CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide. Gibson Darril
Чтение книги онлайн.
Читать онлайн книгу CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide - Gibson Darril страница 4
To maximize your test-taking activities, here are some general guidelines:
■ Answer easy questions first.
■ Skip harder questions, and return to them later. Either use the CBT bookmarking feature or jot down a list of question numbers in a PBT.
■ Eliminate wrong answers before selecting the correct one.
■ Watch for double negatives.
■ Be sure you understand what the question is asking.
Manage your time. You should try to complete about 50 questions per hour. This will leave you with about an hour to focus on skipped questions and double-check your work. Be sure to bring food and drink to the test site. You will not be allowed to leave to obtain sustenance. Your food and drink will be stored for you away from the testing area. You can eat and drink at any time, but that break time will count against your total time limit. Be sure to bring any medications or other essential items, but leave all things electronic at home or in your car. Wear a watch, but make sure it is not a programmable one. If you are taking a PBT, bring pencils, a manual pencil sharpener, and an eraser. We also recommend bringing foam ear plugs, wearing comfortable clothes, and taking a light jacket with you (some testing locations are a bit chilly).
If English is not your first language, you can register for one of several other language versions of the exam. (ISC)2 no longer allows dictionaries of any kind during the exam, this exclusion applies to translation dictionaries as well.
Occasionally, small changes are made to the exam or exam objectives. When that happens, Sybex will post updates to its website. Visit www.sybex.com/go/cissp7e before you sit for the exam to make sure you have the latest information.
We recommend planning for a month or so of nightly intensive study for the CISSP exam. Here are some suggestions to maximize your learning time; you can modify them as necessary based on your own learning habits:
■ Take one or two evenings to read each chapter in this book and work through its review material.
■ Answer all the review questions and take the practice exams provided in the book and in the test engine. Complete the written labs from each chapter, and use the review questions for each chapter to help guide you to topics for which more study or time spent working through key concepts and strategies might be beneficial.
■ Review the (ISC)2’s Exam Outline: Candidate Information Bulletin from www.isc2.org.
■ Use the flashcards included with the study tools to reinforce your understanding of concepts.
We recommend spending about half of your study time reading and reviewing concepts and the other half taking practice exams. Students have reported that the more time they spent taking practice exams, the better they retained test topics. You might also consider visiting online resources such as www.cccure.org and other CISSP-focused websites.
Once you have been informed that you successfully passed the CISSP certification, there is one final step before you are actually awarded the CISSP certification. That final step is known as endorsement. Basically, this involves getting someone who is a CISSP, or other (ISC)2 certification holder, in good standing and familiar with your work history to submit an endorsement form on your behalf. The endorsement form is accessible through the email notifying you of your achievement in passing the exam. The endorser must review your resume, ensure that you have sufficient experience in the eight CISSP domains, and then submit the signed form to (ISC)2 digitally or via fax or post mail. You must have submitted the endorsement files to (ISC)2 within 90 days after receiving the confirmation-of-passing email. Once (ISC)2 receives your endorsement form, the certification process will be completed and you will be sent a welcome packet via USPS.
If you happen to fail the exam, you may take the exam a second time, but you must wait 30 days. If a third attempt is needed, you must wait 90 days. If a fourth attempt is needed, you must wait 180 days. You can attempt the exam only three times in any calendar year. You will need to pay full price for each additional exam attempt.
(ISC)2 has three concentrations offered only to CISSP certificate holders. The (ISC)2 has taken the concepts introduced on the CISSP exam and focused on specific areas, namely, architecture, management, and engineering. These three concentrations are as follows:
Information Systems Security Architecture Professional (ISSAP) Aimed at those who specialize in information security architecture. Key domains covered here include access control systems and methodology; cryptography; physical security integration; requirements analysis and security standards, guidelines, and criteria; technology-related aspects of business continuity planning and disaster recovery planning; and telecommunications and network security. This is a credential for those who design security systems or infrastructure or for those who audit and analyze such structures.
Information Systems Security Management Professional (ISSMP) Aimed at those who focus on management of information security policies, practices, principles, and procedures. Key domains covered here include enterprise security management practices; enterprise-wide system development security; law, investigations, forensics, and ethics; oversight for operations security compliance; and understanding business continuity planning, disaster recovery planning, and continuity of operations planning. This is a credential for professionals who are responsible for security infrastructures, particularly where mandated compliance comes into the picture.
Information Systems Security Engineering Professional (ISSEP) Aimed at those who focus on the design and engineering of secure hardware and software information systems, components, or applications. Key domains covered include certification and accreditation, systems security engineering, technical management, and U.S. government information assurance rules and regulations. Most ISSEPs work for the U.S. government or for a government contractor that manages government security clearances.
For more details about these concentration exams and certifications, please see the (ISC)2 website at www.isc2.org.
Notes on This Book’s Organization
This book is designed to cover each of the eight CISSP Common Body of Knowledge domains in sufficient depth to provide you with a clear understanding of the material. The main body of this book comprises 21 chapters. The domain/chapter breakdown is as follows:
■ Chapters 1, 2, 3, and 4: Security and Risk Management
■ Chapter 5: Asset Security
■ Chapters 6, 7, 8, 9, and 10: Security Engineering
■ Chapters 11 and 12: Communication and Network Security
■ Chapters 13 and 14: Identity and Access Management
■ Chapters 15: Security Assessment and Testing
■ Chapters 16, 17, 18, and 19: Security Operations