Re: Official Study Guide - Official Practice Tests...

Ray_1 · ‎04-14-2020

Hi,

Not sure if this is in the right place.

I'm in the process of CISSP certification and have set an exam date of middle of next month. I have read the Official Study Guide (*th edition) and today I started with the practice tests, Chapter 9 Practice Test 1

I'm posting this because there appear to be some things in the practice test book that are not in the study guide.

For example,

- q23 refers to IDAAS - This is not mentioned in the study guide, there is a side-bar indicating a place to go for 'in-depth' details p714). With test choices of 'Identity as a Service' and 'Employee Identity as a Service', it seems obvious that the answer is 'Identity as a Service'. Not having read the definition though, the answer is effectively a guess.

- q69 OAuth 2.0 - I might have missed this in the study guide but I cant find it when I go back,. Its not in the index.

-q61 - I just guessed. Was I supposed to know that? (a pic of the internals of an open card). There is nothing about hardware identification techniques in the study guide.

-q108 - Security Content Automation Protocol - don't think this is in the study guide, at least I don't remember reading about it and cant find it in the index.

I would be interested to know of other peoples experiences.

I assumed these 2 books were partners in crime. Is there any recommendation on books that compliment the practice tests? I feel like I am missing information but don't know what it is. I also have the All in One CISSP Guide - guess I could read that from cover to cover as well.

Cheers

Ray

InfoSecular · ‎04-15-2020

I suggest that you get comfortable with the IDEA that you will not be able to map every question to some text in the guides. From my experience I will attest that most of the questions are within the guides along with the shon harris all-in-1 series. But not all.

The biggest hurdle is time. I suggest that you study the most on your strongest domains for apx 50% of your time(for me it was 3 months then a boot camp) ... so study EVERYTHING in your strongest domains until you eliminate those domains as a possible reason for a failure to pass. Get your 3 to 5 domains down so cold that the other 50% of the questions are lifted up.

Having taken a few courses on such tests I can say that there will likely be some questions that will blow you away. Don't spend more than a minute or two on each question. Remember if you can get 50% of the questions in about 45 to 60 seconds you will have plenty oftime to struggle through the remainder (100 + questions). Recognize that you will only need about 30% of those 'weaker' domains to pass.

Ray_1 · ‎04-15-2020

Thank you for the strategic information - its very much appreciated. I will follow your suggestions - thanks again.

On a side note, Masters, ITIL, PMP - all done with exams that match the study material.The current process seems overly cumbersome and a little less than professional.

ericgeater · ‎04-16-2020

You need another book.

I started reading Alan Gordon's CBK. It seemed voluminous, undisciplined and bulky, but it's where I began based on (ISC)²'s recommendation. I wiped the sweat off my brow after reading that huge book, and followed it with Chapple's 8E, which helped to organize everything into neater piles.

Chapple's book covered topics that were missing from the CBK. The CBK discussed items that were not stratified by Chapple's book. Both helped me pass the exam.

To date, even though I bought it, I never cracked open the Official Practice Tests.

-----------
A claim is as good as its veracity.

Ray_1 · ‎04-16-2020

Thanks for the reply Eric, the replies have given me a much a better idea on how to approach the studying. The exam date is mid May so its heads down time.

Cheers

Ray

ericgeater · ‎04-18-2020

From an old community theater aficionado, break a leg!!

-----------
A claim is as good as its veracity.

denbesten · ‎04-19-2020

@InfoSecular wrote:
Recognize that you will only need about 30% of those 'weaker' domains to pass.

"Candidates must score above the proficiency level in all Domains in order to pass the exam" [CISSP Adaptive Test FAQ]. In other words, if you fail one domain you fail the entire exam.

Don't trust any strategy that recommends going into the test before you are strong in all the domains. The adaptive test engine will find your weakness and will raise the ante another $699.

Ray_1 · ‎04-20-2020

Thanks for that heads up, I will certainly take that into consideration. The issue for me was not so much areas of 'weakness', rather [what I considered to be] pedantic esoteric questions which affected my approach and strategy to the exam. I appeared to be getting approx 75% on all tests regardless of how much I study. There is no security in obscurity (though we ignore Trade Secrets) and there is no learning in obscurity either.

Thanks again,

Cheers

Ray

Arshad_AM · ‎07-19-2020

If it's the Sybex 8th edition study guide you're talking about, there's a section in the Introduction on page xxxix called "Notes on This Book's Organization" that outlines which book chapters align with each domain of the exam. It goes like this:

Chapters 1, 2, 3, and 4: Security and Risk Management
Chapter 5: Asset Security
Chapters 6, 7, 8, 9, and 10: Security Architecture and Engineering
Chapters 11 and 12: Communication and Network Security
Chapters 13 and 14: Identity and Access Management (IAM)
Chapters 15: Security Assessment and Testing
Chapters 16, 17, 18, and 19: Security Operations
Chapters 20 and 21: Software Development Security

Official Study Guide - Official Practice Tests: Subject matter is noticably different