Why I think the CISSP CAT (Computerized Adaptive Testing) is a good thing!

I just published a new video on why (ISC)² switching the CISSP exam to CAT (Computerized Adaptive Testing) is a good thing.
This will test students on their knowledge (just like the current version), but not on their ability to handle the 6 hour brain melting previous exam.

You can watch the video on my free CISSP course here (lecture 8):
https://www.udemy.com/cissp-essentials/

Or you can watch it on my youtube channel here:

 

 

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #49

What would we encrypt when dealing with sensitive data?
A: USB drives.
B: Wireless access points.
C: Laptops.
D: All of these.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


D: When dealing with sensitive data we want to encrypt as much as possible while still keeping data availability acceptable.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #48

Which of these would be a layer 2 broadcast address?
A: FF:FF:FF:FF:FF:FF
B: 255.255.255.255
C: 127.0.0.1
D: 0.0.0.0

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


A: Layer 2 uses MAC addresses, they use the FF:FF:FF:FF:FF:FF broadcast MAC address, routers do not pass.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Computerized Adaptive Testing

My notes: I think this can be a good thing, here are a few reasons why:

  • Maximum 3 hour exam, same questions and difficulty, but you won’t hit the 4 and 5 hour wall. <Definite win>
  • The same questions, same weight as before just less of them <win>
  • Minimum 100 questions, maximum 150 questions vs. 250 questions in the current version (still 25 beta questions). Less scenarios less brain-melt <Definite win>
  • No ability to review, a little conflicted on this, but probably a good thing not rethinking answers you already did <meh>
  • No changes to the curriculum: “As the CISSP exam content outline and passing standard for the linear and CAT versions of the examination are exactly the same, candidate preparation should not change based on the format of the examination.” Nothing to restudy, keep doing what you are doing <Definite win>

The (ISC)² announcement:
Effective Dec. 18, 2017: (ISC)² will introduce Computerized Adaptive Testing (CAT) for all English CISSP exams worldwide. CISSP CAT enables you to prove your knowledge by answering fewer items and completing the exam in half the time.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #47

An artificial neural network tries to emulate a brain, which of these is not true about ANNs?
A: They can analyze images where they know a fact about, this could be “gecko” or “no gecko”, the more images they process the better they become at recognizing the fact.
B: They are mostly used in areas that are difficult to express in a traditional computer algorithm using rule based programming.
C: They are organized in layers, different layers perform different transformations on their input.
D: They use rule based programming and a lot of IF/THEN statements.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


D: ANNs do not use IF/THEN statements.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #46

Why would we not want to shut a compromised system down?
A: There could still be data on the hard disks, it will be lost if we shut the server down.
B: There could still be data in the non-volatile memory, it will be lost if we shut the server down.
C: There could still be data in the volatile memory, it will be lost if we shut the server down.
D: There could still be permitted users on the system.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


C: The digital (computer) forensics process: We need to be more aware of how we gather our forensic evidence, attackers are covering their tracks, deleting the evidence and logs. This can be through malware that is only in volatile memory, if power is shut off (to preserve the crime scene), the malware is gone and the evidence is lost.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Video highlight from my new free CISSP Essentials course – Life after passing the CISSP certification and being being endorsed.

This is the seventh lecture from my new free CISSP Essentials course.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #45

We have found some older systems on our network using PAP, why would we want to migrate away from using that?
A: Credentials are sent in plaintext over the network.
B: It uses SSL.
C: It uses PPP.
D: The client and server need to know a plaintext shared secret. It is stored in plaintext on the server, but never sent over the network.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


A: PAP (Password Authentication Protocol): One of the oldest authentication protocols, no longer secure. Credentials are sent over the network in plain text. Authentication is initialized by client/user by sending packet with credentials (username and password) at the beginning of the connection.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Video highlight from my new free CISSP Essentials course – The CISSP exam itself, how to mentally and physically prepare for it.

This is the sixth lecture from my new free CISSP Essentials course.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading