cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
RobertEng
Newcomer I

Things to remember for exam

Hi everyone,

I'm curious to know how do you remember the port number information, which tool to use when scanning for vulnerabilities? I'm really bad in domain 6 and hope can have someone to guide me in this chapter.

Thank you very much.

Regards,

Robert

11 Replies
Steve-Wilme
Advocate II

Remembering TCP port numbers comes with experience/familiarity.  It'd be common over time to know which ports common service like  FTP, SSH, Telnet, SMTP, TACACS, DNS, HTTP, Kerberos, LDAP etc run on.  In terms of tools for scanning you might also want to look at C|EH.

 

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
junghyun
Newcomer I

21, 22, 23, 25, 49, 53, 80, 88, and 389 (i think)
BrianF
Newcomer III

Everyone learns differently but I think that if you really don't know any of them, you should try flash cards, quizzes, and maybe even dig in a little further and open up a firewall to test with and configure them, adding notes as you do it. I think it is more important to know the differences between port types, and what is secure and not secure. TCP vs UDP. FTP, SFTP, SSH, etc. 

 

There are also some videos if you search for them that could help but since they are with another cert body I will not publish the links directly in here. 

 

Good luck!

RobertEng
Newcomer I

Hi Brian,

Really appreciate your advice.

That's such an eye opener to me.

Thank you so much.

Regards,

Robert

RobertEng
Newcomer I

Hi Junghyun,
Really appreciate for sharing.
Are you preparing for your exam as well?
I hope to be able to join a study group.
Thank you.
Regards,
Robert
EequalsMC2
Newcomer I

Youtube

CISSP Exam Cram has some great videos on memory mnemonics for the exam - Frameworks, models, ports, encryptions, hashing, etc.

 

I never really understood why the "Managerial" CISSP needs to get down in the weeds about port numbers and protocols.

 

 

Rule 0 - Have a good inventory of assets

Rule 1 - Scan for open Ports

Rule 2 - Close off unused Ports

Rule 3 - If you don't understand this, get yourself a good network manager and pay them well

swh5a01
Newcomer I

Hi Robert, 

 

This is Sam from Taiwan. I would shared some of the ideas how I prepared the Domain 6 on the exam.

 

First of all, we need to make it clear on why we need to do the assessment and testing for the security operations. It was because we need to ensure the controls are in good and acceptable manner after we applied it.

 

For my point of view, you are not need to remember which tools to do what, but only need to know if we need to ensure the system was hardened well, we should check the port that remain opened with the tool called Nmap. And we need to know why we need the third-party compliance audit, because we are doing well and we need to told others that we are doing really well on the compliance. 

 

Hope the above could help you build some idea on the Domain 6 and I just passed the exam on 14th. 

 

Please let me know if you need any help on the discussion and I would love to shared with you all. 

 

Regards,

SAM CHAN

brford
Newcomer I

A wise man once told me that when preparing for a certification exam and reading the exam objectives if a protocol is mentioned there it is a good thing to know that protocol and it's associated port number(s).  That advice has never let me down.

EequalsMC2
Newcomer I

A better question is why does a modern cyber security profession need to
know that? Why use another stump the chump question instead of a question
that tests critical thinking.