WHAT IS THE CISSP?
The CISSP is a different type of exam.
It takes dedication, drive, focus and a willingness to never give up.
It’s 6 hours and contains 250 mind-bending, confidence-destroying, doubt-yourself questions testing your security concepts, and your patience.
It’s not a technical exam – you won’t be configuring OSPF or hacking with a Kali box.
It’s not about memorizing every chapter in a study guide.
All it takes is knowing the concepts.
It’s not impossible. You can definitely pass it.
KNOWING THE CONCEPTS
If you know the concept of how something works, you can understand it in all it’s forms.
If you know how to drive a car, you know how to drive all cars. Some may be an automatic, while others a manual, but the concept is the same. You sit, accelerate to drive, press the brake to stop, and change gear to reverse.
The concept of driving a car remains the same.
This is how the CISSP exam works.
If you know the concepts, you can answer any question correctly.
What is the BEST way to prevent SQL Injection attacks?
A. Web-application firewall
A. Web-application firewall A web-application firewall could probably do a pretty good job of preventing SQL Injection attacks.
C. Defense-in-depth Practicing a well structured defense-in-depth program may also prevent SQL intrusions into your internal network.
D. Fuzzing – Fuzzing is good too, but…
The answer is B.
SDLC, the software development life cycle is a tested and verified framework to create programs or applications by incorporating security from the very beginning of development.
The best way to prevent vulnerabilities of any kind, not just SQL Injections, is to keep security in mind every step of the way, especially at the beginning.
Choices A. C. and D are taking precautions for SQL Injections after a software program has been deployed into a production environment.
A successful SQL Injection attack allows an attacker to gain access to your backend database with the ability to view or modify. This can be devastating to an organization.
Viewing a database would be a breach of confidentiality.
Modifying the database is compromising it’s integrity.
Deleting the database would affect it’s availability.
Confidentiality. Integrity. Availability.
These are the three cornerstone concepts of information security. Whenever you study your guides, take practice questions, or take the CISSP exam, remember that the ultimate goal is to balance confidentiality, integrity, and availability.
That is how you pass the exam.
“Crack the CISSP” A collection of study experiences from successful candidates
Original scenario-based “Practice Questions” with detailed explanations to explain the concepts
Enjoy our “Study Resources” – it is all copyright-free material. I do not condone the sharing of copyright material as it violates the CISSP Code of Ethics
Check our Forum for discussions of practice questions and other general CISSP info
THANK YOU FOR VISITING
You could’ve been anywhere else on the Internet for your CISSP needs, but you chose to come here, I thank you for that.
If this site helps just one person pass the CISSP, that alone will be the driving force for me to continue what I’m doing.
Thank you again.
Luke Ahmed, CISSP