cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Practice Questions

Right.

 

For (and from) all the newbies out there who want help for studying, there have been numerous questions about, well, questions.  As in, "what's the best set of practice questions to use while studying for the exam?"

 

The answer is, none of them.

 

I have looked at an awful lot of practice question sets, and they are uniformly awful.  Most try to be "hard" by bringing in trivia: that is not representative of the exam.  Most concentrate on a bunch of facts: that is not representative of the exam.

 

So, from my own stash, collected and developed over the decades, I'm going to give you some samples that do represent the types of questions that you will probably see on the exam.  Note that none of these questions will appear on the exam.  You can't pass the CISSP exam by memorizing a brain dump.  These will just give you a feel.

 

For each question I'll give the answer, what type of question this represents, and possibly ways to approach this type of question.

 

I'll be doing this over time, "replying" to this post to add questions.  Others are free to add sample questions if they wish, but be ready to be (possibly severely) critiqued.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
322 Replies
kamalamalhotra
Newcomer III

I agree with you. the pains I am taking to look at every question (not to memorize however to make sure I answer it right the first time) is driving me crazy. perhaps I should just shut down all apps and keep reading.

kamalamalhotra
Newcomer III

I personally don't like this question. it boggles my brain. I got this question from a WhatsApp group to which I have subscribed and they send me questions every day. so they have 3 levels, beginner, intermediate and advanced. I chose only advanced questions. perhaps I should just unsubscribe it. 

 

 

Early_Adopter
Community Champion

@kamalamalhotra Try to adopt a relaxed approach when preparing for an exam, with the CISSP exam it’s good to member that it’s “an inch deep and a mile wide”. You’ll be tested on you ability to interpreted, and apply judgement.

 

Read Security Engineering by Ross Anderson, plus select from https://www.isc2.org/certifications/References plus keeping your chin up - if you can go through the CBK and be really honest in your self assessment against the domains you can then direct your reading to cover you gaps, read, make notes, defocus for a while then look at your notes, what do you not understand? Drill into that and repeat.

 

 

Baller152
Newcomer I

I think any questions help you to prepare.
rslade
Influencer II

In what way does the Rivest-Shamir-Adleman algorithm differ from the Data
Encryption standard?

a. It is based on a symmetric algorithm.
b. It uses a public key for encryption.
c. It eliminates the need for a key-distribution center.
d. It cannot produce a digital signature.

Answer: b.

Reference: Applied Cryptography; Bruce Schneter; pg 467, 270.

“a.” is wrong because it is based on an asymmetric algorithm.
“b” the RSA algorithm was the first full-fledged public-key algorithm that is used
for encryption and digital signatures.
“c.” is wrong because often a third party creates & distributes the key pairs;
thereby acting as a key distribution center.
“d.” is wrong because it can produce a digital signature.

======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
AndreaMoore
Community Manager

All,

 

Thank you for all the robust exchanges and discussions in this thread. We greatly appreciate your efforts to share your knowledge and your desire to help candidates seeking certification and (ISC)2 membership. We need to be mindful that no community user commenting on this thread is privy to (ISC)2 Exam Items. Any member attending Exam Writing Workshops agrees to not disclose contributions they make to the evolution of the exams. Moreover, any candidate taking an (ISC)2 exam agrees to not disclose Exam Items with which they are evaluated. Sharing Exam Items on the Community is also a violation of Community Guidelines. 

 

Since this Community is an (ISC)2 property, we want to stress that that the questions proposed here are the creation of our Community Users. They should not be viewed by candidates as endorsed official educational materials aligned to any of the (ISC)2 CBKs. @rslade made this clear in his original post, but that was at the start of this very long thread. 

 

Please make this clear in all future posts about possible cybersecurity topics or challenge questions you – as a professional – feel candidates should be able to address. To assist, we have drafted a possible statement for you to use when posing challenge questions to other users.

 

This question should not be viewed as an official sample question or an example of any item you may experience on an (ISC)2 exam. It is being shared as an example of subject matter I feel a candidate for (ISC)2 certification should be comfortable addressing. 

 

Finally, to avoid any confusion or misrepresentation, we are changing the name of this discussion thread from “CISSP questions” to “Practice Questions.”

 

Thank you all for your cooperation and for this very popular discussion.




ISC2 Community Manager
rslade
Influencer II

The fact that it is easier to find prime numbers than to factor the product of two prime numbers is fundamental to what kind of algorithm?

 

a. Symmetric key
b. Asymmetric key
c. Secret key
d. Stochastic key

 

Answer: b.

 

Reference: Applied Cryptography; Schneir; pg 467.

 

Discussion:

 

Answer a - Symmetric key algorithm uses a single key which is not derived by factoring.
Answer b - Factoring the product of 2 prime numbers is used by RSA which is an asymmetric algorithm.
Answer c - Secret key is not an algorithm.
Answer d - Stochastic key is not an algorithm.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Baller152
Newcomer I

@rslade, I appreciate all these questions.  I am scheduled to take the exam next week and have been studying with the ISC2 Official Study Guide and Exam Prep, All-in-One CISSP, Boson, Pluralsight, Cybrary, etc.  I love how your question require thought rather than a vocab test.  Do you have any questions around SAML and SSO?

rslade
Influencer II

> Baller152 (Viewer II) mentioned you in a post! Join the conversation below:

> @rslade, I appreciate all these questions.

Kind of you to say so.

>  I am scheduled to take the exam
> next week and have been studying with the ISC2 Official Study Guide and Exam
> Prep, All-in-One CISSP, Boson, Pluralsight, Cybrary, etc.  I love how your
> question require thought rather than a vocab test.

The thing is, as you say, most of the so-called "practice" tests you see on the
market are, again, as you say, vocab or trivia tests. The CISSP exam is not. It
concentrates on your understanding of the concepts.

>  Do you have any questions
> around SAML and SSO?

Well, we could start off with:

Which of the following could be considered a single point of failure within single
sign-on?

a. The user’s workstation
b. The authentication server
c. The application server
d. The login script

Answer: b.

Reference: Mastering Network Security; Brenton; pg 393-394.

Discussion:

Answer a - the user could use any available workstation.
Answer b - the authentication server is a single point of failure.
Answer c - the application could reside on the application server or multiple
workstations.
Answer d - the logon script & configuration files can be backed up.

In terms of SAML, again, think of the basic concepts. You shouldn't have to
memorize every little detail of SAML: just know that it uses asymmetric
encyption, has an identity provider (aka KDC in Kerberos), and uses Assertion
Consumer Service (aka tickets).

(There's another SSO question earlier in this topic.)

======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Startzc
Newcomer III

The SAML & SSO related questions I got when I took in January were right in line with what rslade said, as were most others, know the process and the pieces involved at each step.

 

The Sybex guide's Practice Tests were the best for me; and, even if you didn't buy the separate Practice Tests book you can access 900 questions and 700 flashcards online through Wiley. I don't remember the exact site, but it is in your Study Guide. You just have to have your book handy because they may ask you to verify purchase by entering text from a certain page# & line#, unless you have a code for it. I spent the last week just taking those tests and then doing independent research on the areas I felt I was lacking. I also suggest using the advanced search tools/features of whatever search site you like to get results from within the last 1-2 years initially, then expand that if needed.

 

Good luck!