Skip to content

Instantly share code, notes, and snippets.

@BatteryCandy

BatteryCandy/CISSP-Study.md

Created November 8, 2019 14:06
Show Gist options
  • Save BatteryCandy/91fee25fb4411041290983c539ea6242 to your computer and use it in GitHub Desktop.
Save BatteryCandy/91fee25fb4411041290983c539ea6242 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CISSP-Study.md

How I passed the CISSP

Studying

  • The CISSP is a "mile wide and an inch deep." Don't learn everything. Focus on concepts. Only exception to this rule is Crypto and Physical security. Memorize that stuff.
  • The easeiest way to understand the test is to follow the domain structure and use it as a mental scaffolding with which you hang knolwedge.
  • I used a version of this book: https://www.amazon.com/Official-ISC-Guide-CISSP-Press/dp/1482262754
  • Reading the book is super dull and you will hate yourself if you try and read cover to cover. In fact just about every review says the same thing. The point they miss is that this book has EVERYTHING YOU NEED. That's why you should not read it all.
  • Take out some paper, open the book and go through each domain creating an outline of the domain > paragraph headings > 3-5 spaces for bullet points.
  • Leave the spaces for later. You can fill it in after your first practice exam.
  • After I completed outlining the book, I took a full 150 question practice exam. Review all the questions you missed and which domain they belong to. These are your weakest domains and the areas you need to build on. Don't study your best domains until maybe a day or two before the test.
  • As you go back and study the things you don't know, use those spaces in each paragraph to put the most useful info down. - Try and summarize the high concepts.
  • Try to average 100 questions a week for the 4 weeks leading up to the exam if you want to really get in the zone of taking stupid multiple choice tests.
  • Two nights before the exam take a second full exam. This should be your gauge on what's left to focus on before the exam.
  • I highly encourage taking your alloted break during the exam to get up, have a drink of "water" and then walk around for a minute. Get that blood flowing again after being stuck in the sensory deprivation testing room.

Practice Exams

  • The CISSP is desinged to have you select the BEST answer. In many cases there are multiple correct answers but you must select the best to get credit.
  • If you've been working in the industry for a while, security or not, DO NOT rely on your experience. This is a book test for nerds, not a real life exam.
  • They added new sections. On my exam I had to pick where the best place would be to put a firewall(s) on a standard 2 tier network diagram. Surprise suprise they want the firewall(s) on the edge of the network and one segregating the DMZ from the internal network. I also had to match terms. Yawn.
  • You will get a stupid question about fire extinguishers, and "Amazon's problem" is not one of the choices, so memorize your fire extinguisher classes.
  • You will get questions about hashes vs encryption. If crypto is not your thing, memorize this crap. Create two tables one for hash algorithms and one for encryption algorithms. Yes they will be dumb and ask about two fish.
  • You will get aksed about symmetric vs asymmetric keys and block size - keep on memorizin'

Question Banks

Domains

Domains Average Weight

  1. Security and Risk Management 15%
  2. Asset Security 10%
  3. Security Architecture and Engineering 13%
  4. Communication and Network Security 14%
  5. Identity and Access Management (IAM) 13%
  6. Security Assessment and Testing 12%
  7. Security Operations 13%
  8. Software Development Security 10%
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment