Hello world!

It seems like it has been forever since I was in here… and looking at my last post, it has been!

This last year with Covid has been rough on us all. Due to my MS I have kept myself in isolation. I can’t wait to get out and about again for sure. I did pretty good last year, but it felt like January broke me…

I am moving forward again and I just published two books on Amazon!

One to help people get ready for the CISM exam:

And one to get ready for CCSP exam

I am soooo excited! Ok, time to get more writing in! I will be back here soon!

CISSP Preparation – Practice Questions

To practice or not to practice… that is the question.

My basic answer is YES.  Do practice questions.

The complicated answer:

You must understand the reason you are doing the practice questions in order to get the most out of them.  So what is the reason you ask? It is to get yourself used to answering questions of this nature.  Most adults do not take exams on a regular basis.  As a result most of us are not used to these convoluted questions.

Before I go further with that I have to add what you are NOT trying to get out of these practice questions.  You are not doing these questions with the hope of memorizing them word for word so that by the time you get to the exam you have seen all of the questions and all of the answers.  Expect that you will not see anything on the exam that you have seen in practice.

One of the most important things that you can get out of your practice questions is to identify why you got the questions wrong.  It is better to identify this now, rather than after the exam.  It is fun and makes you feel good when you get the questions right, but what you really want to be looking for is the questions that you get wrong and then understanding why you got it wrong.

Some of the reasons that you might get the question wrong is to look at it from a technical perspecitve rather than a managerial one.  You might have missed a work (i.e. NOT).  You might have added a word that was not there (i.e. NOT).  You might have missed the actual question embedded within all of the words that they gave you.

One thing that I can promise you is that you will find bad questions.  Questions that make you upset, mad or even angry.  Practice questions are almost always written by people that had the thought AFTER writing a book or a course that they should probably write some practice questions as well, myself included.  As a result they do not get all of the attention that they deserve and they are not evaluated and revised as necessary.

If you are dealing with a bad question what is most useful to you is to identify why it is a bad question.  Was it poorly worded?  Were the answers to close to each other?  Were the answers synonymous? Was a word missing from the question or the answer?  And so on.  If you can explain why it is a bad question than you are showing that you do have a grasp of the topic which is what you need to be ready to take the exam.

So practice away.  Just look for what has you getting the wrong answers in order to get you ready for the exam.

Now the next question I am often asked is which questions should you use?

If you have any of the study guide books there are questions that go along with them.  They are ok.  All of them.. they are ok.  One note is the questions in the All-in-One used to be too long in comparison to the exam, but now they are not long enough.

There are a lot of questions on CCCure.org.  I would recommend practicing at the two hardest levels.  I like these questions because they are free.  I am all about free.  Buyer beware – you get what you pay for.  There are a lot of bad questions in there.  Just use them for practice.  Identify why they are bad questions and let it go.  If there is information in a question that goes against all you have read or learned or all of you own background tells you then let it go as a bad question, or go research somewhere else for more accurate info.

What if you want to spend money on questions.  I would NOT recommend buying the Transender or any other similar questions.  You are just as well off with CCCure.  If you really want some good questions and are willing to pay for them get them from the source, (ISC)2.  They have 300 questions available for purchase.  The difference with these questions is that they went through the same process as the real test questions (minus going in to real exams) and are decent, solid questions. Click here to get to them.

Practice away !!!

CISSP Preparation – Books

Are you getting ready to take the CISSP exam?  Are you wondering where to start?  Are you wondering how you will know when you are really ready to take the exam?  I have some tips that I have found are very useful through my six years of teaching CISSP for (ISC)2.

Lets start with books.

I classify books available for preparing for this exam  into three categories.

Category 1 = Cliff Notes

Category 2 = Full prep guides

Category 3 = Expert books

Category 1 includes CISSP for Dummies and the Passport by Mike Myers.   The passport is currently out of print as I write but perhaps you can borrow one.  I recommend either of these books.  The basic difference between them is a style of writing.  The CISSP for Dummies book is entertaining to boot, but if you are going to be aggravated by funny quips such as the different hash algorithms being compared to the Jackson family then go with the Passport book.

I would recommend using these books as you start your studying, through to the last week before you take the exam.  When you first pick up this book I would take a walk through to start to identify the topics you are familiar with and those that you are not familiar with.  As you identify areas that you need to work on you can then migrate to a book out of Category 2.

Category 2 books include the Official guide from (ISC)2, the All-in-One Exam Guide by Shon Harris, as well as many others.  I recommend that you pick a book here that matches your reading style.  For example the Official guide is a bit long winded on topics and that works great for some people, but not for others.  Most people seem to work well with the All-in-One exam guide.

As you go through the list of topics in your Category 1 book and find things that you are less familiar with or not familiar with at all I would then recommend that you move to your Category 2 book to read more on that topic.  Some people do read their Category 2 book from cover to cover, a couple of times even, although most do not.  I find it to be most useful as a research aide.

Category 3 books include all of the real books out there on security.  These are the books that are written by a subject matter expert on their topic of knowledge.  If you are still left confused by Category 1 or 2 books, this is the place to turn for more detailed, or possibly, more accurate information.  ISC2 has a list of books that falls into this category.  My favorite cryptography books can be found here.

In general these books are too detailed for getting ready for the exam, although they could be very useful when you are looking for that additional information or clarification information for a specific project.

One other note regarding buying books, is that you don’t necessarily have to.  There is free information available on the web.  Just buyer beware you usually get what you pay for.  One place that many turn to is CCCure.  There are several study guides that people have put together and posted on this site. For the most part these are nice study guides and can save you some money.

Good luck 😉 and study hard.

More coming on CISSP practice questions.