7/27/2019 Exam Practice CISSP

1/13

Practice for the CISSP Exam

Steve Santy, MBA, CISSPIT Security Project Manager

IT Networks and Security

7/27/2019 Exam Practice CISSP

2/13

2

Overview

Exam Overview

A Few Words Regarding Preparation andStrategy

Practice Questions

Answers to Practice Questions

7/27/2019 Exam Practice CISSP

3/13

3

Exam Overview

Covers the Ten CBK Domains:1) Information Security and Risk Management

2) Access Control

3) Cryptography

4) Physical (Environmental) Security

5) Security Architecture and Design

6) Business Continuity and Disaster Recovery Planning

7) Telecommunications and Network Security

7/27/2019 Exam Practice CISSP

4/13

4

Exam Overview (continued)

Covers the Ten CBK Domains (continued):8) Application Security

9) Operations Security

10) Legal, Regulations, Compliance and Investigations

250 Multiple Choice Questions

Must earn a scaledscore of 70% or greater

6 Hours to Complete (including snack andcomfort breaks)

7/27/2019 Exam Practice CISSP

5/13

5

Preparation and Strategy

Verify your Eligibility to Become a CISSP (ISC)2 web site, especially CISSP Candidate

Information Booklet

Choose a Study Guide E.g. (ISC)2 Guide to CISSP CBK

Shon Harris CISSP All-in-One Exam Guide, 4th Edition

7/27/2019 Exam Practice CISSP

6/13

6

Prep and Strat (continued)

Each Book Above Includes a CD-ROM Test Engine Answer as many as you can

80% average

Group Study Recommended

Intensive Boot Camps

Both official and unofficial available

Lots of $$ Designed for people who have already studied the

material thoroughly!

7/27/2019 Exam Practice CISSP

7/13

7

Prep and Strat (continued)

Exam Grading You must only get an average (scaled score) of

70% on the entire exam, not a 70% on each CBKdomain within the exam. i.e. Your strong areas may

very well compensate for one weak area

Try to average at least 80% in all domains whenstudying / practicing

You must pick the best answer according to (ISC)2

;they grade the exam!

7/27/2019 Exam Practice CISSP

8/13

8

Practice Questions

1. Consideration for which type of riskassessment to perform includes all of thefollowing except:

a. Culture of the organization

b. Budget

c. Capabilities of resources

d. Likelihood of exposure

7/27/2019 Exam Practice CISSP

9/13

9

Practice Questions

(continued)

2. What are the three types of access control?a. Administrative, physical, and technical

b. Identification, authentication, and authorization

c. Mandatory, discretionary, and least privileged. Access, management, and monitoring

7/27/2019 Exam Practice CISSP

10/13

10

Practice Questions

(continued)

3. The two methods of encrypting data are:a. Substitution and transposition

b. Block and stream

c. Symmetric and asymmetricd. DES and AES

7/27/2019 Exam Practice CISSP

11/13

11

Practice Questions

(continued)

4. Which of the following is a principalsecurity risk of wireless LANs?

a. Lack of physical access control

b. Demonstrably insecure standardsc. Implementation weaknesses

d. War driving

7/27/2019 Exam Practice CISSP

12/13

12

Practice Questions

(continued)

5. Computer forensics is really the marriageof computer science, informationtechnology, and engineering with:

a. Lawb. Information systems

c. Analytical thought

d. The scientific method

7/27/2019 Exam Practice CISSP

13/13

13

References

http://www.isc2.org/

Official Guide to the CISSP CBK,Auerbach Press

http://www.isc2.org/http://www.isc2.org/