Practice for the CISSP Exam

1
Practice for the CISSP Exam

• Steve Santy, MBA, CISSP
• IT Security Project Manager
• IT Networks and Security

2
Overview

• Exam Overview
• A Few Words Regarding Preparation and Strategy
• Practice Questions
• Answers to Practice Questions

3
Exam Overview

• Covers the Ten CBK Domains
• Information Security and Risk Management
• Access Control
• Cryptography
• Physical (Environmental) Security
• Security Architecture and Design
• Business Continuity and Disaster Recovery
  Planning
• Telecommunications and Network Security

4
Exam Overview (continued)

• Covers the Ten CBK Domains (continued)
• Application Security
• Operations Security
• Legal, Regulations, Compliance and Investigations
• 250 Multiple Choice Questions
• Must earn a scaled score of 70 or greater
• 6 Hours to Complete (including snack and comfort
  breaks)

5
Preparation and Strategy

• Verify your Eligibility to Become a CISSP
• (ISC)2 web site, especially CISSP Candidate
  Information Booklet
• Choose a Study Guide
• E.g. (ISC)2 Guide to CISSP CBK
• Shon Harris CISSP All-in-One Exam Guide, 4th
  Edition

6
Prep and Strat (continued)

• Each Book Above Includes a CD-ROM Test Engine
• Answer as many as you can
• 80 average
• Group Study Recommended
• Intensive Boot Camps
• Both official and unofficial available
• Lots of
• Designed for people who have already studied the
  material thoroughly!

7
Prep and Strat (continued)

• Exam Grading
• You must only get an average (scaled score) of
  70 on the entire exam, not a 70 on each CBK
  domain within the exam. i.e. Your strong areas
  may very well compensate for one weak area
• Try to average at least 80 in all domains when
  studying / practicing
• You must pick the best answer according to
  (ISC)2 they grade the exam!

8
Practice Questions

• Consideration for which type of risk assessment
  to perform includes all of the following except
• Culture of the organization
• Budget
• Capabilities of resources
• Likelihood of exposure

9
Practice Questions (continued)

• What are the three types of access control?
• Administrative, physical, and technical
• Identification, authentication, and authorization
• Mandatory, discretionary, and least privilege
• Access, management, and monitoring

10
Practice Questions (continued)

• The two methods of encrypting data are
• Substitution and transposition
• Block and stream
• Symmetric and asymmetric
• DES and AES

11
Practice Questions (continued)

• Which of the following is a principal security
  risk of wireless LANs?
• Lack of physical access control
• Demonstrably insecure standards
• Implementation weaknesses
• War driving

12
Practice Questions (continued)

• Computer forensics is really the marriage of
  computer science, information technology, and
  engineering with
• Law
• Information systems
• Analytical thought
• The scientific method

13
References

• http//www.isc2.org/
• Official Guide to the CISSP CBK, Auerbach Press