Cissp 2022 Update Dom1 Handout

CISSP EXAM CRAM
THE COMPLETE COURSE

GET CERTIFIED FAST!
Coverage of all 8 domains
Strategy guidance
Proven learning techniques
with Pete Zerger vCISO, CISSP, MVP

WHO AM I?
Cybersecurity Strategist
vCISO for a regional bank
Speaker and Author
16-time Microsoft MVP
LinkedIn Learning Instructor
Content Developer (YouTube)
MORE IMPORTANTLY…
Last year, I helped thousands

achieve cybersecurity
certifications, including CISSP
About CISSP EXAM CRAM VIDEOS
GOAL: To help you get further, faster in your CISSP exam prep!
This series gets right to the point and eliminates the fluff!
Focuses on key characteristics of each concept to help you
identify right (and wrong) answers on exam day.
Content utilizes several proven learning methods to
accelerate your learning.
I will share techniques you can apply in your study
I intentionally speak at 115-125 words a minute.

If English is not your first language, this may be perfect!
PACE If English is your 1st language, 1.25x may be better for you.
About CISSP EXAM CRAM VIDEOS
GOAL: To help you get further, faster in your CISSP exam prep!
High probability exam topics

High difficulty concepts
Frequent sources of questions
Areas that require process memorization
I want to direct your focus to high probability

and high difficulty topics to optimize your prep!
I N T R O D U C T I O N : SERIES OVERVIEW
Lessons in this video:
Exam prep strategy

Domains 1-8
…I will also offer a few separate, shorter videos to drill down
on what students report to be the most challenging areas!
I N T R O D U C T I O N : SERIES OVERVIEW
Table of contents in
the video description
so you can skip ahead to topic of your choice!
A pdf copy of the presentation is
available in the video description!
Subscribed
SUBSCRIBE
CISSP
EXAM STUDY GUIDE
9th edition, electronic version
1,000 practice questions

1,000 flashcards
searchable key terms
CISSP
EXAM STUDY GUIDE
9th edition, electronic version
link in the video description!

CISSP EXAM CRAM
THE COMPLETE COURSE
Link to additional resources, FAQs,

exam updates, and errata in the
description beneath the video
When choosing
your answers…
THINK LIKE A
MANAGER short version
DUE DILIGENCE VS DUE CARE
practicing the activities that maintain

the due care effort.
doing what a reasonable person would

do in a given situation. It is sometimes
called the “prudent man” rule.
Together, these will reduce senior management’s

culpability & (downstream) liability when a loss occurs.
Decision
Research Implementation
Planning Operation (upkeep)
Evaluation Reasonable measures
INCREASES understanding “PRUDENT MAN” RULE

and REDUCES risk
Largely before the decision Doing after the decision
DUE DILIGENCE DUE CARE

before Decision after
Think BEFORE Actions speak

you act! louder than words
Do Detect Do Correct

before Decision after
EXAMPLES EXAMPLES
Knowledge and research of: Delivery or execution including:
✓ Laws and Regulations ✓ Reporting security incidents
✓ Industry standards ✓ Security awareness training
✓ Best practices ✓ Disabling access in a timely way

know your priorities
Roles & Risks Priorities & Objectives
YOU ARE HERE! human safety, business
continuity, protect profits,
CISO Strategic reduce liability & risk
long term
IT Director or Tactical policy and planning

Manager midrange
implement and
IT Engineer Operational operate
short term
Security Planning Horizons

During the exam, think of yourself
as an outside security consultant
DON’T TOUCH, advising an organization
advise!
During the exam, think of yourself
as an outside security consultant
advising an organization
You are advising on strategy,
DON’T TOUCH, priorities, and safety, not doing!
advise! Brings focus to process, role,
due diligence and due care
CISSP
EXAM the full story
CRAM How do I master the

30:05 “CISSP Mindset”?
CISSP EXAM CRAM
THE COMPLETE COURSE
STRATEGY
There is no
AWARD
for the longest
STUDY TIME!
How long does it take to memorize anything?
1st repetition Right after learning
2nd repetition After 15-20 min
3rd repetition After 6-8 hours
4th repetition After 24 hours

