CISSP Exam Cram Series: 2022 Update

Overview

• Covers all 8 domains of the CISSP exam.
• Includes recommended exam preparation strategies.
• Utilizes multiple learning techniques for effective study.
• Aims to help candidates prepare faster without expensive boot camps.

Key Study Strategy

• Focus on high-probability exam topics and high-difficulty concepts.
• Highlight frequent sources of exam questions.
• Emphasize process memorization where necessary.
• Note: Pace is intentionally set around 115-125 words per minute.
• Content tailored to optimize exam study time.

Exam Preparation Strategy

• Use the official study guide (9th edition) for questions and flashcards.
• Think like a manager to prepare for exam scenarios.
• Utilize mnemonic devices for memorization and retention.
  • E.g., OSI Model: "Please Do Not Throw Sausage Pizza Away."
• Employ chunking to break down large amounts of information.

Exam Preparation Techniques

• Spaced Repetition: Revisit material periodically for long-term memory.
• Understanding Before Memorization: Improves retention.
• Mnemonics & Chunking: Simplify learning complex information.
• Practice Exams: Vital for identifying weak areas.
  • Customize quizzes per domain to focus weak areas.

Quantitative Risk Analysis Formulas

• Single Loss Expectancy (SLE): Asset Value x Exposure Factor.
• Annualized Rate of Occurrence (ARO): Frequency of threat per year.
• Annualized Loss Expectancy (ALE): SLE x ARO.
• Safeguard Evaluation: ALE before safeguard - ALE after safeguard - Annual Cost of Safeguard.

Risk Management Frameworks

• NIST 800-37: Primary framework used in CISSP.
  • Steps: Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor.

Learning Methods

• 80-20 Strategy: Focus 80% of study time on 20% of weakest areas.
• Variety & Repetition: Use multiple study methods for best results.

Domain 1: Security and Risk Management

• CIA Triad: Confidentiality, Integrity, Availability.
• Risk Management Frameworks: NIST 800-37.
• Security Policies: Acceptable Use, Baselines, Guidelines, Procedures.
• Risk Responses: Accept, Mitigate, Assign, Avoid, Deter.

Domain 2: Asset Security

• Data Life Cycle: Creation, Storage, Use, Sharing, Archival, Destruction.
• Data Classification: Unclassified/Public, Confidential/Sensitive, Secret/Private, Top Secret/Confidential.
• Data Destruction Methods: Erasing, Clearing, Purging, Destroying.

Domain 3: Security Architecture and Engineering

• Cryptography Types: Symmetric, Asymmetric, Hash Functions.
• Security Models: Bell-LaPadula (Confidentiality), Biba (Integrity).
• Firewalls: Packet Filtering, Stateful Inspection, Proxy, Application-level.

Domain 4: Communication and Network Security

• OSI Model: 7 Layers from Physical to Application.
• Network Security: Firewalls, IDS/IPS, VPNs, TCP/IP model.
• Wireless Network Security: WPA, WPA2, MAC Filtering.

Domain 5: Identity and Access Management

• Authentication Factors: Something You Know, Have, Are.
• Access Control Models: DAC, MAC, RBAC.
• Federated Identity: SAML, OAuth, OpenID.

Domain 6: Security Assessment and Testing

• Penetration Testing: Simulation of attacks to identify vulnerabilities.
• Software Testing: Static vs. Dynamic.
• Audit Practices: Log Reviews, Internal/External Audits.

Domain 7: Security Operations

• Incident Response: Detection, Response, Mitigation, Reporting, Recovery, Remediation, Lessons Learned.
• Business Continuity Plans: Ensure ongoing operations post-disaster.
• Security Operations Concepts: Least Privilege, Separation of Duties.

Domain 8: Software Development Security

• SDLC Phases: Requirements, Design, Implementation, Testing, Maintenance.
• Secure Coding Practices: Secure coding standards and guidelines.
• Software Testing: Conduct thorough testing pre-distribution.

Conclusion

• Focused on high-probability and difficult exam topics.
• Provides comprehensive strategies for efficient and effective study.
• Encourages understanding and application of principles in real-world scenarios.