CISSP- Key To Success

Kaushlendr Partap
CISSP-ISSAP | CISA |Cobit5 | ISMS LA | BCMS LI
E-Mail : kaushlendar.pratap@koenig-solutions.com

Tools for Exam Preparation and Readiness

A number of popular study guides, tools and references are available
The (ISC)2Official Guide is just one
Several Popular Books contain test engines
There are numerous test engines and assessment tools available
The (ISC)2Self-Assessment Tool (StudiScope)
The Training Seminar facilitates your preparation by tying key principles and
concepts together.

studISCope
Official self assessment tool for CISSP and SSCP

Exam-style practice questions

After completion presents a personalized study plan
How knowledgeable are you on each of the domains
Which areas need more study
Suggested materials to help you study for the exam

Philosophy of the Examiners

We test concepts, standards and best practices
We do NOT test exceptions to the rule
The exam is given in English, worldwide
It is not a test of language skills or math
There are no double negatives
You wont need a calculator

There may be more than one question on the same

topic. The right answer to a different question is the
wrong answer to the question you are currently
attempting
Read the entire question carefully, dont assume
Many wrong answers are true statements

Managerial Focus on Information Security

This is a Management Level Exam.
The way you do things in the engineering or technical sense is specific to technology.
The way management does things is specific to the BUSINESS, and this is what usually
counts.

The Exam is NOT written for your company

What is common practice at your company may not even be close to best practice
anywhere else

Consider questions as if you work somewhere else

International and Generic Approach to Exam

This is an International Exam, not country-specific
The way you do it at work is influenced by the laws and regulations of your
state or country.
That makes it right at work, but possibly wrong on the exam.
The Exam is NOT written for any Industry
What is common practice in the Government may not even be close to best
practice in a Bank or Hospital
Consider what might happen in a different industry

Golden Rules in Logic

People Safety always comes First
Policy is the key to nearly everything
Get Management buy-in to ensure success
Education/Training is essential
Everyone is responsible for Security
Anything a person can do will likely circumvent a technical control

Golden Rules for Logistics

READ THE ENTIRE QUESTION (RTFQ)!
Sometimes the KEY word is the LAST word.
This is where EXCEPT, FIRST, LAST appear.

Consider ALL FOUR answers before committing

Sometimes all four are feasible
If you can eliminate TWO of the answers, mark your initial thoughts in the book, and come back later
DO NOT OVER-ANALYZE
The question will be easier on the second pass.
RESIST changing answers unless you are SURE you mis-read the question (like missing the word NOT/EXCEPT)

Exam Strategies
TAKE FREQUENT BREAKS

Time is not your enemy, Fatigue is

No prize for finishing first

No penalty for last

Read the whole question and all answers

DONT MAKE FOOLISH MISTAKES

Rank-em
Which car will give the best mileage?
A. 12 Cylinder stretch limo
B. 4 Cylinder sub compact
C. 8 Cylinder SUV
D. 8 Cylinder Luxury Car

You might not be sure about the sequence of C and D,

but they pretty clearly come in the middle. The big
limo will be worst and the compact will be best. Note
that it is not necessary to know the exact mileage
estimates to answer the question.

Focus on Business Logic (Test is 85% non-technical)

You work for a health care provider. Your country's
privacy rules dictate large fines for any unauthorized use
of personal health information. The best way to protect
your company is via

A. Firewalls
B. Intrusion Protection Systems
C. Encryption
D. Training

There is no technical solution to an authorized user

reading data aloud over the phone.

Sequence
Which of these is not part of the development process?
A. Detail Design
B. Management Approval
C. End User Training
D. Functional Design

Even if you think all four are part of development, put

them in chronological order. That gives you B-D-A-C.
The answer has to be the first or, as in this case, the
last.

True or False
In which city did George Washington take his first oath
of office?
A. London, England
B. Chicago, Illinois
C. New York City, NY
D. San Francisco, California

Eliminate answers impossible or extremely unlikely to

be true. Neither Chicago nor San Francisco were part
of the US when Washington took office [impossible]
and London is extremely unlikely. The answer is [C]

Wrong Technology
Which of these is used to identify accidental changes
during transmission?
A.RC4
B.DES
C.RSA
D.MD5

Handle these by thinking about what the technology

does. MD5 is an integrity checker. The others are
encryption methods.

All Except
Which of the following does NOT address Integrity?
A. Biba
B. Bell-La-Padula
C. Clark-Wilson
D. Brewer-Nash

Treat these as choose 3 (the three that do address

Integrity), then fill in the circle on the other. In this
example, the answer is B. BLP is confidentiality only.

Impossible to be correct
What is the goal of Risk Management?
A. Reduce risk to zero
B. Identify a way to blame others for security failures
C. Reduce Risk to a Manageable Level
D. Transfer 90% of identified risks
E. Transfer enough risk to satisfy shareholders

Rule 1. Answers with absolutes such as all, none or a fixed

percentage are nearly always wrong. (A),(D)

Rule 2. Ethical violations or illegal activities are ALWAYS

wrong (B)
Rule 3. Answers that are too vague are nearly always
wrong (E)

Answer the question asked

1. Which is key to success
of any project?

2. Which is the first

step in any project?

A. Cost-benefit analysis
B. Management Buy-in
C. Certification and Accreditation
D. Choosing the Project Leader

Same answers, but question 1. is B, while question 2.

is A.

The right answer to a different question

is the wrong answer.

Scenario
A scenario will present a fact pattern, then several
questions based on it.
You need to read and understand the fact pattern, then
treat each question as a stand-alone event.

If the fact pattern is complex, read the questions (but

not their answers) first so that when you read the fact
pattern, the pertinent facts will stand out.

Drag-and-Drop Questions
#1 (drag-and-drop): Which of the following algorithms are examples of symmetric
cryptography. Drag and drop the correct answers from left to right.

To solve the question, simply click, drag and drop each correct answer
from the Possible Answers section to the Correct Answers box. In
this case, we should drag-and-drop AES, Blowfish and DES into the
Correct Answers box.

Hot Spot Questions

#2 (hotspot): To secure outbound connections from internal computers,
protect internal resources from inbound connections from Internet, and use a
separate DMZ segment to allow web connections from the Internet, the
security practitioner wants to deploy a single firewall. Click on the area below
where the firewall should be placed.

To solve the question, hover your mouse cursor on one of the areas on the diagram. All
available areas will light up as your mouse travels over them, and your selected answer
will stay lit when you click on it. In this case, wed want to deploy a firewall where we
could have a three legged configuration: Internet, internal (with Desktop and File
Server) and DMZ (with the Web Server).

Salient Features of CISSP training at Koenig:

The CISSP course at Koenig is conducted under the supervision

of a CISSP instructor
Focused Training on Official ISC2 CISSP CBK- 4th Edition
Specialized study notes with strong focus on exam content
Mock Test as per the pattern and difficulty level of real exam
The course has been designed to maximize success
in the tough CISSP exam

More Info
www.koenig-solutions.com
www.koenig-india.com
www.koenig-consultancy.com
www.koenig-dubai.com
www.flip-classroom.com
www.koenig-dl.com
www.flymeatrainer.com

Thank You
Kaushlendr Partap
CISSP-ISSAP | CISA |Cobit5 | ISMS LA | BCMS LI
E-Mail : kaushlendar.pratap@koenig-solutions.com