Practice for the CISSP Exam

Steve Santy, MBA, CISSP IT Security Project Manager IT Networks and Security

Overview
Exam Overview

A Few Words Regarding Preparation and Strategy Practice Questions

Answers to Practice Questions

Exam Overview
Covers the Ten CBK Domains:
1) Information Security and Risk Management
2) Access Control 3) Cryptography

4) Physical (Environmental) Security

5) Security Architecture and Design 6) Business Continuity and Disaster Recovery Planning

7) Telecommunications and Network Security

Exam Overview (continued)

Covers the Ten CBK Domains (continued):

8) Application Security
9) Operations Security 10) Legal, Regulations, Compliance and Investigations

250 Multiple Choice Questions

Must earn a scaled score of 70% or greater

6 Hours to Complete (including snack and comfort breaks)

4

Preparation and Strategy

Verify your Eligibility to Become a CISSP
(ISC)2 web site, especially CISSP Candidate Information Booklet

Choose a Study Guide

E.g. (ISC)2 Guide to CISSP CBK Shon Harris CISSP All-in-One Exam Guide, 4th Edition

Prep and Strat (continued)

Each Book Above Includes a CD-ROM Test Engine

Answer as many as you can

80% average Group Study Recommended Intensive Boot Camps Both official and unofficial available

Lots of $$
Designed for people who have already studied the material thoroughly!
6

Prep and Strat (continued)

Exam Grading
You must only get an average (scaled score) of 70% on the entire exam, not a 70% on each CBK domain within the exam. i.e. Your strong areas may very well compensate for one weak area Try to average at least 80% in all domains when studying / practicing You must pick the best answer according to (ISC)2; they grade the exam!

Practice Questions 1. Consideration for which type of risk assessment to perform includes all of the following except:
a. b. c. d. Culture of the organization Budget Capabilities of resources Likelihood of exposure

Practice Questions (continued)

2. What are the three types of access control?

a. b. c. d. Administrative, physical, and technical Identification, authentication, and authorization Mandatory, discretionary, and least privilege Access, management, and monitoring

Practice Questions (continued)

3. The two methods of encrypting data are:

a. b. c. d. Substitution and transposition Block and stream Symmetric and asymmetric DES and AES

10

Practice Questions (continued)

4. Which of the following is a principal security risk of wireless LANs?

a. b. c. d. Lack of physical access control Demonstrably insecure standards Implementation weaknesses War driving

11

Practice Questions (continued)

5. Computer forensics is really the marriage of computer science, information technology, and engineering with:
a. b. c. d. Law Information systems Analytical thought The scientific method

12

References

http://www.isc2.org/ Official Guide to the CISSP CBK, Auerbach Press

13