3rd repetition After 1 day
4th repetition After 2-3 weeks
5th repetition After 2-3 months
24 hours
1 week
20 min
THE POWER OF
REPETITION
spaced repetition
100 Spaced Repetition
1st session 2nd session 3rd session
Forgetting curve
Forgetting curve longer and

shallower with repetition
0
Spaced repetition
3rd repetition After 6-8 hours

3rd repetition After 1 day
4th repetition After 2-3 weeks
5th repetition After 2-3 months
MEMORIZING VS UNDERSTANDING
Studies show understanding you

memorize greatly improves retention
or memory device, is a
learning technique that makes
MNEMONIC memorizing information easier
device
A common technique is the
expression mnemonic aka
MNEMONIC an acronym
device
The best mnemonic devices are
simple, relevant, and visual
MNEMONIC
device
We’ll start with an example
using a first letter mnemonic
MNEMONIC
device
THE OSI MODEL
Away 7 Application All
Pizza 6 Presentation People
Sausage 5 Session Seem
Throw 4 Transport To
|
Not 3 Network Need
Do 2 Data Link Data
Please 1 Physical Processing

THE OSI MODEL
Aside 7 Application All
Processes 6 Presentation People
Security 5 Session Seem
Toss 4 Transport To
|
Not 3 Network Need
Do 2 Data Link Data
Please 1 Physical Processing

INCIDENT MANAGEMENT framework
1 Detection
DRMRRRL
2 Response
3 Mitigation
4 Reporting
|
5 Recovery
6 Remediation
7 Lessons Learned
INCIDENT MANAGEMENT framework
1 Detection
DRMRRRL
2 Response
3 Mitigation
4 Reporting
|
5 Recovery
6 Remediation
7 Lessons Learned
Chunking is a technique of
breaking info into smaller
MNEMONIC pieces that make sense
device
chunking
cryptography
Asymmetric Hashes
Block ciphers
Symmetric
break into “chunks” based on a unique property

cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Very Strong -
HAVAL Hash 128, 160, 192, 224, 256
MD2 Hash 128 No MD6, et. Al.
Hash MD4 Hash 128 No MD6, et. Al.
Algorithms MD5 Hash 128 No MD6, et. Al.

SHA-1 Hash 160 No SHA-2
MD* SHA-224* Hash 224 Yes -

SHA-256* Hash 256 Yes -
Message Digest SHA-384* Hash 384 Yes -
cryptography
HAVAL Hash 128, 160, 192, 224, 256


cryptography
HAVAL Hash 128, 160, 192, 224, 256
MD2 Hash 128 NO MD6, et. Al.
Hash MD4 Hash 128 NO MD6, et. Al.
Algorithms MD5 Hash 128 NO MD6, et. Al.


cryptography
HAVAL Hash 128, 160, 192, 224, 256

SHA* SHA-224* Hash 224 Yes -

Secure Hash SHA-384* Hash 384 Yes -
Algorithm
cryptography
HAVAL Hash 128, 160, 192, 224, 256

SHA* SHA-224* Hash 224 Yes -

Secure Hash SHA-384* Hash 384 Yes -
Algorithm
cryptography
HAVAL Hash 128, 160, 192, 224, 256
MD2 Hash 128 No MD6, et. al.
Hash MD4 Hash 128 No MD6, et. al.
Algorithms MD5 Hash 128 No MD6, et. al.

