CISSP Exam – How to Take It

8/10/2019 CISSP Exam How to Take It

1/20

CISSP Exam How to

take itPrasad Tiruvalluri, PMP, CISSP, PSM1, Hadooop, ISTQB, ITIL

www.techgadgettalk.com

E-mail: [email protected]
http://www.techgadgettalk.com/http://www.techgadgettalk.com/


2/20

Contents

Eligibility

Job Profiles

What does CISSP Test

The actual process

How to study

How to take exam

Resources


3/20

CISSP (Certification for Information System Security Professional) is for IT

security professionals. This validates their expertise.

There are two ways to take the examCandidates having 5 years of cumulative full time work experience in two or more

domains required under the ISC2CISSP CBK

ISC2also provides a 1 year professional experience waiver if the candidate possesses a

four year college degree in the same field

Or

Pass the exam as associates of ISC2

Earn the required 5/4 years of experience in the next 6 years before they can use theCISSP credential.

In both cases, after passing the exam, one must be endorsed by an existingCISSP and if you do not have anybody who can endorse you, then CISSP can

do the endorsement


4/20

Security consultant

Security analyst

Security manager

Security systems engineer

Security auditor

Director of security

Chief information security managerIT manager/Director

Network Architect

Security Architect


5/20

Tests a very broad depth of knowledge in 10 different

domains of Information Security

Domain 1

Access ControlA collection of mechanisms that work together tocreate security architecture to protect the assets of theinformation system

Concepts/Methodologies/Techniques

Effectiveness

Attacks


6/20

Domain 2

Telecommunications and Network Security Discusses networkstructures, transmission methods, transport formats and securitymeasures used to provide availability, integrity, and confidentiality

Network Architecture and Design

Communication Channels

Network Components

Network Attacks


7/20

Domain 3

Information Security Governance and Risk ManagementTheidentification of an organizations information assets and the

development, documentation and implementation of policies,

standards, procedures, and guidelines

Security Governance and Policy

Information Classification/Ownership

Contractual Agreements and Procurement Processes

Risk Management Concepts

Personnel Security

Security Education, Training and Awareness

Certification and Accreditation


8/20

Domain 4

Software Development SecurityRefers to the controls that areincluded within systems and applications software and the stepsused in their development

Systems Development Life Cycle (SDLC)

Application Environment and Security Controls

Effectiveness of Application Security


9/20

Domain 5

CryptographyThe principles, means and methods of disguisinginformation to ensure its integrity, confidentiality, and authenticity

Encryption Concepts

Digital Signatures

Cryptanalytic Attacks

Public Key Infrastructure (PKI)

Information Hiding Alternatives


10/20

Domain 6

Security Architecture and DesignContains the concepts,principles, structures and standards used to design, implement,monitor, and secure, operating systems, equipment, networks,

applications, and those controls used to enforce various levels of

confidentiality, integrity, and availability

Fundamental Concepts of Security Models

Capabilities of Information Systems (e.g. memory protection,virtualization)

Countermeasure Principles

Vulnerabilities and Threats (e.g. cloud computing, aggregation, data

flow control)


11/20

Domain 7

Operations SecurityUsed to identify the controls over hardware,media and the operators with access privileges to any of theseresources

Resource Protection

Incident Response

Attack Prevention and Response

Patch and Vulnerability Management


12/20

Domain 8

Business Continuity and Disaster Recovery PlanningAddressesthe preservation of the business in the face of major disruptions tonormal business operations

Business Impact Analysis

Recovery Strategy

Disaster Recovery Process

Provide Training


13/20

Domain 9

Legal, Regulations, Investigations and ComplianceAddressescomputer crime laws and regulations, the investigative measuresand techniques that can be used to determine if a crime has been

committed, and methods to gather evidence

Legal issues

Investigations

Forensic procedures

Compliance Requirements/Procedures


14/20

Domain 10

Physical (Environmental) SecurityAddresses the threats,vulnerabilities, and countermeasures that can be utilized tophysically protect an enterprises resources and sensitive

information

Site/Facility Design Considerations

Perimeter Security

Internal Security

Facilities Security


15/20

Obtain the experience

5 years in two of the domains in the previous slides.

