Читаем CISSP Practice полностью

The real CISSP Exam consists of 250 M/C questions with four choices of a., b., c., and d. for each question. There can be some scenario-based questions in addition to most of traditional questions. Regardless of the type of questions on the exam, there is only one correct answer (choice). You must complete the entire CISSP Exam in one six-hour session. The scope of the CISSP Exam consists of the subject matter covered in ten domains of this book, which is in accordance with the description of the CISSP Exam (content specifications) as defined in the ISC2’s “CISSP Candidate Information Bulletin” with an effective date of January 1, 2012. Note that these practice questions are also good for the CISSP Exam with an effective date of January 1, 2009 because we accommodated both effective dates (January 2009 and January 2012) due to their minor differences in the content specifications.

With no bias intended and for the sake of simplicity, the pronoun “he” has been used throughout the book rather than “he/she” or “she.”

—S. Rao VallabhaneniChicago, IllinoisAugust 2011

How to Study for the CISSP Exam

To study for the CISSP Exam, follow these guidelines:

Read the official description of the CISSP Exam at the end of this section.

Read the glossary terms and acronyms found in Appendixes A and B at the back of this book to become familiar with the technical terms and acronyms.

Take the sample practice tests for each of the ten domains.

If you score less than 75 percent for each domain, study the glossary terms again until you master the subject matter or score higher than 75 percent.

Complete the scenario-based practice questions to integrate your learning and thought processes.

The types of questions a candidate can expect to see on the CISSP Exam are mostly objective and traditional multiple-choice questions and some scenario-based multiple-choice questions with only one choice as the correct answer. Answering these multiple-choice questions requires a significant amount of practice and effort.

The following tips and techniques are helpful for answering the multiple-choice questions:

Stay with your first impression of the correct choice.

Know the subject area or topic. Don’t read too much into the question.

Remember that all questions are independent of specific countries, products, practices, vendors, hardware, software, or industries.

Read the last sentence of the question first, followed by all the choicesthen read the body of the question. Underline or circle the key words.

Read the question twice (or read the underlined or circled key words twice) and watch for tip-off words such as not, except, all, every, always, never, least, or most that denote absolute conditions.

Don’t project the question into your own organizational environment, practices, policies, procedures, standards, and guidelines.

Try to eliminate wrong choices quickly by striking or drawing a line through the choices or by using other ways convenient to you.

When you are left with two probable choices after the process of elimination, take a big picture approach. For example, if choices a. and d. remain and choice d. could be a part of choice a., then select choice a. However, if choice d. could be a more complete answer, then select choice d.

Don’t spend too much time on one question. If you are not sure of an answer, move on and come back to it if time permits. The last resort is to guess the answer. There is no penalty for guessing a wrong answer.

Transfer all questions to the answer sheet either after each question is answered individually or in small groups of 10 or 15 questions. Allocate sufficient time for this task because it is important. Mark the right answer in the correct circle on the answer sheet.

Remember that success on the exam depends on your education and experience, time-management skills, preparation effort and time, memory recall of the subject matter, state of mind, and decision-making skills.

Description of the CISSP Examination

The following is the official description of the Certified Information System Security Professional (CISSP) Examination content specifications as defined in the ISC2’s “CISSP Candidate Information Bulletin” with an effective date of January 1, 2012. The scope of the CISSP Exam consists of the following subject matter (content specifications) covered in the ten domains.

DOMAIN 1: ACCESS CONTROL

Overview

Access control domain covers any mechanism by which a system grants or revokes the right to access data or perform some action. The access control mechanism controls various operations a user may or may not perform.

Access controls systems include

File permissions such as create, read, edit, or delete on a file server