SHA-1 Hash 160 NO SHA-2
SHA* SHA-224* Hash 224 YES -

SHA-256* Hash 256 YES -
80/20 STRATEGY
TARGETED POWERPOINT
READING REVIEW
PRACTICE LIVE QUIZ

EXAM (or flashcards)
HOW
to best use the
PRACTICE quizzes
to assess your
EXAM readiness?
S T U D Y G U I D E : CHAPTER-TO-DOMAIN MAPPINGS
1. Security and Risk Management 1-4

2. Asset Security 5
3. Security Architecture and Engineering 6 – 10
4. Communication and Network Security 11 – 12
5. Identity and Access Management 13 – 14
6. Security Assessment and Testing 15
7. Security Operations 16 – 19
8. Software Development Security 20 - 21
80/20 STRATEGY
TARGETED POWERPOINT
READING REVIEW
PRACTICE LIVE QUIZ

80/20 STRATEGY
TARGETED POWERPOINT
READING REVIEW
PRACTICE LIVE QUIZ

80/20 STRATEGY
TARGETED POWERPOINT
READING REVIEW
PRACTICE LIVE QUIZ

Use multiple sources
TARGETED LIVE QUIZ VIDEO

READING (or flashcards) CONTENT
PRACTICE POWERPOINT
EXAM REVIEW
CISSP EXAM CRAM
THE COMPLETE COURSE
Security and Risk

Management
I N T R O D U C T I O N : CISSP EXAM DOMAINS
1. Security and Risk Management 15% 15%
2. Asset Security 10% 10%
3. Security Architecture and Engineering 13% 13%
4. Communication and Network Security 14% 13%
5. Identity and Access Management 13% 13%
6. Security Assessment and Testing 12% 12%
7. Security Operations 13% 13%
8. Software Development Security 10% 11%

I N T R O D U C T I O N : CISSP EXAM DOMAINS
New in 2021 – a summary
The new syllabus for CISSP 2021 is not much
different from the earlier version of 2018.
1. NO CHANGE in EXPERIENCE REQUIREMENTS

2. NO CHANGE in NUMBER OF DOMAINS
(content in some domains has been expanded)
3. ALMOST NO CHANGE in DOMAIN WEIGHTS
4. NO MAJOR CHANGE in LINEAR EXAM INFORMATION
5. NO CHANGE in CAT EXAM DETAILS
A few new topics have been introduced in some of

the domains to keep up with the changing times.
About the cat exam FORMAT
3 hours, 100-150 Questions

Adapts based on your answer
Aims for 50-50 probability
Answers are final! No going back
Many think this makes the
CAT exam more difficult!
About the cat exam FORMAT
70% to pass the exam

Some questions are not scored
Only pass/fail reported
Fail even 1 domain, fail the exam!
CHANGE TO the cat exam starting June 1!
current CISSP CAT exam contains

25 pretest (unscored) items
25 more items will be added,
bringing total to 50 pretest items
Exam now 4 hours, 125-175 Questions
No other changes to syllabus or content

D O M A I N 1 : SECURITY & RISK MANAGEMENT
Understand risk and apply risk analysis process

Threat modeling concepts and processes
Compliance, legal, regulatory, and privacy
Professional ethics – Know the ISC2 code by heart
Security governance principles (ITIL, oversight)
Security policies, standards, procedures and
guidelines (know “suggested” vs. “mandatory”)
what’s new in domain 1 in 2021?
1.1 Understand, adhere to, and promote

professional ethics
This is a non-event.
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
KNOW
BY HEART!
onfidentiality
ntegrity
vailability
1
onfidentiality
2 3
ntegrity vailability
onfidentiality
Access controls help ensure that only
authorized subjects can access objects
ntegrity
Ensures that data or system configurations
are not modified without authorization
vailability
Authorized requests for objects must
be granted to subjects within a
reasonable amount of time
D O M A I N 1 : ISC 2 CODE OF ETHICS
Memorize the ISC2 code of ethics

Protect society, the commonwealth,
and the infrastructure
Act honorably, honestly, justly,
responsibly, and legally
Provide diligent and competent
service to principals
Advance and protect the profession
D O M A I N 1 : SECURITY POLICY DEVELOPMENT
There are four levels of security policy development:
Security procedures
Detailed step-by-step
Security guidelines
Offer recommendations
Security baselines
define “minimum levels”
Acceptable use policy
Assign roles and responsibilities
FOR THE When developing new safeguards,
EXAM you are establishing a new baseline
FOR THE
EXAM
…so, compliance with existing baselines
is not a valid consideration point.
D O M A I N 1 : RISK CATEGORIES
is a group of potential causes of risk.

