Scott:

The sample exam link listed in item #2 is not valid-the exam has been
archived and is now at
http://www.infosecuritymag.com/articles/1999/sampleexam.shtml

-----Original Message-----
From: Scott C. Sanchez, CISSP [mailto:scott@gungadin.com]
Sent: Thursday, January 10, 2002 9:59 AM
To: cisspstudy@securityfocus.com; certification@securityfocus.com
Subject: [READ THIS] CISSP STUDY GUIDE LIST
Importance: High

This is a very comprehensive list of things to know when studying or
preparing for the CISSP exam. It was written by Dan Houser, CISSP who is
an active and well respected member in the InfoSec community. Thanks Dan
for taking the time to put this together!

(Note: these opinions in the list are his own and do not necessarily
reflect those of any individual or entity)

Enjoy,
-Scott

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The CISSP Study Guide List ver 3.2 - copyright 2001, 2002 by:
================================================================
Dan Houser, CISSP, SSCP, CCP, GSEC
Director of Education, ISSA Central Ohio Chapter
1cissp@hushmail.com / alternate: Hello_World@bigfoot.com
pgp key: pgp.mit.edu
================================================================
About this list:
================================================================
This list has been used as a study guide by a large number of
people that now hold their CISSP. While this information
cannot be a substitution for real experience in the InfoSec
field, those with the requisite experience will find this
information useful in refreshing and enlightening the broad
range that the BoK covers.
The end of the list contains tips on what to expect for the
exam, and how to be best prepared for taking the exam and
surviving for 6 hours. Many folks who now hold their CISSP
have found this list to be invaluable, and I hope you find it
of value as well.
This list is provided free (with copyright retained) as a
service to the InfoSec community at large.
Kudos to ISSA.
Fair Use: Sorry, just a few minor issues, since this bears my
name & reputation.
================================================================
You may use this list in any way you see fit, with 2 conditions:
1) You must communicate via e-mail with the author, to report:
- any stale/bad links, to continue improving this list.
- any web page dissatisfaction, in case they've
declined in value since publication.
- when you pass your CISSP! :^)
2) You can share this list however you like, provided:
- no charge is ever assessed for access - this list
must remain free!
- the content between the PGP signature lines remains
unchanged.
- any comments in e-mail notes occur ABOVE the PGP
line.
- If posted online, the PGP signature is verified
before posting. PGP key available at pgp.mit.edu.
================================================================
Top 5 CISSP resources:
================================================================
1) The CISSP Open Study Guide: http://www.cccure.org/
(It's first on the list for a reason!)
NOTE: See the left side, "Hal Tipton, Intro I" and "Hal Tipton
Intro 2" - as in "editor of HISM, that Hal Tipton".
He provided two CISSP review courses, and then posted the
slides here. Same stuff you'd pay for in a CISSP Review class,
but for free.
2) Sample Exam:
http://www.infosecuritymag.com/oct99/sampleexam.htm
This is only published sample exam blessed & approved by ISC^2
Use it to gauge your weaknesses, and to understand the format
of the exam. When taking the sample exam, if you don't KNOW
the answer and guess correctly, this would be an area of
marginal weakness, and may indicate further study is needed.
3) Tipton & KRause 3rd Edition:
http://secinf.net/info/misc/handbook/ewtoc.html
A major source of test questions in the past, still very useful
stuff, and it's FREE.
4) HIGHLY Recommended:
Signup for the CISSPStudy_1 list, run by Ginger Doetsch:
http://groups.yahoo.com/group/CISSPStudy_1
Signup for the CISSPStudy e-mail list:
http://infosec.gungadin.com/index2.shtml
5) Why be a CISSP? :
http://www.infosecuritymag.com/oct99/profcert.htm
================================================================
Additional CISSP resources, loosely grouped:
================================================================
CISSP Prep Course materials: http://www.consec.org
CISSP Practice Exam:
http://www.cissps.com/Cissp_Exam/Practice/practice.html
CISSP Forums:
http://forum.cissps.com/ubbcgi/Ultimate.cgi?action=intro
The InfoSec Management 2000 Handbook:
http://www.itknowledge.com/reference/standard/0849399742/ewtoc.html
(you only get 1-2 clicks before you have to pay, so choose
your chapter carefully!)
For Crypto Newbies: http://15seconds.com/issue/991216.htm
Crypto Made Easy:
http://www.cissps.com/Cissp_Exam/Practice/crypto.html
Intro to PKI:
http://docs.iplanet.com/docs/manuals/security/pkin/index.htm
Intro to SSL:
http://docs.iplanet.com/docs/manuals/security/sslin/index.htm
RSA Labs Crypto FAQ:
http://www.rsasecurity.com/rsalabs/faq/index.html
Bruce Schneier's Crypto Hotlinks:
http://www.counterpane.com/hotlist.html
W3.org's Internet Security Resource Page:
http://www.w3.org/Security/
TCSec Coverage WITH TESTS!!:
http://www.radium.ncsc.mil/tpep/library/ramp-modules/
(see especially 5,6,7,8,9,11 which have coverage beyond
just TCSec)
DoD Rainbow Series:
http://www.radium.ncsc.mil/tpep/library/rainbow/
(in theory no longer on the exam, but I've heard rumors in
listservs that TSEC stuff still appears on the test)
Role-Based Access Control:
http://hissa.ncsl.nist.gov/rbac/
RSA's Crypto Glossary:
http://www.rsasecurity.com/developers/total-solution/glossary.html
RSA's VPN Tutorial:
http://www.rsasecurity.com/products/securid/whitepapers/vpns/index.htm
l
Computer Forensics Overview:
http://www.ddj.com/articles/2000/0009/0009f/0009f.htm
