WHAT IS THE CISSP?

The CISSP is a different type of exam.

It takes dedication, drive, focus and a willingness to never give up.

It’s 6 hours and contains 250 mind-bending, confidence-destroying, doubt-yourself questions testing your security concepts, and your patience.

It’s not a technical exam – you won’t be configuring OSPF or hacking with a Kali box.

It’s not about memorizing every chapter in a study guide. 

All it takes is knowing the concepts.

It’s not impossible.  You can definitely pass it.

KNOWING THE CONCEPTS

If you know the concept of how something works, you can understand it in all it’s forms.

If you know how to drive a car, you know how to drive all cars.  Some may be an automatic, while others a manual, but the concept is the same.  You sit, accelerate to drive, press the brake to stop, and change gear to reverse.

The concept of driving a car remains the same.

This is how the CISSP exam works.  

If you know the concepts, you can answer any question correctly.

Example

What is the BEST way to prevent SQL Injection attacks?

A.  Web-application firewall

B.  SDLC

C.  Defense-in-depth

D.  Fuzzing

A.  Web-application firewall A web-application firewall could probably do a pretty good job of preventing SQL Injection attacks.  

C.  Defense-in-depth Practicing a well structured defense-in-depth program may also prevent SQL intrusions into your internal network.  

D.  Fuzzing – Fuzzing is good too, but…

The answer is B.   

SDLC, the software development life cycle is a tested and verified framework to create programs or applications by incorporating security from the very beginning of development.

The best way to prevent vulnerabilities of any kind, not just SQL Injections, is to keep security in mind every step of the way, especially at the beginning. 

Choices A. C. and D are taking precautions for SQL Injections after a software program has been deployed into a production environment.

A successful SQL Injection attack allows an attacker to gain access to your backend database with the ability to view or modify.  This can be devastating to an organization.  

Viewing a database would be a breach of confidentiality.  

Modifying the database is compromising it’s integrity.

Deleting the database would affect it’s availability.

Confidentiality.  Integrity.  Availability.

These are the three cornerstone concepts of information security.  Whenever you study your guides, take practice questions, or take the CISSP exam, remember that the ultimate goal is to balance confidentiality, integrity, and availability. 

That is how you pass the exam.

 

STUDY RESOURCES

Click here to join the study group

Crack the CISSP”  A collection of study experiences from successful candidates

Original scenario-based “Practice Questions” with detailed explanations to explain the concepts

Enjoy our “Study Resources” – it is all copyright-free material. I do not condone the sharing of copyright material as it violates the CISSP Code of Ethics

Check our Forum for discussions of practice questions and other general CISSP info

 

Other Resources

5 Tips For Passing The CISSP Exam

 Thought I'd share some of my top tips for passing the CISSP exam. #5 Read and Relate "I don't understand, I…

read more

Where Do I Start Studying for the CISSP?

It's been about 3 years since the Facebook group "CISSP Exam Preparation" has been going, and going strong.     There…

read more

CISSP Study Plan Questions

Whether you're planning a war or buying a house, you need a strategy.  A plan of attack.  The same goes…

read more

Free CISSP MindMaps by Matheus

You can read about how Matheus cracked his CISSP exam here: How Matheus Cracked His CISSP Exam He also created…

read more

Free CISSP Summary PDF

I was the first person in the CISSP testing center, arriving about 45 minutes early.  The day had come! I…

read more

Some Quick Security Terms

Thanks to Ashok for these must know security terms!  But remember, the CISSP isn't a test of memorization, it's a…

read more

THANK YOU FOR VISITING

You could’ve been anywhere else on the Internet for your CISSP needs, but you chose to come here, I thank you for that.  

If this site helps just one person pass the CISSP, that alone will be the driving force for me to continue what I’m doing.  

Thank you again.

Luke Ahmed, CISSP

Search