Things to remember for exam - Page 2

RobertEng · ‎09-20-2021

Hi everyone,

I'm curious to know how do you remember the port number information, which tool to use when scanning for vulnerabilities? I'm really bad in domain 6 and hope can have someone to guide me in this chapter.

Thank you very much.

Regards,

Robert

brford · ‎01-10-2022

As a working professional I don't think that the list of protocols and their associated ports is excessive. I would be concerned if a CISSP level co-worker could not recognize authentication, web browsing, DNS resolution, file transfers, and email exchanges when looking at an analyzer or trace. The CBK is not asking a candidate to memorize port 1-1024.

BrianF · ‎01-13-2022

I agree. You need to know the well-known, reserved, and the underlying services / apps that use them. IE: Your dev team sends in a request to open port 21. You should know what they are trying to do and get very involved with the request, issue, and ultimate resolution.

Likewise, you need to be able to understand penetration testing reports (at the very least).

At the end of the day, all of the technical understanding required for a CISSP should complement your ability to manage risks. What makes it hard is it is technical, it's managerial, and you need to understand the legal and operational aspects of a business and industries. You are resource of information to the stakeholders and that includes your ability to understand the technical aspects of risks to the business.