> Owais2669 (Viewer) posted a new topic in Exam Preparation on 09-09-2020 05:29 AM
> I am aware that this topic is one the most asked
Oh, yeah.
> but after reading those posts i have gotten into a confusion and if possible
> need some guidance on how to approach it. Â Its mentioned many times that CISSP
> is not about memorization. I am coming from a networking background (i am
> already a CCIE).
Well, that may be a bit of a problem: the CCIE (and others) *ARE* about
memorization, so you hae to get out of that mindset. (Also, I found that Cisco
people tended to have problems in the CISSP seminars: too much "drinking the
[Cisco] koolaid.")
> I am currently using 8th Ed of Sybex official study guide. Now
> in chapter 19, there was a question that explicitly asked about how a statement
> is written in the CISSP cannons. If i hadnt memorized it (which i didnt and got
> it wrong) i will get it wrong right?
OK, I'm having a really hard time parsing that bit. However, I will say that if
you've got something wrong on a Sybex test I would *NOT* worry about it.
However, since you mention canons (the CISSP doesn't deal with artillery), I
assume that you mean the canons of the ISC2 code of ethics. In that case, then,
yes, I would memorize the fact that the four canons are that you have a duty to 1)
society, 2) ethics itself, 3) your employer, and 4) the security profession IN
THAT ORDER. (In other words, if your employer asks you to do something
wrong, your duty to society supercedes your duty to your employer.)
> Also for software engineering, there are
> lots of stuff provided in lists. Like 12 points or 4 points of this etc. If i
> dont memorize them and they ask like which step comes before design phase etc
> how will anyone be able to answer if he is not from a software engineering
> world. If i understand everything properly, there is no way (atleast for me)
> to remember the things in their correct order without memorizing them? does it
> make me poor candidate or bad practice?
OK, yes, lots of the security source material will have lists of stuff in order. You
need to understand the concepts and the flow, not the the specific lists. Lots of
SDLC lists will have differing numbers of steps, and even differing names for the
different steps. What you need to understand is that, regardless of the number of
steps, or the name given to the step, testing (or assessment, or code check) comes
*after* coding (because how can you test something that doesn't exist yet?), but
*before* release (because it is stupid and even unethical to release something that
you haven't tested to see if it is safe and effective). (Shades of vaccine trials,
anyone?)
You have to understand the concepts and the foudnational principles. If you
don't, then all the memorization in the world will not get you through the exam.
Read "Security Engineering."
http://www.cl.cam.ac.uk/~rja14/book.htmlCheck out the questions at
https://community.isc2.org/t5/Exams/CISSP-questions/m-p/18626====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
This is not spam. - the first sentence in most recent spam
victoria.tc.ca/techrev/rms.htm
http://twitter.com/rsladehttp://blogs.securiteam.com/index.php/archives/author/p1/https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
............
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
