CISSP

Discussion in 'OT Technology' started by twenty, Feb 12, 2010.

  1. twenty

    twenty resident nerd

    Joined:
    Jan 19, 2008
    Messages:
    88
    Likes Received:
    0
    Location:
    Canada
    I figured this would be the most approperiate place to make this thread, if there is a better forum then please move it..

    Has anyone on here taken the ISC² CISSP exam? I will be writing it in just over two weeks and wondering if you have any tips other then the obvious...

    I'm using these books as study materials:

    ExamCram CISSP CBK Second Edition
    ISBN 0-7897-3806-6

    ExamCram CISSP Practice Questions Second Edition
    ISBN 0-7897-3807-4

    Sybex CISSP Study Guide Fourth Edition
    ISBN 978-0-470-27688-4

    I also have some seminar materials directly from (ISC)². My routine lately has been to review every night: one CBK from each book, followed by 100 practice questions. Seems to be going well so far, I'm just counting down the days now..
     
  2. thekraft

    thekraft New Member

    Joined:
    Mar 2, 2005
    Messages:
    710
    Likes Received:
    0
    I have no idea, but good luck. :-D
     
  3. FormulaLS1

    FormulaLS1 Member

    Joined:
    Nov 14, 2006
    Messages:
    519
    Likes Received:
    0
    A bunch of my friends have taken it and passed...

    Do you have someone to sponsor your CISSP and have enough experience?

    It's weird though everyone says it takes a lot of studying because the material is extremely dry.
     
  4. twenty

    twenty resident nerd

    Joined:
    Jan 19, 2008
    Messages:
    88
    Likes Received:
    0
    Location:
    Canada
    I have half a dozen people who are willing to sponser me, so no problem there. As for the 5 years experience working in a security environment, I don't have this so I will have my CISSP Associate, at which time I do have a full 5 years my full CISSP will be granted to me.

    Not so much that it's dry...rather that the exam is explained to be a mile wide and only a couple inches deep. Some of the content is actually pretty interesting (for me anyways).
     
  5. hash browns

    hash browns lolcathlon champion OT Supporter

    Joined:
    Aug 20, 2004
    Messages:
    95,387
    Likes Received:
    84
    Location:
    Manhattan Beach, CA
    passed a few years ago
     
  6. twenty

    twenty resident nerd

    Joined:
    Jan 19, 2008
    Messages:
    88
    Likes Received:
    0
    Location:
    Canada
    Any insight/tips?
     
  7. hash browns

    hash browns lolcathlon champion OT Supporter

    Joined:
    Aug 20, 2004
    Messages:
    95,387
    Likes Received:
    84
    Location:
    Manhattan Beach, CA
    do you have an existing technical background?

    if you do, you should have an easier time going through the domains than someone from a policy background

    keep in mind that your answers need to be consistent with the CBK way of approaching things, even if you may disagree. i.e. how do they want me to answer question _______?
     
  8. hash browns

    hash browns lolcathlon champion OT Supporter

    Joined:
    Aug 20, 2004
    Messages:
    95,387
    Likes Received:
    84
    Location:
    Manhattan Beach, CA
  9. twenty

    twenty resident nerd

    Joined:
    Jan 19, 2008
    Messages:
    88
    Likes Received:
    0
    Location:
    Canada
    My background is basically technical; just this past year I've started working on policies and business practices. Sounds like my vast technical background will work to my advantage.

    Sorry, what is this? I can't seem to access it..
     
  10. hash browns

    hash browns lolcathlon champion OT Supporter

    Joined:
    Aug 20, 2004
    Messages:
    95,387
    Likes Received:
    84
    Location:
    Manhattan Beach, CA
    the cryptography and networking technology subjects are domain areas where non-technical people tend to struggle

    also, keep in mind that even though there are ten domains in the CBK, the questions are not uniformly distributed amongst these subjects
     
  11. twenty

    twenty resident nerd

    Joined:
    Jan 19, 2008
    Messages:
    88
    Likes Received:
    0
    Location:
    Canada
    To cover the cryptography part, I've already done a certification at the local college a year ago that heavily involved cryptography. I also have my CCNA, so that will assist with the networking portion.

    Thanks for all the tips and suggestions, their much appreciated! Keep 'em coming!
     
