cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer I

Re: CCSP: Inconsistencies between ISC2's Official CBK & Study Guide 2nd edition

Could you please clarify the following statements on Pg 98 of the CBK:

"Volume storage encryption requires that the encrypted data reside on volume storage. This is typically done through an encrypted container, which is mapped as a folder or volume.
Instance-based encryption allows access to data only through the volume OS and
therefore provides protection against the following:
"

Is the encryption of the data stored in the volume done in the Container (ex: Docker?) that is running on the (VM?) Instance that is processing this data?

Where is the "Volume Storage Encryption" occurring in the following picture (from pg 88 fig 2.7)?IaaS Storage Types.png

Contributor I

Re: CCSP: Inconsistencies between ISC2's Official CBK & Study Guide 2nd edition

I can't, personally-- I didn't write the CBK, and that area isn't my strong suit. But hopefully someone else on the forum can address that question.

Community Champion

Re: CCSP: Inconsistencies between ISC2's Official CBK & Study Guide 2nd edition

The good news for you is that you recognize the subtleties in the scenario which will bode well for you when you actually sit for the CCSP. You certainly must keep that inquisitive leaning up!

 


@ccsp_preper wrote:

Study Guide says on pg 27 in Answer to Q#2 of the Assessment test:

" D. The primary beneft to the customer of using Infrastructure as a Service (IaaS) is the transfer of cost of ownership. In a cloud environment, the customer uses and is billed only for what they use as opposed to the full cost of implementation, saving them a signifcant amount in terms of cost of ownership. While scalability, metered service, and energy and cooling effciencies are a part of the beneft of a cloud computing environment, they are not the primary beneft or business driver behind IaaS adoption."

Official CBK says on pg 445 that  " a. Metered and priced on the basis of units consumed" is the key benefit provided to an IaaS customer.

Which of these answers is accurate?

 

Another inconsistency in the Study Guide:

Figure 3.1 on pg 73 is not consistent with Figure 4.1 on pg 96 which shows "use" before "store" in the Data Lifecycle.


 

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC
Community Champion

Re: CCSP: Inconsistencies between ISC2's Official CBK & Study Guide 2nd edition


@ccsp_preper wrote:

Thanks denbesten for sharing your perspective. I am in agreement that they are both equally good answers. My frustration is with ISC2's different answers to the same question in two of its "official" publications:

The Official Study Guide answers this Question with "D. Transfer of ownership cost"

When using an Infrastructure as a Service (IaaS) solution, what is the key benefit for the customer?
A. Scalability
B. Metered service
C. Energy and cooling efficiencies
D. Transfer of ownership cost

 

While the CBK answers this Question with "a. Metered and priced usage on the basis of units consumed"

When using an IaaS solution, what is a key beneft provided to the customer?
a. Metered and priced usage on the basis of units consumed
b. The ability to scale up infrastructure services based on projected usage
c. Increased energy and cooling system effciencies
D. Transferred cost of ownership

 

Both the Questions look the same to me. Any help to identify the subtle differences in the semantics that can to determine the best option would be much appreciated :-).

Could anyone who has taken the exam please comment on the appearance of such questions on the exam and any tips on how best to answer them.


The 2 questions are asking different things. I have highlighted the difference in red. I am also explaining this difference based on the fact you stated these are CBT questions and not actual exam questions.

 

In question 1 all 4 answers are A benefit, but only D is the KEY benefit.

Question 2 is a little more ambiguous so I will answer it like this

Answer A would probably apply to most everyone who adopts IaaS.

Answer B, Maybe not everyone who uses IaaS would need to scale so it would carry less weight than A

Answer C, This again may not apply to everyone, so while for some it may save lots of money it may not affect everyone so again would carry less weight than A

Answer D is a little harder to explain but again does it apply to everyone in equal weights? If you were to average all of the people going to IaaS THE KEY benefit would be D, but if you considered it on an individual basis, it may carry less weight than A.

 

As far as taking the exam you can see in my deductive reasoning how I narrowed question 2 down to the 2 best choices and then tried to find out the best choice between those 2 remaining ones. For the exam you will have to read the questions very carefully and then try to pick the best answer based on the question given to you, not based on the previous question(s). The thing that makes the CISSP exam unique is that they don't just give you 1 right and 3 wrong answers, they give you multiple correct answers and you have to determine the best answer based on the way the question is worded and the situation they have given you.

Newcomer I

Re: CCSP: Inconsistencies between ISC2's Official CBK & Study Guide 2nd edition

Having taken and passed more than one exam rather comfortably, I totally agree that 70% is a very generous benchmark when you do the math and recognize your margin irregardless of "bad" or "in development" questions. I clearly remember questions that in my mind clearly seemed to be "in development", but that in no way impacted my ability to take and pass the exam(s).

Newcomer I

Re: CCSP: Inconsistencies between ISC2's Official CBK & Study Guide 2nd edition

 

Well said.

 

 

 

 

 

Newcomer I

Re: CCSP: Inconsistencies between ISC2's Official CBK & Study Guide 2nd edition

Sorry, I was referring this to this post and forgot to quote it:

 

"You are going to hate the answer, but both are likely correct, for a number of reasons:

 

  • The two statements are not in direct conflict. The first states that a customer will not necessarily purchase IAAS because of its metered-service nature, whereas the second states that a salesman strongly touts metered-service (likely as a "cost savings").  Changes in perspective often changes priorities.
  • Context matters.  In one business, the primary business driver may be that IAAS does not require capital investment.  Others are interested in seasonally scaling.  Still others focus on making maintenance somebody else's problem.   Neither you, I nor any book can dictate which is more important -- it depends on what the business is looking for.
  • Security is not an industry filled with absolutes and black-and-white decisions.  It is more an art of balancing competing objectives to identify the solution that best meets those that are most important.   To pick the best answer, one needs to read the entire question, carefully consider all of the answers and pick the the most correct (or the least wrong) from the choices given.

Bringing it down to earth...  When my employer subscribed to Office 365, we did so knowing that our costs would go up.  Our primary drivers were eliminating a variety of outdated products and giving our user base a consistent, evergreen experience.  Understanding the metering was critical for us to forecast our costs, but little else.  On the other hand, my mom's PC only got Office 365 when I had a spare seat in my family plan that I could give her for "free".  In other words, metering was the primary driver for my mom, but unimportant to my employer."