For (and from) all the newbies out there who want help for studying, there have been numerous questions about, well, questions. As in, "what's the best set of practice questions to use while studying for the exam?"
The answer is, none of them.
I have looked at an awful lot of practice question sets, and they are uniformly awful. Most try to be "hard" by bringing in trivia: that is not representative of the exam. Most concentrate on a bunch of facts: that is not representative of the exam.
So, from my own stash, collected and developed over the decades, I'm going to give you some samples that do represent the types of questions that you will probably see on the exam. Note that none of these questions will appear on the exam. You can't pass the CISSP exam by memorizing a brain dump. These will just give you a feel.
For each question I'll give the answer, what type of question this represents, and possibly ways to approach this type of question.
I'll be doing this over time, "replying" to this post to add questions. Others are free to add sample questions if they wish, but be ready to be (possibly severely) critiqued.
@dcontesti The answer presented as correct was a) Labeling.
I chose C, based on the potential legal ramifications that could present themselves in that category.
I honestly felt, while this one was definitely a headscratcher... it was one of the better practice questions I've come across. I can see the reasoning where in the end, if your sensitive information isn't labeled, the other three steps are rather moot.
if you look at the lifecycle management of any asset first is identifying, second is labelling, third is storage, retention, fourth is sanitization or deletion. so CISSP exam wants you to identify the best answer and not sometimes the correct answer. so if you go through your question. labelling is the best answer as you don't have identification, what is next? i will go with labelling. always wear a hat of a external consultant when you gives cissp exams. never wear a technical specialist and be on the troubleshooting mode when you appear for cissp.
there is no future in this question neither it is mentioned that we need protection from. what is the most important step in protecting sensitive information.
first step is identify. this guys have identified the information
second step is classify, this guys have given it an sensitive information
next step is to label and then it is storage, retention and then it is deletion.
Thanks for helping the community focus on what really should matter while preparing for the CISSP exam.
I have provisionally passed the CISSP exam yesterday and would like to especially thank @rslade and all the contributors here.
Exam was all about real life experiences and therefore further developing the concepts should be our core objective to pass the exam.
On a related note, glad that I did not waste much of my time (wasted money though) on those questions claimed to be written by subject matter experts and includes comprehensive explanations. Nothing was "comprehensive" in the exam, it was primarily based on "concepts"; which only/primarily books on the topic can help acquire. I relied heavily on all-in-one, 9th edition. Thanks again everyone.