Not sure if this is in the right place.
I'm in the process of CISSP certification and have set an exam date of middle of next month. I have read the Official Study Guide (*th edition) and today I started with the practice tests, Chapter 9 Practice Test 1
I'm posting this because there appear to be some things in the practice test book that are not in the study guide.
- q23 refers to IDAAS - This is not mentioned in the study guide, there is a side-bar indicating a place to go for 'in-depth' details p714). With test choices of 'Identity as a Service' and 'Employee Identity as a Service', it seems obvious that the answer is 'Identity as a Service'. Not having read the definition though, the answer is effectively a guess.
- q69 OAuth 2.0 - I might have missed this in the study guide but I cant find it when I go back,. Its not in the index.
-q61 - I just guessed. Was I supposed to know that? (a pic of the internals of an open card). There is nothing about hardware identification techniques in the study guide.
-q108 - Security Content Automation Protocol - don't think this is in the study guide, at least I don't remember reading about it and cant find it in the index.
I would be interested to know of other peoples experiences.
I assumed these 2 books were partners in crime. Is there any recommendation on books that compliment the practice tests? I feel like I am missing information but don't know what it is. I also have the All in One CISSP Guide - guess I could read that from cover to cover as well.
Thank you for the strategic information - its very much appreciated. I will follow your suggestions - thanks again.
On a side note, Masters, ITIL, PMP - all done with exams that match the study material.The current process seems overly cumbersome and a little less than professional.
You need another book.
I started reading Alan Gordon's CBK. It seemed voluminous, undisciplined and bulky, but it's where I began based on (ISC)²'s recommendation. I wiped the sweat off my brow after reading that huge book, and followed it with Chapple's 8E, which helped to organize everything into neater piles.
Chapple's book covered topics that were missing from the CBK. The CBK discussed items that were not stratified by Chapple's book. Both helped me pass the exam.
To date, even though I bought it, I never cracked open the Official Practice Tests.
Thanks for the reply Eric, the replies have given me a much a better idea on how to approach the studying. The exam date is mid May so its heads down time.
Recognize that you will only need about 30% of those 'weaker' domains to pass.
"Candidates must score above the proficiency level in all Domains in order to pass the exam" [CISSP Adaptive Test FAQ]. In other words, if you fail one domain you fail the entire exam.
Don't trust any strategy that recommends going into the test before you are strong in all the domains. The adaptive test engine will find your weakness and will raise the ante another $699.
Thanks for that heads up, I will certainly take that into consideration. The issue for me was not so much areas of 'weakness', rather [what I considered to be] pedantic esoteric questions which affected my approach and strategy to the exam. I appeared to be getting approx 75% on all tests regardless of how much I study. There is no security in obscurity (though we ignore Trade Secrets) and there is no learning in obscurity either.
If it's the Sybex 8th edition study guide you're talking about, there's a section in the Introduction on page xxxix called "Notes on This Book's Organization" that outlines which book chapters align with each domain of the exam. It goes like this:
Chapters 1, 2, 3, and 4: Security and Risk Management
Chapter 5: Asset Security
Chapters 6, 7, 8, 9, and 10: Security Architecture and Engineering
Chapters 11 and 12: Communication and Network Security
Chapters 13 and 14: Identity and Access Management (IAM)
Chapters 15: Security Assessment and Testing
Chapters 16, 17, 18, and 19: Security Operations
Chapters 20 and 21: Software Development Security