Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
altoflyer
Newcomer I
‎06-10-2019 06:04 PM
‎06-10-2019 06:04 PM

Checking some answers to a practice test

I just took a practice test and I don't understand some of the answers they say are correct. Can anyone explain them? Or are the questions broken?

17. Cloud computing is based on which approach to service delivery: the answer was "Virtualization or thin client technology." My answer "virtualization" was wrong. I wasn't aware the thin client technology was part of it. Not mentioned in anything I read (that I remember) or in the class.

 

32. Information Rights management (IRM) is generally associated with the following attributes: (notice it said "attributes.")

Right answer: Data rights management, the use of role-based access control, the installation of a local client agent, and the ability to integrate with the data loss prevention (DLP) solutions

My selected answer was: Role-based access control, the installation of a local client agent, and the ability to integrate with the data loss prevention (DLP) solutions

It had everything that the "right" answer had except "data rights management." Is drm an attribute or a technology?  And besides, isn't IRM the same term as DRM?

 

65. A risk assessment is based on the following, in order:

The right answer is: Threat, vulnerability, probability, impact and risk determination.

My answer was: Vulnerability, threat, impact, probability and risk determination.

My class notes and the photo of the instructor's drawing clearly says:

Identify assets

Identify vulnerabilities

Identify threats

Identify exposure factor (impact)

Identify Likelihood (probability)

Perform qualitative risk analysis

perform quantitative risk analysis.        which means that my selected answer was correct. Thoughts?

 

135: Generally, there are two types of cooling, and the return air temperature is based on:

The right answer: Latent cooling (remove moisture) and sensible cooling (remove heat),and the temperature is measured at the inlet point.

Well that's just wrong. The air temperature is measured as it exits the room, not as it enters the room. My selected answer was: Latent cooling (remove moisture) and sensible cooling (remove heat),and the temperature is measured at the exhaust point.

Thoughts?

 

Reply
0 Kudos
14 Replies
altoflyer
Newcomer I
‎06-12-2019 12:18 PM
‎06-12-2019 12:18 PM

Thanks for your time to look at and think about these questions I had. I do understand and agree with the process for risk management. I'm just irritated that what we were taught is not what was in the ISC2 materials. These questions are binary: they are right or wrong. So we need to learn it the way it will be asked on the test.

But hey, I passed my test! So, yay. 🙂
Reply
0 Kudos
altoflyer
Newcomer I
‎06-12-2019 12:22 PM
‎06-12-2019 12:22 PM

I completely agree. Unfortunately I had assumed that the class material was aligned with ISC2 material and had learned that. The book was very difficult to read since it was way too wordy and repetitive. They could use a very good copy editor. Think of Hemingway's sparse prose style, or of Edith Wharton going through her manuscripts and deleting the adjectives.

Thank you for your time to look at my questions and provide your thoughts; I really appreciate it.

And hey, I passed the test!!! YAY!
Reply
0 Kudos
AlecTrevelyan
Community Champion
‎06-13-2019 06:59 AM
‎06-13-2019 06:59 AM

Congratulations and welcome to the CCSP club!

 

I agree with what the others are saying in that these questions in the original post are badly written. For anyone else looking at CCSP practice tests, I'd highly recommend the CCSP Official (ISC)2 Practice Tests:

 

https://www.isc2.org/Training/Self-Study-Resources#accordion-64c669e893ce4e1ea9eb5ea78312cfec

 

These were written by @Ben_Malisow who is an active member on here and responds to queries you might have about the book or specific questions in the book in this thread:

 

https://community.isc2.org/t5/Certifications/CCSP-Practice-Questions/m-p/5891#M1029

 

Reply
Ben_Malisow
Contributor II
‎06-13-2019 07:51 AM
‎06-13-2019 07:51 AM

Thanks for the kind words, Alec! Yes, I'd be glad to offer any insight to issues that you might have with any of the questions from the book.

Reply
0 Kudos
Steve-Wilme
Advocate II
‎06-14-2019 08:06 AM
‎06-14-2019 08:06 AM

I'm afraid that's the trick to passing these tests, like all recall based testing.  Personally I think it'd be far more valuable if the tests were applied to more typical real world scenarios, rather than being a case of selecting the best or least worst answers, but that'd require a lot of human judgement in assessing, so I can't see it happening.  There are other InfoSec professional bodies you can join that do require written exams and face to face interview in which you are grilled about your experience.  

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
0 Kudos