CISSP For Dummies. Peter H. Gregory

Скачать книгу

Registering for the Exam

      The CISSP exam is administered via computer-adaptive testing at local Pearson VUE testing centers worldwide. To register for the exam, go to the (ISC)² website (https://www.isc2.org/Register-For-Exam) and click the Register link, or go directly to the Pearson VUE website (www.pearsonvue.com/isc2).

      On the Pearson VUE website, you first need to create an account for yourself; then you can register for the CISSP exam, schedule your test, and pay your testing fee. You can also locate a nearby test center, take a Pearson VUE testing tutorial, practice taking the exam (which you should definitely do if you’ve never taken a computer-based test, and then download and read the (ISC)² nondisclosure agreement (NDA).

       Download and read the (ISC)² NDA when you register for the exam. Sure, the text is legalese, but it isn’t unusual for CISSPs to be called upon to read contracts, license agreements, and other “boring legalese” as part of their information security responsibilities, so get used to reading it (and also get used to not signing legal documents without actually reading them)! You’re given five minutes to read and accept the agreement at the start of your exam, but why not read the NDA in advance so that you can avoid the pressure and distraction on exam day and simply accept the agreement? If you don’t accept the NDA in the allotted five minutes, your exam will end, and you’ll forfeit your exam fees!

When you register, you’re required to quantify your relevant work experience, answer a few questions regarding any criminal history and other potentially disqualifying background information, and agree to abide by the (ISC)² Code of Ethics.

      The current exam fee in the United States is $749. You can cancel or reschedule your exam by contacting Pearson VUE by telephone at least 24 hours in advance of your scheduled exam or online at least 48 hours in advance. The fee to reschedule is $50. The fee to cancel your exam appointment is $100.

       If you fail to show up for your exam or you’re more than 15 minutes late for your exam appointment, you’ll forfeit your entire exam fee!

       Great news! If you’re a U.S. military veteran and are eligible for Montgomery GI Bill or Post-9/11 GI Bill benefits, the Veterans Administration will reimburse you for the full cost of the exam, whether you pass or fail. In some cases, (ISC)² Official Training Providers also accept the GI Bill for in-person certification training.

About the CISSP Examination

      The CISSP examination itself is a grueling 3-hour, 100- to 150-question marathon. To put that into perspective, in three hours, you could run an actual (mini) marathon, watch Gone with the Wind, Titanic, or one of the Lord of the Rings movies, or cook a 14 pound turkey. Each of these feats, respectively, closely approximates the physical, mental (not intellectual), and emotional toll of the CISSP examination.

      The CISSP exam is an adaptive exam, which means that the test changes based on how you’re doing. The exam starts out relatively easy and gets progressively harder as you answer questions correctly. That’s right; The better you do on the exam, the harder it gets. But that’s not a bad thing! Think of it as being like skipping a grade in school because you’re smarter than the average bear. The CISSP exam assumes that if you can answer harder questions about a given topic, logically, you can answer easier questions about that same topic, so why waste your time?

You’ll have to answer a minimum of 100 questions. After you’ve answered the minimum number of questions, the testing engine will either conclude the exam (if it determines with 95 percent confidence that you’re statistically likely to pass or fail the exam) or continue asking up to a maximum of 150 questions until it reaches 95 percent confidence in either result. If you answer all 150 questions, the testing engine will determine whether you passed or failed based on your answers. If you run out of time (exceed the 3-hour time limit) but have answered the minimum number of questions (100), the testing engine will determine whether you passed or failed based on your answers to the questions you completed.

      The CISSP exam contains 25 pre-test items. They are included for research purposes only. (Taking the test is kind of like being a test dummy — for dummies.) The exam doesn’t identify which questions are real and which are trial questions, however, so you’ll have to answer all questions truthfully and honestly and to the best of your ability!

      There are three types of questions on the CISSP exam:

       Multiple choice: Select the best answer from four choices, as in this example:Which of the following is the FTP control channel?A: TCP port 21B: UDP port 21C: TCP port 25D: IP port 21The FTP control channel is port 21, but is it TCP, UDP, or IP?

       Drag and drop: Drag and drop the correct answer (or answers) from a list of possible answers on the left side of the screen to a box on the right side of the screen. Here’s an example:Which of the following are message authentication algorithms? Drag and drop the correct answers from left to right.© John Wiley & Sons, Inc.MD5, SHA-2, and HMAC are all correct. You must drag and drop all three answers to the box on the right for the answer to be correct.

       Hotspot: Select the object in a diagram that best answers the question, as in this example:Which of the following diagrams depicts a relational database model?© John Wiley & Sons, Inc.Click one of the four panels to select your answer choice.

      As described by (ISC)², you need a scaled score of 700 (out of 1000) or better to pass the examination. All three question types are weighted equally, but not all questions are weighted equally. Harder questions are weighted more heavily than easier questions, so there’s no way to know how many correct answers are required for a passing score. But wait — it gets even better! On the adaptive exam, you no longer get a score when you complete the CISSP exam; you’ll get either a pass or fail result. Think of this situation as being like watching a basketball game with no scoreboard or a boxing match with no indication of who’s winning until the referee raises the victor’s arm.

      All questions on the CISSP exam require you to select the best answer (or answers) from the choices presented. The correct answer isn’t always a straightforward, clear choice. (ISC)² goes to great pains to ensure that you really, really know the material.

       A common, effective test-taking strategy for multiple-choice questions is to read each question carefully and eliminate any obviously wrong choices. The CISSP examination is no exception.

Wrong choices aren’t necessarily obvious on the CISSP examination. You may find a few obviously wrong choices, but they stand out only to someone who has studied thoroughly for the exam.

      The Pearson VUE computer-adaptive, 3-hour, 100- to 150-question version of the CISSP examination is currently available only in English. If you prefer to take the CISSP exam in Chinese (simplified — the language, not the exam), French, German, Japanese, Korean, Portuguese, or Spanish because that’s your native language (or if you don’t speak the language but really want to challenge yourself), you’ll have to take a form-based,

Скачать книгу