Valid experience includes information systems security-related work performed as apractitioner, auditor, consultant, investigator, or instructor that requires information securityknowledge and involves the direct application of that knowledge

Or 4 years in two of the domains in the previous slides and

A 4 year degree

Should have an approved ISC2 credential

Study for the exam

Schedule the CBTPass the exam

Complete the endorsement

Maintain the certification


16/20

It is just an exam, Think positive. It is not the end of the world

Verify that you are eligible and schedule the exam. Let the commitment drive

you. Make sure you do not schedule the exam too far off. You may

procrastinate.

If you have experience in the info security field, plan for about 200 hrs to 250

hrs of study else plan for about 400 hrs to 450 hrs of study

One domain per week. Study everyday.

Use CBK as a base so you do not go off topic too much as that is a real problem

Use one book as a reference and just one more as a fall back. Dont read too

many.Take tests daily and from different sources. Do not worry about the scores as

none of the existing questions even remotely resemble the actual test

questions. Use the tests to just gauge your state of preparation

Write the exam


17/20

The exam is 6 hours long.

You many not need 6 hrs but be prepared to spend 6 hrs.

Get familiar with CBTDownload the test tutorial & practice exam from Pearson Vue(http://www.pearsonvue.com/athena/ )

Take an online tour of a Pearson Professional Center

(http://www.pearsonvue.com/ppc/ )

Arrive early

One hour, if you can.

Bring your registration paperwork, government issued ID: Drivers License, passport etc.,

Bring your snacks and drink (in covered container).

Take your restroom break before you sign-in

Your proctor will lead you through the registration process and lead you to your

workstation

Get familiar with your workstation and start when youre ready.
http://www.pearsonvue.com/athena/http://www.pearsonvue.com/ppc/http://www.pearsonvue.com/ppc/http://www.pearsonvue.com/athena/


18/20

You have an option to mark the question for review later, use it

The questions are so crafted, you are never certain how well you have done. Do

not get discouraged. Most of the exam takers have felt that way.

You pass if you score more than 700. The score is scaled. The number of

questions is 250 with 25 being not used for scoring but you will not know which

ones.

The questions are multiple choice questions with single and multiple answers.There are drag and drop and hotspot questions since 2014.


19/20

Take your time, but not too much time

1 min. per question, but no more than 2.

Mark the questions that youre not sure on and move on.

Do take a break

Review your answers

Review the questions that you dont have an answer first.

Review rest of your answers.

Your first answer likely be the right answer.

Ignore your surroundings

Others may be writing different exams (PMP, GRE etc.,) which may be 3 hours

long


20/20

Official ISC2 website - https://www.isc2.org/cissp/default.aspx

https://www.cccure.orgfor exams. There are two packages normal

multiple choice and scenario based. It also has a lot of other resourcesPrep books

CISSP All-in-One Exam Guide, Fifth Edition, by Shon Harris and the website has free questions

Official (ISC)2 Guide to the CISSP CBK the latest edition must read

CISSP Study guide, Eric Conrad

CISSP Study Guide 6E Sybex- James Stewart, Mike Chapple & Darril Gibson comes with questions

CISSP Training Kit-David R Miller - Microsoft Press comes with questions

Eleventh Hour CISSP Study Guide-Eric Conrad

Wiley The CISSP Prep Guide Gold Edition

TestKing ISC CISSP Exam Q And A

For more detailed information and Q & A visit www.techgadgettalk.com
https://www.isc2.org/cissp/default.aspxhttps://www.cccure.org/http://www.techgadgettalk.com/http://www.techgadgettalk.com/https://www.cccure.org/https://www.cccure.org/https://www.isc2.org/cissp/default.aspxhttps://www.isc2.org/cissp/default.aspx

CISSP Exam – How to Take It

Documents

Transcript of CISSP Exam – How to Take It