CISSP Exam Cram Series - 2022 Update

Overview

• Objective: Cover all eight domains of the CISSP exam
• Strategy: Focus on key points and high-probability exam topics
• Learning Techniques: Multiple proven methods to prepare quickly and effectively
• Pace: Spoken at 115-125 words per minute; adjust speed as necessary

Exam Preparation Strategy

• Focus on high probability and high difficulty topics
• Utilize a mix of study methods including practice exams, flashcards, and targeted reading
• Be aware of updates and changes in exam format

Exam Format

• Computer Adaptive Testing (CAT): 3 hours, 100-150 questions
• Linear Exam: 250 questions, 6 hours
• Passing Score: 70%

Recommended Study Materials

• Official Exam Study Guide (9th Edition): Includes practice questions and flashcards
• Practice Quizzes: Use online resources to focus on weak areas

Managerial Mindset

• Due Diligence vs. Do Care: Understand the role and responsibilities
• Security Planning: Strategic (long-term), Tactical (mid-term), Operational (short-term)
• Risk Management: Acceptance, Mitigation, Assignment, Avoidance, Deterrence, Rejection

Learning Techniques

• Mnemonics: Use acronyms and visual aids to remember concepts
• Chunking: Break information into manageable parts
• 80/20 Strategy: Focus on weakest 20% of areas to improve

Security and Risk Management

• CIA Triad: Confidentiality, Integrity, Availability
• Professional Ethics: Understand the ISC² Code of Ethics
• Security Policies: Acceptable Use Policy, Security Baselines, Guidelines, Procedures
• Risk Analysis: Qualitative vs. Quantitative

Domains Overview

Domain 1: Security and Risk Management

• Focus on risk analysis, threat modeling, legal and regulatory compliance
• Security Models: Biba, Bell-LaPadula, Clark-Wilson, Brewer and Nash

Domain 2: Asset Security

• Data Lifecycle: Creation, Storage, Use, Sharing, Archival, Destruction
• Data Classification: Government and Non-Government classifications
• Data Destruction Methods: Erasing, Clearing, Overwriting, Degaussing, Destruction

Domain 3: Security Architecture and Engineering

• Cryptography: Stream and Block Ciphers, Symmetric and Asymmetric
• Security Models: Focus on integrity, confidentiality, and control models
• Cloud Computing: IaaS, PaaS, SaaS, and Shared Responsibility Model

Domain 4: Communication and Network Security

• OSI Model: Understand the seven layers and related protocols
• TCP vs. UDP: Connection types and protocol characteristics
• Firewalls: Types and functionalities

Domain 5: Identity and Access Management

• Authentication Factors: Something you know, have, or are
• Access Control Models: Discretionary, Role-Based, Mandatory, Rule-Based
• Federated Identity Management: SAML, OAuth, OpenID

Domain 6: Security Assessment and Testing

• Vulnerability Assessments vs. Penetration Tests: Differences and tools
• Software Testing: Static vs. Dynamic
• Audits: Internal vs. External, and their importance

Domain 7: Security Operations

• Incident Response: Seven steps DRM RRL
• Patch Management: Evaluate, test, approve, deploy, verify
• Business Continuity: BCP vs. DRP and testing plans

Domain 8: Software Development Security

• Software Development Models: Agile, Waterfall, Spiral
• Security in SDLC: Code scanning, configuration management
• Threats and Attacks: SQL Injection, XSS, Buffer Overflow

Conclusion

• Key focus: Balance study time effectively across all domains
• Utilize a variety of learning methods to reinforce understanding
• Practice with exams and quizzes for readiness assessment

These notes are a high-level summary of the key points from the CISSP Exam Cram Series and are intended to assist with exam preparation and review.