Damage. Results in physical loss of an asset or
the inability to access the asset.
Disclosure. Disclosing critical information
regardless of where or how it was disclosed.
Losses. These might be permanent or temporary,
including altered data or inaccessible data
D O M A I N 1 : RISK FACTORS
Something that increases risk or susceptibility

Physical damage. Natural disaster, power loss or
vandalism.
Malfunctions. Failure of systems, networks, or
peripherals.
Attacks. Purposeful acts whether from the inside or
outside, such as unauthorized disclosure.
D O M A I N 1 : RISK FACTORS
Something that increases risk or susceptibility

Human errors. Usually considered accidental
incidents, whereas attacks are purposeful incidents.
Application errors. Failures of the application,
including the operating system.
D O M A I N 1 : SECURITY PLANNING
Should include three types of plans

Strategic. Long term, stable plan that should include a
risk assessment. (5-yr horizon, annual updates)
Tactical. Midterm plan developed to provide more
details on goals of the strategic plan. (usually ~1 year)
Operational. Short-term, highly detailed plan based
on the strategic and tactical plans. (monthly, quarterly)
D O M A I N 1 : SECURITY PLANNING
Should include three types of plans

Strategic. , stable plan that should include a
risk assessment. (5-yr horizon, annual updates)
Tactical. plan developed to provide more
details on goals of the strategic plan. (usually ~1 year)
Operational. , highly detailed plan based
on the strategic and tactical plans. (monthly, quarterly)
D O M A I N 1 : RESPONSE TO RISK
Risk Acceptance. Do nothing, and you must

accept the risk and potential loss if threat occurs.
Risk Mitigation. You do this by implementing a
countermeasure and accepting the residual risk.
rd
Risk Assignment. Transfer (assign) risk to 3 party,
like by purchasing insurance against damage.
Risk Avoidance. When costs of mitigating or
accepting are higher than benefits of the service
D O M A I N 1 : RESPONSE TO RISK
Risk Deterrence. Implementing deterrents to

would-be violators of security and policy
Risk Rejection. An unacceptable possible
response to risk is to reject risk or ignore risk.
REMEMBER:
Handling risk is not a one-time process!
D O M A I N 1 : RISK MANAGEMENT FRAMEWORK
The primary risk management

framework referenced in CISSP is
Consider the following RMFs “for use in the real world”:
OCTAVE
operationally critical threat, asset, and
vulnerability evaluation
FAIR
Factor Analysis of Information Risk
TARA
Threat Agent Risk Assessment
1. Prepare to execute the RMF

2. Categorize information systems
3. Select security controls
4. Implement security controls
5. Assess the security controls
6. Authorize the system
7. Monitor security controls

| 4. Implement security controls
6. Authorize the system

| 4. Implement security controls
6. Authorize information system
FOR THE You should remember that
EXAM not every risk can be mitigated
FOR THE It is management’s job to
EXAM decide how that risk is handled
FOR THE When multiple priorities present,
EXAM human safety is most important
FOR THE When legal issues are involved,
EXAM “call an attorney” is a valid choice
D O M A I N 1 : TYPES OF RISK
The risk that remains even with all

conceivable safeguards in place.
The risk management has chosen

to accept rather than mitigate.
Newly identified risk not yet addressed

with risk management strategies
The amount of risk that exists

in the absence of controls.
The amount of risk an organization would

face if no safeguards were implemented.
D O M A I N 1 : RISK MANAGEMENT
FOR THE Be able to explain total risk,
EXAM residual risk, and controls gap
FOR THE
EXAM FORMULAS
To calculate TOTAL RISK, know this formula:
threats * vulnerabilities * asset value = total risk
FOR THE
EXAM FORMULAS
RISK can be defined as follows:
risk = threat * vulnerability
D O M A I N 1 : RISK ANALYSIS
Two ways to evaluate risk to assets:
| qualitative and quantitative

