[Pauldotcom] CISSP Study Strategy?
pj_mcgarvey at hotmail.com
Thu Jun 3 20:03:26 UTC 2010
Very timely subject for me. I'll be in Baltimore next week at SANS taking the cissp prep course. Then I'm taking the exam later in the month. Email me after next week and I can let you know what I thought of the course.
I've spent the last 2-3 months or so reading all of the Shon Harris book, pretty much every available moment I've had during the day has been spent reading. Most of it is familiar topics, but areas like Risk Mgmt and Application Security are not, so I need to work harder to prepare in those areas. I've taken the sample questions at the end of each chapter and test questions at cccure.org. So far they seem to indicate I'll do well. I'll be taking the ones at the end of the ISC2 book after my boot camp.
I think it clicked for me at some point as I was taking the sample questions... Shon says the questions are "conceptual" and you are trying to give the best answer not necessarily the correct one. Didn't know what that meant at first, but I think you need to get past reading too much into a question, and think about "what are they really asking me". Try to think in the larger sense of the question, as it applies to one of the 10 domains. There were some questions that I completely disagreed with the correct answer, but only a handful... There are apparently questions that will straight out ask you how many bits of encryption are in a particular cipher... so be aware of that.
More information about the Pauldotcom