CISSP Exam How to

take it
Prasad Tiruvalluri, PMP, CISSP, PSM1, Hadooop, ISTQB, ITIL
www.techgadgettalk.com

E-mail: Prasad.Tiruvalluri@techgadgettalk.com

Contents
Eligibility
Job Profiles
What does CISSP Test
The actual process
How to study

How to take exam

Resources

CISSP (Certification for Information System Security Professional) is for IT

security professionals. This validates their expertise.
There are two ways to take the exam
Candidates having 5 years of cumulative full time work experience in two or more
domains required under the ISC2 CISSP CBK
ISC2 also provides a 1 year professional experience waiver if the candidate possesses a
four year college degree in the same field
Or
Pass the exam as associates of ISC2
Earn the required 5/4 years of experience in the next 6 years before they can use the
CISSP credential.

In both cases, after passing the exam, one must be endorsed by an existing
CISSP and if you do not have anybody who can endorse you, then CISSP can
do the endorsement

Security consultant
Security analyst
Security manager
Security systems engineer

Security auditor
Director of security
Chief information security manager

IT manager/Director
Network Architect
Security Architect

Tests a very broad depth of knowledge in 10 different

domains of Information Security
Domain 1
Access Control A collection of mechanisms that work together to
create security architecture to protect the assets of the
information system
Concepts/Methodologies/Techniques
Effectiveness
Attacks

Domain 2
Telecommunications and Network Security Discusses network
structures, transmission methods, transport formats and security
measures used to provide availability, integrity, and confidentiality
Network Architecture and Design
Communication Channels
Network Components
Network Attacks

Domain 3
Information Security Governance and Risk Management The
identification of an organizations information assets and the
development, documentation and implementation of policies,
standards, procedures, and guidelines
Security Governance and Policy
Information Classification/Ownership
Contractual Agreements and Procurement Processes

Risk Management Concepts

Personnel Security
Security Education, Training and Awareness
Certification and Accreditation

Domain 4
Software Development Security Refers to the controls that are
included within systems and applications software and the steps
used in their development
Systems Development Life Cycle (SDLC)
Application Environment and Security Controls
Effectiveness of Application Security

Domain 5
Cryptography The principles, means and methods of disguising
information to ensure its integrity, confidentiality, and authenticity
Encryption Concepts
Digital Signatures
Cryptanalytic Attacks
Public Key Infrastructure (PKI)
Information Hiding Alternatives

Domain 6
Security Architecture and Design Contains the concepts,
principles, structures and standards used to design, implement,
monitor, and secure, operating systems, equipment, networks,
applications, and those controls used to enforce various levels of
confidentiality, integrity, and availability
Fundamental Concepts of Security Models
Capabilities of Information Systems (e.g. memory protection,
virtualization)
Countermeasure Principles
Vulnerabilities and Threats (e.g. cloud computing, aggregation, data
flow control)

Domain 7
Operations Security Used to identify the controls over hardware,
media and the operators with access privileges to any of these
resources
Resource Protection
Incident Response
Attack Prevention and Response
Patch and Vulnerability Management

Domain 8
Business Continuity and Disaster Recovery Planning Addresses
the preservation of the business in the face of major disruptions to
normal business operations
Business Impact Analysis
Recovery Strategy
Disaster Recovery Process
Provide Training

Domain 9
Legal, Regulations, Investigations and Compliance Addresses
computer crime laws and regulations, the investigative measures
and techniques that can be used to determine if a crime has been
committed, and methods to gather evidence
Legal issues
Investigations
Forensic procedures

Compliance Requirements/Procedures

Domain 10
Physical (Environmental) Security Addresses the threats,
vulnerabilities, and countermeasures that can be utilized to
physically protect an enterprises resources and sensitive
information
Site/Facility Design Considerations
Perimeter Security
Internal Security

Facilities Security

Obtain the experience

5 years in two of the domains in the previous slides.
Valid experience includes information systems security-related work performed as a
practitioner, auditor, consultant, investigator, or instructor that requires information security
knowledge and involves the direct application of that knowledge

Or 4 years in two of the domains in the previous slides and

A 4 year degree
Should have an approved ISC2 credential

Study for the exam

Schedule the CBT

Pass the exam

Complete the endorsement
Maintain the certification

It is just an exam, Think positive. It is not the end of the world

Verify that you are eligible and schedule the exam. Let the commitment drive
you. Make sure you do not schedule the exam too far off. You may
procrastinate.
If you have experience in the info security field, plan for about 200 hrs to 250
hrs of study else plan for about 400 hrs to 450 hrs of study

One domain per week. Study everyday.

Use CBK as a base so you do not go off topic too much as that is a real problem
Use one book as a reference and just one more as a fall back. Dont read too
many.

Take tests daily and from different sources. Do not worry about the scores as
none of the existing questions even remotely resemble the actual test
questions. Use the tests to just gauge your state of preparation
Write the exam

The exam is 6 hours long.

You many not need 6 hrs but be prepared to spend 6 hrs.

Get familiar with CBT
Download the test tutorial & practice exam from Pearson Vue
(http://www.pearsonvue.com/athena/)
Take an online tour of a Pearson Professional Center
(http://www.pearsonvue.com/ppc/)

Arrive early
One hour, if you can.
Bring your registration paperwork, government issued ID: Drivers License, passport etc.,

Bring your snacks and drink (in covered container).

Take your restroom break before you sign-in

Your proctor will lead you through the registration process and lead you to your
workstation
Get familiar with your workstation and start when youre ready.

You have an option to mark the question for review later, use it

The questions are so crafted, you are never certain how well you have done. Do
not get discouraged. Most of the exam takers have felt that way.
You pass if you score more than 700. The score is scaled. The number of
questions is 250 with 25 being not used for scoring but you will not know which
ones.

The questions are multiple choice questions with single and multiple answers.
There are drag and drop and hotspot questions since 2014.

Take your time, but not too much time

1 min. per question, but no more than 2.
Mark the questions that youre not sure on and move on.

Do take a break
Review your answers
Review the questions that you dont have an answer first.
Review rest of your answers.
Your first answer likely be the right answer.

Ignore your surroundings

Others may be writing different exams (PMP, GRE etc.,) which may be 3 hours
long

Official ISC2 website - https://www.isc2.org/cissp/default.aspx

https://www.cccure.org for exams. There are two packages normal

multiple choice and scenario based. It also has a lot of other resources
Prep books
CISSP All-in-One Exam Guide, Fifth Edition, by Shon Harris and the website has free questions

Official (ISC)2 Guide to the CISSP CBK the latest edition must read
CISSP Study guide, Eric Conrad
CISSP Study Guide 6E Sybex- James Stewart, Mike Chapple & Darril Gibson comes with questions
CISSP Training Kit-David R Miller - Microsoft Press comes with questions
Eleventh Hour CISSP Study Guide-Eric Conrad

Wiley The CISSP Prep Guide Gold Edition

TestKing ISC CISSP Exam Q And A

For more detailed information and Q & A visit www.techgadgettalk.com