Two ways to evaluate risk to assets:
| and
Assigns a dollar value to evaluate
effectiveness of countermeasures
|
Assigns a to evaluate
effectiveness of countermeasures
| OBJECTIVE
D O M A I N 1 : RISK ANALYSIS STEPS
The six major steps in quantitative risk analysis

1. Inventory assets and assign a value (asset value, or AV).
2. Identify threats. Research each asset and produce a list of all
possible threats of each asset. (and calculate EF and SLE)
3. Perform a threat analysis to calculate the likelihood of each threat
being realized within a single year. (the ARO)
4. Estimate the potential loss by calculating the annualized loss
expectancy (ALE).
5. Research countermeasures for each threat, and then calculate the
changes to ARO and ALE based on an applied countermeasure.
6. Perform a cost/benefit analysis of each countermeasure for each
threat for each asset.
Uses a scoring system to rank threats
| and effectiveness of countermeasures

Uses a to rank threats

and effectiveness of countermeasures
SUBJECTIVE
An feedback-and-response
process used to arrive at a consensus.
Loss potential
What would be lost if the threat agent is
successful in exploiting a vulnerability.
Delayed loss
This is the amount of loss that can occur
over time.
are what cause the threats by
exploiting vulnerabilities.
are what cause the threats by
D O M A I N 1 : CALCULATING RISK
Important elements in quantifying potential loss

exposure factor (EF)
single loss expectancy (SLE)
annualized rate of occurrence (ARO)
annualized loss expectancy (ALE)
Safeguard evaluation
Percentage of loss that an organization

would experience if a specific asset
were violated by a realized risk
Represents the cost associated with a

single realized risk against a specific asset
SLE = Asset Value (AV) X Exposure Factor (EF)

AV EF SLE
$100,000 X .3 (30%) = $30,000
The expected frequency with which a specific

threat or risk will occur within a single year.
The possible yearly cost of all instances of a

specific realized threat against a specific asset.
ALE = single loss expectancy (SLE) *

annualized rate of occurrence (ARO)
Office Building = $200,000

Hurricane damage estimate 50%
Hurricane probability is one every 10 years 10%
(AV x EF = SLE) $200,000 x .50 = $100,000
(SLE x ARO = ALE) $100,000 x .10 = $10,000

value of the safeguard (annually)
Good security controls mitigate risk,

are transparent to users, difficult to
bypass, and are cost effective
Good security controls ,

are to users,
, and are
ALE before safeguard – ALE after safeguard

– annual cost of safeguard = value of safeguard
value of safeguard = ALE1 – ALE2 - ACS

D O M A I N 1 : CONTROLS
The amount of risk reduced by

implementing safeguards
total risk – controls gap = residual risk

QUANTITATIVE RISK ANALYSIS
CISSP
EXAM
Availableon CRAM
D O M A I N 1 : SUPPLY CHAIN
Today, most services are delivered

through a chain of multiple entities
A secure supply chain includes vendors who

are secure, reliable, trustworthy, reputable
When evaluating 3rd parties in the chain, consider:

On-Site Assessment . Visit organization, interview
personnel, and observe their operating habits.
Document Exchange and Review . Investigate dataset
and doc exchange, review processes
Process/Policy Review . Request copies of their security
policies, processes, or procedures.
Third-party Audit. Having an independent auditor provide
an unbiased review of an entity’s security infrastructure
D O M A I N 1 : THREAT MODELING
Can be proactive or reactive, but in either

case, goal is to eliminate or reduce threats
Common approaches to threat modeling:

Focused on Assets . Uses results
to identify threats to the valuable assets.
Focused on Attackers . Identify potential attackers
and identify threats based on the
Focused on Software . Considers
against the software the org develops.
Spoofing
Tampering
Repudiation
Information disclosure
developed by
Microsoft Denial of service
Elevation of privilege
Stage I: Definition of Objectives

Stage II: Definition of Technical Scope
Stage III: App Decomposition & Analysis
Stage IV: Threat Analysis
Stage V: Weakness & Vulnerability Analysis
Stage VI: Attack Modeling & Simulation
Stage VII: Risk Analysis & Management
focuses on developing countermeasures based on asset value

