Looking for some help please.
I am studying for CISSP and doing so I am reading the (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition in conjunction with the Pearson Practice Test: CISSP (updated 2022).
However, I am struggling to find some of the answers from the practice test within the study guide.
Question Id : CISSP-2018-RA-3-07-278;
In which phase of embedded device analysis are checksums utilized?
According to the study guide, checksums are referenced but in a different manner to how this question is phrased.
Please can someone give me advice as to what I am missing here..... maybe I have been studying too much my brain as turned mushy
unfortunately, you may not always find the answers in the material. In the past, (ISC)2's policy was not to teach the exam.
If the policy is still in place, it would be understandable that some test questions would not relate back to a study guide.
The practice tests and study guides are created by Education - so unfortunately I cannot respond as Education and Exams can't talk as Diana is correct - we can't teach the test.
@AndreaMoore - can you get someone from Education to respond?
It appears you are mixing study materials, which is not necessarily a bad thing. As the name suggests, the Official Study Guide 9th Ed. is an official publication of (ISC)2. The question you reference does not appear to be part of our official education offering, so I'm not sure of the additional context in that question or the feedback that is provided.
This is a greart opportunity to go outside the study materials for some extra research. I ran the question through the AI engine ChatGPT, which provided a solid response (this time*). "Checksums are typically used in the static analysis phase of embedded device analysis. In this phase, the binary code of the device's firmware is examined without executing it. This can include computing checksums of the firmware to verify its integrity and authenticity, as well as analyzing the code for signs of malicious activity or vulnerabilities." The question is not intended to test if you know what a checksum is. It is to see if you know when a checksum is and isn't used in real applications.
I said at the beginning that this is not necessarily a bad thing - (ISC)2 exams do not test your ability to repeat information as learned. They are designed to test your understanding of a situation and applying that knowledge to real life to choose the best response. When working on practice exams, it is very important to understand the feedback provided and fully comprehend why the correct answers are correct and why the incorrect answers are not.
* Disclaimer: Sometimes this requires going to multiple sources to choose the best possible answer and to ensure that your sources are providing accurate information.