Right.
For (and from) all the newbies out there who want help for studying, there have been numerous questions about, well, questions. As in, "what's the best set of practice questions to use while studying for the exam?"
The answer is, none of them.
I have looked at an awful lot of practice question sets, and they are uniformly awful. Most try to be "hard" by bringing in trivia: that is not representative of the exam. Most concentrate on a bunch of facts: that is not representative of the exam.
So, from my own stash, collected and developed over the decades, I'm going to give you some samples that do represent the types of questions that you will probably see on the exam. Note that none of these questions will appear on the exam. You can't pass the CISSP exam by memorizing a brain dump. These will just give you a feel.
For each question I'll give the answer, what type of question this represents, and possibly ways to approach this type of question.
I'll be doing this over time, "replying" to this post to add questions. Others are free to add sample questions if they wish, but be ready to be (possibly severely) critiqued.
I agree with Rob, not a great question. There is something missing in the stem.
In this case A and C could be equally correct.
My nickel
d
@rslade wrote:
OK, first off, all acronyms need to be spelled out in full, for a legitimate question.
Secondly, "study guides," official or otherwise, are not source security literature,
and therefore are not eligible as refernce material.
Final grade: D-
====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
For many companies security is like salt, people just sprinkle it
on top.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
The fact that acronyms need to be spelled out is reassuring. Does that happen in every question that contains them, in the exam?
Please note that you posted several questions containing acronyms that were not spelled out (page 2 of this thread for example).
On the Study Guide not usable as reference: sure, I understand. I don't think this makes the question and answer wrong, though. The concept is clearly explained.
Thanks for your comment, but I don't think that A and C could be equally right.
C (Memorandum Of Understanding) is the MOST right.
Mutual assistance agreement (MAA) is an agreement where two organizations pledge to assist each other in the event of a disaster. Assist each other is slightly different than work together. In the case of a cold site, each organization may simply maintain some open space in its processing facilities for the other organization to use in the event of a disaster. This is clearly different than working together.
@dcontesti wrote:I agree with Rob, not a great question. There is something missing in the stem.
In this case A and C could be equally correct.
My nickel
d
@rslade wrote:
Which of the following has the objective to control and manage data from a
central location?
a. Databases
b. Data dictionaries
c. Data access methods
d. Data storage
Answer: b.
Please pardon my ignorance, why b more than a?
@Vigenere wrote:
> Thanks for your comment, but I don't think that A and C could be equally right.
> C (Memorandum Of Understanding) is the MOST right.
> Mutual assistance agreement (MAA) is an agreement where two organizations pledge to assist each other in > the event of a disaster. Assist each other is slightly different than work together. In the case of a cold site, each organization may simply maintain some open space in its processing facilities for the other organization > to use in the event of a disaster. This is clearly different than working together.
___________________________________________________
So your question does not ask about a MAA it asks about a Mutual agreement. When writing items, the item writer understands what they have in their mind however the test taker does not have the luxury of speaking with the item writer during the exam.
When entering into a legal transaction, a corporation or a person has two options available, i.e. an agreement or memorandum of understanding. An agreement refers to concordance between the legally competent parties, which is generally negotiated. Conversely, an MOU is a type of agreement between legally competent parties, which is non-binding in nature. So both entities work together towards a common goal, one typically legal and the other not but they both work together toward a common goal.
An MoU typically leads to a mutual agreement. So with out some additional guidance in the question, I still believe A and C could be correct.
This is why a study guide is a bad reference
Diana
@gidyn wrote:
@rslade wrote:
Which of the following has the objective to control and manage data from a
central location?
a. Databases
b. Data dictionaries
c. Data access methods
d. Data storage
Answer: b.Please pardon my ignorance, why b more than a?
A database is simply an organized, searchable file of records containing data elements, each element configured for required and allowable values, including length, character content, embedded file types allowed, etc.
A data dictionary is a meta-document describing in great detail the parameters and uses for named data elements. Data dictionaries are essential to translating across similar, or perceived identical, data elements across databases.
For instance in the USA we have governmental subdivisions, States, some of which officially call themselves commonwealths. A data dictionary would describe the data element STATE as referring only to any one of the 50 States & Commonwealths; the 50 States & Commonwealths plus the District of Columbia; the 50 States & Commonwealths, District of Columbia, plus US territories; or the 50 States & Commonwealths, District of Columbia, US Territories, and US Protectorates; or the 50 States & Commonwealths, District of Columbia, US Territories, and US Protectorates, as well as all recognized Native American (Indian) reservations or territories.
Further, the data dictionary would list the various allowed values for the data element field, with instructions for translation if a given database does not allow all of those options. For State, the sets of allowed values are the full spelled out name, e.g. Connecticut, New Mexico, Alaska; the two-character US Postal System code, e.g. CT, NM, AK; the traditional abbreviations, e.g. Conn., N.M. or N. Mex., Alaska; ANSI 2-digit codes, e.g. 09, 35, 02. (https://en.wikipedia.org/wiki/List_of_U.S._state_and_territory_abbreviations)
Data dictionaries describing the various allowed or possible values for a given data element are essential for central management across multiple cross-linked or communicating databases, and affect both the DB-to-DB interfaces of code as well as influencing the human-computer interface design for optimum usability and utility of the overall system. For instance, the screen interface for the States field may be a dropdown pick-list displaying the fully spelled out names for human users to see, but a translation table would store the two-digit ANSI code in the record for each selection.
Craig
@rslade wrote:
...
Does anybody (except me) even remember what a data dictionary is?...
Grandpa Rob,
Of course, a few of us graybeards (greybeards?) do:
https://community.isc2.org/t5/Exams/CISSP-questions/m-p/38736#M1114
Historically, I had the pleasure of trying to deal with the U.S. Department of Defense Data Dictionary during the 1980's. Reconciling nominally identical data elements among personnel, geo-facilities, and operational planning data systems was, shall we say, challenging.
Craig