Visual
Agile
based on Agile
Simple
PM principles Threat
GOAL: Scalable integration of threat management

into an Agile programming environment
Damage potential
Reproducibility
Exploitability
based on answer Affected users
to 5 questions
Discoverability
An open-source threat modeling process

that implements a requirements model.
Ensures the assigned level of risk for each

asset is “acceptable” to stakeholders.
focused on
“acceptable risk”
COBIT security control framework
IT management and governance framework
Principle 1: Meeting Stakeholder Needs

Principle 2: Covering the Enterprise End-to-End
Principle 3: Applying a Single, Integrated Framework
Principle 4: Enabling a Holistic Approach
Principle 5: Separating Governance from Management
little coverage and no depth on CISSP !

Determining potential attack concepts is

often achieved through diagramming
user / web SQL injection

server boundary
users
1
Login Auth and data

retrieval
web
service
SQL
Brute force, dictionary
DIAGRAMMING POTENTIAL ATTACKS

Trust Boundaries. Any location where the level of trust

or security changes
Data Flow Paths. The movement of data between
locations
Input Points. Locations where external input is received
Privileged Operations. Any activity that requires
greater privileges than of a standard user account
Details about Security Stance and Approach.
declaration of security policy, security foundations, and
security assumptions.
Then threats are ranked or rated using

DREAD, high/medium/low rating, etc.
Security measures for countering and

minimizing loss or unavailability of
services or apps due to vulnerabilities
The terms safeguards and

countermeasure may seem to
be used interchangeably
are proactive
are reactive
D O M A I N 1 : SECURITY CONTROLS
There are three categories of security controls:

Technical. aka “logical”, involves the hardware or
software mechanisms used to manage access.
Administrative. Policies and procedures defined
by org’s security policy, other regulations and
requirements
Physical. Are items you can physically touch.
Deterrent. Deployed to discourage violation of

security policies.
Preventative. Deployed to thwart or stop
unwanted or unauthorized activity from occurring.
Detective. Deployed to discover or detect
unwanted or unauthorized activity.
Compensating. Provides options to other existing
controls to aid in enforcement of security policies.
Deterrent. Deployed to of
security policies.
Preventative. Deployed to thwart or
from occurring.
Detective. Deployed to
unwanted or unauthorized activity.
Compensating. Provides
to aid in enforcement of security policies.
Corrective. modifies the environment to return

systems to normal after an unwanted or
unauthorized activity has occurred.
Recovery. an extension of corrective controls but
have more advanced or complex abilities.
Directive. direct, confine, or control the actions of
subjects to force or encourage compliance with
security policies
Corrective. modifies the environment to

after an unwanted or
unauthorized activity has occurred.
Recovery. an but
have more advanced or complex abilities.
Directive. direct, confine, or
to force or encourage compliance with
security policies
D O M A I N 1 : LEGAL & REGULATORY
legal and regulatory issues that pertain to

information security in a
➢ Cyber crimes and data breaches
➢ Trans-border data flow
➢ Licensing and intellectual property
requirements
➢ Privacy
➢ Import/export controls
Criminal Law. contains prohibitions against acts

such as murder, assault, robbery, and arson.
Civil Law. include contract disputes, real estate
transactions, employment, estate, and probate.
Administrative Law. Government agencies have
some leeway to enact administrative law.
Computer Fraud and Abuse Act (CFAA) . The first major

piece of US cybercrime-specific legislation
Federal Sentencing Guidelines. provided punishment
guidelines to help federal judges interpret computer crime
laws.
Federal Information Security Management Act (FISMA).
Required a formal infosec operations for federal gov’t
Copyright and the Digital Millennium Copyright Act. Covers
literary, musical, and dramatic works.
Trademarks. covers words, slogans, and logos used

to identify a company and its products or services.
Patents. Patents protect the intellectual property
rights of inventors.
Trade Secrets. intellectual property that is absolutely
critical to their business and must not be disclosed.
Licensing. 4 types you should know are contractual,
shrink-wrap, click-through, and cloud services.
Computer Export Controls. US companies can’t export to