Firewalls Complete, online book:
http://secinf.net/info/fw/complete/
Trust in Cyberspace, online book (Internet Security Overview):
http://www.nap.edu/readingroom/books/trust/
TEMPEST: http://www.eskimo.com/~joelm/tempest.html
Large Archive of Security Articles:
http://www.nwfusion.com/newsletters/sec/
(Mostly Physical Security, Network Security, and Security and
Policy Management )
HUGE compendium of InfoSec sources:
http://www.infosyssec.net/index.html
(note the left-hand side, which are all the topics covered)
Computer Security Institute's Archive of InfoSec Articles:
http://www.gocsi.com/excerpt.htm
ACSA InfoSec Bookshelf:
http://www.acsac.org/secshelf/book001/book001.html
Discussion of Optical Lenses:
http://www.photo.net/photo/optics/lensTutorial.html
US Navy Physical Security Manual:
http://neds.nebt.daps.mil/Directives/5530_14c.pdf
Good source of quizzes: http://www.sans.org/infosecFAQ/index.htm
(remember - GIAC and CISSP have a different focus)
Many books/papers about firewalls: http://secinf.net/ifwe.html
GASSP: http://www.all.net/books/GASSP2.html
Big ol' List o' Crypto on Bruce Schneier's Site:
http://www.counterpane.com/biblio/all-by-author.html
Many miscellaneous papers, some definitely by hackers:
http://www.insecure.org/reading.html
( set grain of salt = on)
Now, once you've read all that, your brain should be tired.
================================================================
CISSP Exam Tips - What to expect, & how to survive
================================================================
Sorry, no tips on questions, I'm not allowed to share. However,
I can provide some tips that can tell you how to be most
successful at lasting for 6 hours and staying alert during the
CISSP exam:
> Don't cram the night before. Get a good night's rest.
> Don't forget your photo ID!!!
> Bring a couple bottles of juice and water, plus some snacks (
cheese crackers, apple, etc.) in a cloth bag that isn't
'noisy'. You don't want to make a lot of rustling noises
during the exam.
> You might want to bring along 2 doses of Excedrin, Tylenol,
Cold & Sinus non-drowsy, Imodium AD, Rolaids, and any
prescription medicine your are on. Getting a killer
headache or heartburn during the CISSP would be rough.
> Don't take anything else to the exam except your photo ID (
no books, etc.) DO NOT wear a calculator or digital watch.
> In case you ignore the above point, bring along a zippered
backpack to store your phone and Palm Pilot, and stash them
in the back of the room where the proctors can secure it and
know your aren't compromising the exam. OOPS - don't do
what I did, and forget to turn your Palm Pilot alarms off.
:^)
> Get to the exam 45 minutes before it starts to chat with the
proctors about how they handle the exam, drinks, nature
breaks, etc. Ask about the proper procedures for you to get
up and stretch or use the bathroom.
> Show the proctors your bag of goodies and that it doesn't
contain anything except juice, water, snacks, and medicine,
and determine from them how you could have access to your
snacks during the exam.
> Pace yourself through the exam. You should complete 50
questions every 40-50 minutes.
> After 100 questions, get up quietly and go to the back of
the room and stretch, down a juice, eat a snack and refresh
your mind for 5 minutes. Focus your eyes on the farthest
point you can see.
> Repeat the break when hitting the 200 and 250 question level.
This break will do wonders to keep you fresh and alert.
> As you take the exam, if you have a question that you want
to contest or otherwise comment about, you can't talk to the
proctor about it. However, bend the corner of the page and
jot the question number on a piece of paper so you remember
the "questionable" question. After the test, you are
permitted to comment on questions through a special process
the proctor will explain. Please take 20-30 minutes to do
this at the end of the test to help yourself, and others.
I've heard that graders DO read them. Your well-written
statement might just be the issue that tosses out a question
you got wrong, and be the margin for getting certified. Be
calm, concise, and factual. This is not the place FOR
YELLING!!! or other emphasis. Deep cleansing breath between
each comment.
> REMEMBER, 25 of the questions are being asked to test the
validity of the question, so they don't count. If you see a
question that really zings you, just think, "Oh, that must be
a test question, so it doesn't count." Don't let the tough
ones rattle you.
> After the test, please don't drive a long distance before
refreshing yourself, and don't plan on doing anything
strenuous... you will be dog tired and your brain will hurt.
I recommend getting a starchy meal or other complex
carbohydrates and taking plenty of electrolytes in a relaxing
setting. For me, that formula was plenty of nachos, crabdip
and a beer by the Bay. There is a point to this- while you'
re enjoying yourself and resting...
> Though it's the last thing you'll want to do, within that 1st
hour after the test, take 1-2 pages of notes about all the
concepts that you were weakest on, in case you didn't pass.
Store this in a secure location, and pull it out if you need
to study again.
> But MOST IMPORTANT, don't forget your PHOTO ID!!
I wish you the best of luck!
- -ddh
The CISSP Study Guide List ver 3.2 - copyright 2001, 2002 by:
====================================================================
Dan Houser, CISSP, SSCP, CCP, GSEC
1cissp@hushmail.com / alternate: Hello_World@bigfoot.com
====================================================================
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPDyYp/i5GkWlFlcVEQKXRwCZARq88tyE7TZ4yescE8G6Ivr17/wAoJLn
xSeUoCkkDE6q+ld2QJdZMiUb
=TCoD
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]