- The first thing most people hear about the CISSP examination is how difficult or unfair the questions are.. - Although this may be a good warning, it does not begin to prepare you to do well on the exam itself. - For some of the CISSP exam questions, just knowing the facts is not enough. - This paper examines seven types of hard questions you are likely to see on the CISSP examination and the best approaches for solving them.. - Throughout the CISSP preparation course offered by Global Knowledge, we cover the various security mecha- nisms, principles, concepts, and facts that will be included on the CISSP exam. - A large portion of the CISSP examination will test your knowledge of these aspects. - However, the mere knowledge of these aspects does not prepare you for the more difficult questions you may see on the CISSP examination. - This is why the Global Knowledge CISSP preparation class is not limited to a review of the information security mechanisms, princi- ples, concepts, and facts. - A significant portion of the course is devoted to study skills, memorization tech- niques, application of concepts, and principles. - Although it is impossible to predict exactly what questions you may get on the exam, we have classified the difficult questions into seven categories and given examples and approaches for identifying and overcoming them.. - At what level of the OSI model can a packet be corrected on the bit level?. - The correct answer is a) Level 2. - Level 2 is the data link level. - Study well, and think the question through. - Even though the CISSP is commonly described as “a mile wide and an inch deep”, you still have to know the security-relevant aspects of mechanisms and techniques. - Ask yourself, “What is the difference between error correc- tion at Levels 2, 4, and 7?” At the same time make sure you understand the difference between the four out- put modes of DES. - These are questions where at least two of the answers are right but one is more right than the others. - As it turns out, we find that many of these types of questions can be viewed as a subset question in which one or more of the answers are actually subsets of the most correct answer.. - The correct answer is c) Social engineering attack. - Draw arrows from one answer to another if you believe that the first answer is a subset of the second. - Then ask yourself if the “inner” answer is always correct or not.. - If the subset answer is always correct, then pick that one. - The candidate is sometimes fooled into finding an appropriate equation to use all of the variables offered in the question.. - What is the SLE?. - The correct answer is b) $35,000. - d) is the safeguard value.. - Recognizing the question from the word problem is the other half. - It is not difficult to find the question. - But when we feel rushed, it is easy to overlook the question and simply move forward and create an equation to fit the available data. - These questions can be difficult because it may be hard to determine the specific principle the question is testing you on.. - The correct answer is d) Deadbolt latch on inside. - First, narrow the question down by removing the clearly incorrect answers. - Choice a) Proximity card / PIN code assumes the same protection on the secondary entry. - On the other hand, choice d) assumes no entry, only an exit for emergencies. - The principle being tested here is the fact that you only want a single entry point into a secure area.. - However, because of the multiple sources for “standard” definitions, you may not be familiar with the descrip- tion given.. - The correct answer is c) Threat analysis. - Answers a), b), and d) all rely on threat identification as a component of the task but each of these goes farther to find vulnerabili- ties, penetrate systems, or even compute risks and recommend safeguards.. - Double negative Which of the following are not disadvantages of. - Words for numbers On average one third of the asset is protected from exposure. - Which of the following would increase the risk of the security posture?. - Translate the underlined portion of the question into a more simply worded ques- tion. - For example, reduce the question to a “good” or “plus” vs. - In this case, mark your examination booklet near the question with a plus or minus sign. - This approach will focus your thinking on the validity of each candidate answer and away from the clumsy wording of the question.. - The CISSP examination test booklet is text only. - The addressing mode in which an instruction references a memory location that contains the address of the data value is referred to as:. - The correct answer is c) indirect addressing. - Indirect addressing is the addressing mode in which a pointer to the address that contains the data is contained within the instruction.. - If a graphic helps to explain the concept, then a graphic generated from the text of the question will help you to answer the question. - Bottom line: If you wish the question had a graphic – create one.. - Although you still have many facts to memorize before you take the exam, you now should have a better understanding of the types of questions you might face. - If a question on the exam appears difficult at first, don’t fret. - Landoll is the President of Veridyn. - Landoll is the author of the recently published The Security Risk Assessment Handbook.
Xem thử không khả dụng, vui lòng xem tại trang nguồn hoặc xem
Tóm tắt