Cuba, Iran, North Korea, Sudan, and Syria.
Encryption Export Controls. Dept of Commerce details
limitations on export of encryption products outside the US..
Privacy (US). The basis for privacy rights is in the Fourth
Amendment to the U.S. Constitution.
Privacy (EU). General Data Protection Regulation (GDPR) is
not a US law, but very likely to be mentioned!
Applies to any company with customers in the EU!
HIPAA (Health Insurance Portability and Accountability Act)

HITECH (Health Information Technology for Economic and
Clinical Health)
Gramm-Leach-Bliley Act (financial institutions)
Children’s Online Privacy Protection Act (COPPA)
Electronic Communications Privacy Act (ECPA)
Communications Assistance for Law Enforcement Act
(CALEA)
D O M A I N 1 : BUSINESS CONTINUITY
issues that
pertain to information security in
1. Strategy development
2. Provisions and processes
3. Plan approval
4. Plan implementation
5. Training and education
D O M A I N 1 : BUSINESS CONTINUITY
issues that
pertain to information security in
1. Strategy
2. Provisions and
3. Plan
4. Plan
5. Training and
D O M A I N 1 : USER EDUCATION
Establish and maintain a

program
➢ Methods and techniques to present
awareness and training
➢ Periodic content reviews
➢ Program effectiveness evaluation

Cissp 2022 Update Dom1 Handout

Uploaded by

Copyright:

Available Formats

Cissp 2022 Update Dom1 Handout

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cissp 2022 Update Dom1 Handout

Uploaded by

Copyright:

Available Formats

CISSP EXAM CRAM

THE COMPLETE COURSE

with Pete Zerger vCISO, CISSP, MVP

Last year, I helped thousands

I intentionally speak at 115-125 words a minute.

High probability exam topics

I want to direct your focus to high probability

Lessons in this video:

Exam prep strategy

1,000 practice questions

link in the video description!

Link to additional resources, FAQs,

practicing the activities that maintain

doing what a reasonable person would

Together, these will reduce senior management’s

INCREASES understanding “PRUDENT MAN” RULE

Largely before the decision Doing after the decision

DUE DILIGENCE DUE CARE

Think BEFORE Actions speak

DUE DILIGENCE DUE CARE

DUE DILIGENCE DUE CARE

IT Director or Tactical policy and planning

Security Planning Horizons

CRAM How do I master the

1st repetition Right after learning

1st session 2nd session 3rd session

Forgetting curve longer and

1st repetition Right after learning

Studies show understanding you

Pizza 6 Presentation People

Sausage 5 Session Seem

Do 2 Data Link Data

Please 1 Physical Processing

Processes 6 Presentation People

Security 5 Session Seem

Do 2 Data Link Data

Please 1 Physical Processing

break into “chunks” based on a unique property

MD2 Hash 128 No MD6, et. Al.

Hash MD4 Hash 128 No MD6, et. Al.

Algorithms MD5 Hash 128 No MD6, et. Al.

MD* SHA-224* Hash 224 Yes -

MD2 Hash 128 No MD6, et. Al.

Hash MD4 Hash 128 No MD6, et. Al.

Algorithms MD5 Hash 128 No MD6, et. Al.

MD* SHA-224* Hash 224 Yes -

MD2 Hash 128 NO MD6, et. Al.

Hash MD4 Hash 128 NO MD6, et. Al.

Algorithms MD5 Hash 128 NO MD6, et. Al.

MD* SHA-224* Hash 224 Yes -

MD2 Hash 128 No MD6, et. Al.

Hash MD4 Hash 128 No MD6, et. Al.

Algorithms MD5 Hash 128 No MD6, et. Al.

SHA* SHA-224* Hash 224 Yes -

MD2 Hash 128 No MD6, et. Al.

Hash MD4 Hash 128 No MD6, et. Al.

Algorithms MD5 Hash 128 No MD6, et. Al.

SHA* SHA-224* Hash 224 Yes -

MD2 Hash 128 No MD6, et. al.

Hash MD4 Hash 128 No MD6, et. al.