CISSP course at Koenig is conducted under the supervision of a CISSP instructor Focused Training on Official ISC2 CISSP CBK- 4th Edition Specialized study notes with strong focus on exam content Mock Test as per the pattern and difficulty level of real exam The course has been designed to maximize success in the tough CISSP exam
More Info www.koenig-solutions.com www.koenig-india.com www.koenig-consultancy.com www.koenig-dubai.com www.flip-classroom.com www.koenig-dl.com www.flymeatrainer.com
Thank You Kaushlendr Partap CISSP-ISSAP | CISA |Cobit5 | ISMS LA | BCMS LI E-Mail :
[email protected]