practice for the cissp exam
DESCRIPTION
Practice for the CISSP Exam. Steve Santy, MBA, CISSP IT Security Project Manager IT Networks and Security. Overview. Exam Overview A Few Words Regarding Preparation and Strategy Practice Questions Answers to Practice Questions. Exam Overview. Covers the Ten CBK Domains: - PowerPoint PPT PresentationTRANSCRIPT
Practice for the CISSP Exam
Steve Santy, MBA, CISSPIT Security Project ManagerIT Networks and Security
2
Overview
Exam Overview
A Few Words Regarding Preparation and Strategy
Practice Questions
Answers to Practice Questions
3
Exam Overview
Covers the Ten CBK Domains:1) Information Security and Risk Management
2) Access Control
3) Cryptography
4) Physical (Environmental) Security
5) Security Architecture and Design
6) Business Continuity and Disaster Recovery Planning
7) Telecommunications and Network Security
4
Exam Overview (continued)
Covers the Ten CBK Domains (continued):8) Application Security
9) Operations Security
10) Legal, Regulations, Compliance and Investigations
250 Multiple Choice Questions
Must earn a scaled score of 70% or greater
6 Hours to Complete (including snack and comfort breaks)
5
Preparation and Strategy
Verify your Eligibility to Become a CISSP• (ISC)2 web site, especially CISSP Candidate
Information Booklet
Choose a Study Guide• E.g. (ISC)2 Guide to CISSP CBK• Shon Harris CISSP All-in-One Exam Guide, 4th
Edition
6
Prep and Strat (continued)
Each Book Above Includes a CD-ROM Test Engine• Answer as many as you can• 80% average
Group Study Recommended
Intensive “Boot Camps”• Both official and unofficial available• Lots of $$• Designed for people who have already studied
the material thoroughly!
7
Prep and Strat (continued)
Exam Grading• You must only get an average (scaled score)
of 70% on the entire exam, not a 70% on each CBK domain within the exam. i.e. Your strong areas may very well compensate for one weak area
• Try to average at least 80% in all domains when studying / practicing
• You must pick the best answer according to (ISC)2; they grade the exam!
8
Practice Questions
1. Consideration for which type of risk assessment to perform includes all of the following except:
a. Culture of the organization
b. Budget
c. Capabilities of resources
d. Likelihood of exposure
9
Practice Questions (continued)
2. What are the three types of access control?
a. Administrative, physical, and technical
b. Identification, authentication, and authorization
c. Mandatory, discretionary, and least privilege
d. Access, management, and monitoring
10
Practice Questions (continued)
3. The two methods of encrypting data are:
a. Substitution and transposition
b. Block and stream
c. Symmetric and asymmetric
d. DES and AES
11
Practice Questions (continued)
4. Which of the following is a principal security risk of wireless LANs?
a. Lack of physical access control
b. Demonstrably insecure standards
c. Implementation weaknesses
d. War driving
12
Practice Questions (continued)
5. Computer forensics is really the marriage of computer science, information technology, and engineering with:
a. Law
b. Information systems
c. Analytical thought
d. The scientific method
13
References
http://www.isc2.org/
Official Guide to the CISSP CBK, Auerbach Press