cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Owais2669
Viewer

CISSP Preparation - Need a bit advice

Dear Respected members, 

 

I am aware that this topic is one the most asked but after reading those posts i have gotten into a confusion and if possible need some guidance on how to approach it.

 

Its mentioned many times that CISSP is not about memorization. I am coming from a networking background (i am already a CCIE). I am currently using 8th Ed of Sybex official study guide. Now in chapter 19, there was a question that explicitly asked about how a statement is written in the CISSP cannons. If i hadnt memorized it (which i didnt and got it wrong) i will get it wrong right?

 

Also for software engineering, there are lots of stuff provided in lists. Like 12 points or 4 points of this etc. If i dont memorize them and they ask like which step comes before design phase etc how will anyone be able to answer if he is not from a software engineering world.

 

If i understand everything properly, there is no way (atleast for me) to remember the things in their correct order without memorizing them? does it make me poor candidate or bad practice? 

 

Please advise and all my queries are just humble queries. Please accept my apologies if my tone sounded harsh or something which i never meant to do

4 Replies
JKWiniger
Community Champion

@Owais2669 I can understand where you are coming from and the misunderstanding you are seeing. While I am one of those who have said it is about comprehension, memorization is needed as well. I think it would have been better to have said it is not JUST about memorization, but also a level of comprehension is needed. Since you have a CCIE let's look at it from that stand point. You have no choice but to memorize the OSI layers, but just memorizing them is not enough, you need to comprehend how they interact with each other. Imagine you have a question that asks at what layer something happens, you might have the answer memorized, but if you don't but have the ability to think through the layers and figure out what layer would handle what is being asked you got it!

 

John-

chialc2017
Newcomer I

For my exam, there is also maths questions. Given a scenario and some parameters, you would need to calculate and then make the most reasonable choice.

 

In fact, for my case, one of the maths question, came out 3 times (in the same exam).

When I says same, it's actually identical.

 

This particular question (not identical thou) came out in AWS solution architect professional exam too.

That's why I'm very familiar with the calculation and answer.

 

Good luck!

rslade
Influencer II

> Owais2669 (Viewer) posted a new topic in Exam Preparation on 09-09-2020 05:29 AM

>     I am aware that this topic is one the most asked

Oh, yeah.

> but after reading those posts i have gotten into a confusion and if possible
> need some guidance on how to approach it.   Its mentioned many times that CISSP
> is not about memorization. I am coming from a networking background (i am
> already a CCIE).

Well, that may be a bit of a problem: the CCIE (and others) *ARE* about
memorization, so you hae to get out of that mindset. (Also, I found that Cisco
people tended to have problems in the CISSP seminars: too much "drinking the
[Cisco] koolaid.")

> I am currently using 8th Ed of Sybex official study guide. Now
> in chapter 19, there was a question that explicitly asked about how a statement
> is written in the CISSP cannons. If i hadnt memorized it (which i didnt and got
> it wrong) i will get it wrong right?

OK, I'm having a really hard time parsing that bit. However, I will say that if
you've got something wrong on a Sybex test I would *NOT* worry about it.

However, since you mention canons (the CISSP doesn't deal with artillery), I
assume that you mean the canons of the ISC2 code of ethics. In that case, then,
yes, I would memorize the fact that the four canons are that you have a duty to 1)
society, 2) ethics itself, 3) your employer, and 4) the security profession IN
THAT ORDER. (In other words, if your employer asks you to do something
wrong, your duty to society supercedes your duty to your employer.)

>   Also for software engineering, there are
> lots of stuff provided in lists. Like 12 points or 4 points of this etc. If i
> dont memorize them and they ask like which step comes before design phase etc
> how will anyone be able to answer if he is not from a software engineering
> world.   If i understand everything properly, there is no way (atleast for me)
> to remember the things in their correct order without memorizing them? does it
> make me poor candidate or bad practice?

OK, yes, lots of the security source material will have lists of stuff in order. You
need to understand the concepts and the flow, not the the specific lists. Lots of
SDLC lists will have differing numbers of steps, and even differing names for the
different steps. What you need to understand is that, regardless of the number of
steps, or the name given to the step, testing (or assessment, or code check) comes
*after* coding (because how can you test something that doesn't exist yet?), but
*before* release (because it is stupid and even unethical to release something that
you haven't tested to see if it is safe and effective). (Shades of vaccine trials,
anyone?)

You have to understand the concepts and the foudnational principles. If you
don't, then all the memorization in the world will not get you through the exam.

Read "Security Engineering."
http://www.cl.cam.ac.uk/~rja14/book.html

Check out the questions at
https://community.isc2.org/t5/Exams/CISSP-questions/m-p/18626

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
This is not spam. - the first sentence in most recent spam
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
abhattac5
Newcomer III


As they say, this test is "five miles long and two inches deep" - a lot of material, individually not that bad, but in total a veritable mountain to keep in mind. It's not impossible though - you just need a good plan and lots (and lots) of reinforcement. For me, doing lots (and lots) of flashcard drilling, practice questions, and practice tests really made the difference.

If you'd like to read about my experience, feel free to here.
https://community.isc2.org/t5/CISSP-Study-Group/Passing-the-CISSP-My-Experience-Oct-2021/m-p/48366#M...

Hope that helps. Good luck!