《Practice for the CISSP Exam.ppt》由会员分享,可在线阅读,更多相关《Practice for the CISSP Exam.ppt(13页珍藏版)》请在三一办公上搜索。
1、Practice for the CISSP Exam,Steve Santy,MBA,CISSPIT Security Project ManagerIT Networks and Security,2,Overview,Exam OverviewA Few Words Regarding Preparation and StrategyPractice QuestionsAnswers to Practice Questions,3,Exam Overview,Covers the Ten CBK Domains:Information Security and Risk Manageme
2、ntAccess ControlCryptographyPhysical(Environmental)SecuritySecurity Architecture and DesignBusiness Continuity and Disaster Recovery PlanningTelecommunications and Network Security,4,Exam Overview(continued),Covers the Ten CBK Domains(continued):Application SecurityOperations SecurityLegal,Regulatio
3、ns,Compliance and Investigations250 Multiple Choice QuestionsMust earn a scaled score of 70%or greater6 Hours to Complete(including snack and comfort breaks),5,Preparation and Strategy,Verify your Eligibility to Become a CISSP(ISC)2 web site,especially CISSP Candidate Information BookletChoose a Stu
4、dy GuideE.g.(ISC)2 Guide to CISSP CBKShon Harris CISSP All-in-One Exam Guide,4th Edition,6,Prep and Strat(continued),Each Book Above Includes a CD-ROM Test EngineAnswer as many as you can80%average Group Study RecommendedIntensive“Boot Camps”Both official and unofficial availableLots of$Designed for
5、 people who have already studied the material thoroughly!,7,Prep and Strat(continued),Exam GradingYou must only get an average(scaled score)of 70%on the entire exam,not a 70%on each CBK domain within the exam.i.e.Your strong areas may very well compensate for one weak areaTry to average at least 80%
6、in all domains when studying/practicingYou must pick the best answer according to(ISC)2;they grade the exam!,8,Practice Questions,Consideration for which type of risk assessment to perform includes all of the following except:Culture of the organizationBudgetCapabilities of resourcesLikelihood of ex
7、posure,9,Practice Questions(continued),What are the three types of access control?Administrative,physical,and technicalIdentification,authentication,and authorizationMandatory,discretionary,and least privilegeAccess,management,and monitoring,10,Practice Questions(continued),The two methods of encryp
8、ting data are:Substitution and transpositionBlock and streamSymmetric and asymmetricDES and AES,11,Practice Questions(continued),Which of the following is a principal security risk of wireless LANs?Lack of physical access controlDemonstrably insecure standardsImplementation weaknessesWar driving,12,Practice Questions(continued),Computer forensics is really the marriage of computer science,information technology,and engineering with:LawInformation systemsAnalytical thoughtThe scientific method,13,References,http:/www.isc2.org/Official Guide to the CISSP CBK,Auerbach Press,