  12. hash browns

    hash browns lolcathlon champion OT Supporter

    Joined:
    Aug 20, 2004
    Messages:
    95,387
    Likes Received:
    84
    Location:
    Manhattan Beach, CA
    please elaborate on that?...

    cryptography "in practice" or the actual math and science of cryptography, ciphers and cryptanalysis?
     
  13. hash browns

    hash browns lolcathlon champion OT Supporter

    Joined:
    Aug 20, 2004
    Messages:
    95,387
    Likes Received:
    84
    Location:
    Manhattan Beach, CA
    .
     
  14. twenty

    twenty resident nerd

    Joined:
    Jan 19, 2008
    Messages:
    88
    Likes Received:
    0
    Location:
    Canada
    Cryptography in practice; learning about different algorithms like DES/3DES/AES, in-depth analysis of how cryptography works, implementation scenarios, etc. I wouldn't call myself a cryptography expert by any means... when people ask if I know the difference between symmetric and asymmetric, I can at least answer with confidence.
     
  15. hash browns

    hash browns lolcathlon champion OT Supporter

    Joined:
    Aug 20, 2004
    Messages:
    95,387
    Likes Received:
    84
    Location:
    Manhattan Beach, CA
    probably good enough for the CISSP crypto area, but doesn't sound very in-depth at all

    keep in mind that, to me, AES is not actually an algorithm, but just a title for the algorithm winning NIST's challenge...
    i.e. the AES is actually Rijndael

    you don't need to know how galois fields and numeric growth work to answer CISSP examination questions on crypto
     
  16. twenty

    twenty resident nerd

    Joined:
    Jan 19, 2008
    Messages:
    88
    Likes Received:
    0
    Location:
    Canada
    Out of the 10 CBK's, I'd have to say crypto is my least favorite. If I posses enough knowledge to get by this CBK, I'm a happy man. :)
     
  17. hash browns

    hash browns lolcathlon champion OT Supporter

    Joined:
    Aug 20, 2004
    Messages:
    95,387
    Likes Received:
    84
    Location:
    Manhattan Beach, CA
    make sure you can do the business impact assessment stuff
    it's very easy, but make sure you can do it
     
  18. twenty

    twenty resident nerd

    Joined:
    Jan 19, 2008
    Messages:
    88
    Likes Received:
    0
    Location:
    Canada
    Cool, noted.
     
  19. hash browns

    hash browns lolcathlon champion OT Supporter

    Joined:
    Aug 20, 2004
    Messages:
    95,387
    Likes Received:
    84
    Location:
    Manhattan Beach, CA
    physical security question were not in abundance when i took the exam.

    make sure you remember the basics, such as deterrence distances for things like fence heights... how areas might need to be lit...

    you'll probably end up memorizing these and end up seeing only a handful of questions in this domain
     
  20. twenty

    twenty resident nerd

    Joined:
    Jan 19, 2008
    Messages:
    88
    Likes Received:
    0
    Location:
    Canada
    I just finished reviewing the Physical Security CBK and memorized most of that stuff surprisingly just from reading it twice over... 8 ft fences with three strands of barb wire at a 45 degree = best deterrent.
     
  21. SubOptimal

    SubOptimal New Member

    Joined:
    Jun 27, 2002
    Messages:
    4,410
    Likes Received:
    0
    Shit like that is why I stopped studying for the CISSP. Too much crap that no one in IT needs to know, which takes the fun out of learning it. Great cert to get to get a job since it's pretty much standard, but I'll be damned if there aren't some worthless questions on it.
     
  22. hash browns

    hash browns lolcathlon champion OT Supporter

    Joined:
    Aug 20, 2004
    Messages:
    95,387
    Likes Received:
    84
    Location:
    Manhattan Beach, CA
    Yup.
     
  23. LinuxRacr

    LinuxRacr New Member

    Joined:
    Oct 26, 2006
    Messages:
    814
    Likes Received:
    0
    Location:
    North Texas
    A friend of mine got his CompTIA Security + cert first because it covers a lot of the domains. He said it covered enough, that he didn't even study back over those parts before he took the CISSP exam, and passed. Following his advise, I'm getting my Security + first, and then tackling the CISSP. Here is the book I have for CISSP studying (and the same one my friend used):

    CISSP All-in-One Exam Guide, Fifth Edition



    [​IMG]
     

Share This Page