《Practice for the CISSP Exam.ppt》由会员分享,可在线阅读,更多相关《Practice for the CISSP Exam.ppt(13页珍藏版)》请在三一文库上搜索。
1、Practice for the CISSP Exam,Steve Santy, MBA, CISSP IT Security Project Manager IT Networks and Security,2,Overview,Exam Overview A Few Words Regarding Preparation and Strategy Practice Questions Answers to Practice Questions,3,Exam Overview,Covers the Ten CBK Domains: Information Security and Risk
2、Management Access Control Cryptography Physical (Environmental) Security Security Architecture and Design Business Continuity and Disaster Recovery Planning Telecommunications and Network Security,4,Exam Overview (continued),Covers the Ten CBK Domains (continued): Application Security Operations Sec
3、urity Legal, Regulations, Compliance and Investigations 250 Multiple Choice Questions Must earn a scaled score of 70% or greater 6 Hours to Complete (including snack and comfort breaks),5,Preparation and Strategy,Verify your Eligibility to Become a CISSP (ISC)2 web site, especially CISSP Candidate I
4、nformation Booklet Choose a Study Guide E.g. (ISC)2 Guide to CISSP CBK Shon Harris CISSP All-in-One Exam Guide, 4th Edition,6,Prep and Strat (continued),Each Book Above Includes a CD-ROM Test Engine Answer as many as you can 80% average Group Study Recommended Intensive “Boot Camps” Both official an
5、d unofficial available Lots of $ Designed for people who have already studied the material thoroughly!,7,Prep and Strat (continued),Exam Grading You must only get an average (scaled score) of 70% on the entire exam, not a 70% on each CBK domain within the exam. i.e. Your strong areas may very well c
6、ompensate for one weak area Try to average at least 80% in all domains when studying / practicing You must pick the best answer according to (ISC)2; they grade the exam!,8,Practice Questions,Consideration for which type of risk assessment to perform includes all of the following except: Culture of t
7、he organization Budget Capabilities of resources Likelihood of exposure,9,Practice Questions (continued),What are the three types of access control? Administrative, physical, and technical Identification, authentication, and authorization Mandatory, discretionary, and least privilege Access, managem
8、ent, and monitoring,10,Practice Questions (continued),The two methods of encrypting data are: Substitution and transposition Block and stream Symmetric and asymmetric DES and AES,11,Practice Questions (continued),Which of the following is a principal security risk of wireless LANs? Lack of physical
9、access control Demonstrably insecure standards Implementation weaknesses War driving,12,Practice Questions (continued),Computer forensics is really the marriage of computer science, information technology, and engineering with: Law Information systems Analytical thought The scientific method,13,References,http:/www.isc2.org/ Official Guide to the CISSP CBK, Auerbach Press,