For (and from) all the newbies out there who want help for studying, there have been numerous questions about, well, questions. As in, "what's the best set of practice questions to use while studying for the exam?"
The answer is, none of them.
I have looked at an awful lot of practice question sets, and they are uniformly awful. Most try to be "hard" by bringing in trivia: that is not representative of the exam. Most concentrate on a bunch of facts: that is not representative of the exam.
So, from my own stash, collected and developed over the decades, I'm going to give you some samples that do represent the types of questions that you will probably see on the exam. Note that none of these questions will appear on the exam. You can't pass the CISSP exam by memorizing a brain dump. These will just give you a feel.
For each question I'll give the answer, what type of question this represents, and possibly ways to approach this type of question.
I'll be doing this over time, "replying" to this post to add questions. Others are free to add sample questions if they wish, but be ready to be (possibly severely) critiqued.
I agree with you. the pains I am taking to look at every question (not to memorize however to make sure I answer it right the first time) is driving me crazy. perhaps I should just shut down all apps and keep reading.
I personally don't like this question. it boggles my brain. I got this question from a WhatsApp group to which I have subscribed and they send me questions every day. so they have 3 levels, beginner, intermediate and advanced. I chose only advanced questions. perhaps I should just unsubscribe it.
@kamalamalhotra Try to adopt a relaxed approach when preparing for an exam, with the CISSP exam it’s good to member that it’s “an inch deep and a mile wide”. You’ll be tested on you ability to interpreted, and apply judgement.
Read Security Engineering by Ross Anderson, plus select from https://www.isc2.org/certifications/References plus keeping your chin up - if you can go through the CBK and be really honest in your self assessment against the domains you can then direct your reading to cover you gaps, read, make notes, defocus for a while then look at your notes, what do you not understand? Drill into that and repeat.
Thank you for all the robust exchanges and discussions in this thread. We greatly appreciate your efforts to share your knowledge and your desire to help candidates seeking certification and (ISC)2 membership. We need to be mindful that no community user commenting on this thread is privy to (ISC)2 Exam Items. Any member attending Exam Writing Workshops agrees to not disclose contributions they make to the evolution of the exams. Moreover, any candidate taking an (ISC)2 exam agrees to not disclose Exam Items with which they are evaluated. Sharing Exam Items on the Community is also a violation of Community Guidelines.
Since this Community is an (ISC)2 property, we want to stress that that the questions proposed here are the creation of our Community Users. They should not be viewed by candidates as endorsed official educational materials aligned to any of the (ISC)2 CBKs. @rslade made this clear in his original post, but that was at the start of this very long thread.
Please make this clear in all future posts about possible cybersecurity topics or challenge questions you – as a professional – feel candidates should be able to address. To assist, we have drafted a possible statement for you to use when posing challenge questions to other users.
This question should not be viewed as an official sample question or an example of any item you may experience on an (ISC)2 exam. It is being shared as an example of subject matter I feel a candidate for (ISC)2 certification should be comfortable addressing.
Finally, to avoid any confusion or misrepresentation, we are changing the name of this discussion thread from “CISSP questions” to “Practice Questions.”
Thank you all for your cooperation and for this very popular discussion.
The fact that it is easier to find prime numbers than to factor the product of two prime numbers is fundamental to what kind of algorithm?
a. Symmetric key
b. Asymmetric key
c. Secret key
d. Stochastic key
Reference: Applied Cryptography; Schneir; pg 467.
Answer a - Symmetric key algorithm uses a single key which is not derived by factoring.
Answer b - Factoring the product of 2 prime numbers is used by RSA which is an asymmetric algorithm.
Answer c - Secret key is not an algorithm.
Answer d - Stochastic key is not an algorithm.
@rslade, I appreciate all these questions. I am scheduled to take the exam next week and have been studying with the ISC2 Official Study Guide and Exam Prep, All-in-One CISSP, Boson, Pluralsight, Cybrary, etc. I love how your question require thought rather than a vocab test. Do you have any questions around SAML and SSO?
The SAML & SSO related questions I got when I took in January were right in line with what rslade said, as were most others, know the process and the pieces involved at each step.
The Sybex guide's Practice Tests were the best for me; and, even if you didn't buy the separate Practice Tests book you can access 900 questions and 700 flashcards online through Wiley. I don't remember the exact site, but it is in your Study Guide. You just have to have your book handy because they may ask you to verify purchase by entering text from a certain page# & line#, unless you have a code for it. I spent the last week just taking those tests and then doing independent research on the areas I felt I was lacking. I also suggest using the advanced search tools/features of whatever search site you like to get results from within the last 1-2 years initially, then expand that if needed.