CISSP EXAMINATION

REVIEW GUIDE

Certification testing can become a very overwhelming experience without the proper training.  The CISSP Examination Review Guide is a  solution package that integrates Knowledge, Comprehension, and Application (KCA) as a training evaluator for candidates pursuing certifications.  To align certification and skills, it employs “Application and Theory Based” learning.  The overall approach ensures that CISSP learning is achieved to gain the certification, a successful certification testing approach.  The guide is not a  generic question platform!  Our questions are developed by Cyber Security experts and leading Cyber Security professionals and mirrors the official examination test questions’ structure and approach.  Many of the leading companies will sell you 2,000 questions that are “not” focused on the exam content.  Does this sound familiar?  Our methodology to address “Curriculum Content” over “Exam Content” for training material.  Many of the leading online examination packages focus on “What questions are on the test,” and this practice fails the IT Security community.

KNOWLEDGE, COMPREHENSIONAND APPLICATION (KCA) TOOLS

The initial approach to any CISSP examination is to extract the ambiguous information and answers or areas that are not applicable. Using the KCA principle can help foster a more realistic approach to the examination.

KNOWLEDGE (LEVEL 1)

Knowledge is defined as the remembering of previously learned CISSP information.  This is a recall of the appropriate information.  Knowledge represents the lowest level of approaching a test question in the cognitive domain.  Objectives at this level require candidates to demonstrate their knowledge of the question.

COMPREHENSION (LEVEL 2)

Comprehension is defined as the ability to grasp the question’s meaning.  These learning outcomes are more complex than simple recall of information and represent the lowest level of understanding.


APPLICATION (LEVEL 3)

Application is the ability to apply learning in new and concrete ways. The application theory differs from comprehension in that application shows that students can apply knowledge.

EXAMPLE OF SEMAIS EXAM QUESTION

SEMAIS has just completed a significant assessment and wants to plan its security remediation strategy across multiple platforms. While examining the report, a manager notices that its major weakness is access control, user isolation, and authentication by-pass settings. While conducting an extended analysis, the manager notices that 25% of its risks are related to illegitimate access control by the network administrators group. When remediating the network administrator group’s illegitimate access to the system, which of the following will not be your primary consideration?

A. Network administrators should be given maximum privilege across all systems and IT infrastructure.

a

B. Network administrators of SEMAIS duties should be separated.

C. Activities of network administrator should be monitored.

D. System/network administrators should be subject to job rotation.

Knowledge

Access privileges provide users the rights to information based on their job roles.

Comprehension

The question wants to know the process to prevent network administrators from having illegitimate access.


Application

The nature of the question is asking for the primary consideration and preventing access by separation of duties, continuous monitoring, and job rotation. Question A would be the correct answer since it’s a low priority, provides full rights and negates the ability to prevent illegitimate access. Using this strategy for the test questions will better prepare a candidate to take the examination. As a candidate become proficient with using KCA, they will master the CISSP examination.