June 10, 2019

Practice question review video revolving on the need for either penetration testing, black box testing, vulnerability testing, or white box testing.  

For more CISSP videos, practice questions, flashcards, and PDF notes, become a member of Study Notes and Theory:

Thank you for your support.

December 7, 2018

Cross-domain correlation is a technique I (think?) I created when studying for the CISSP exam.  It's the process of picking a random topic in one domain, and then trying to relate it to another random topic in the other 7 domains.  The point was to confirm my knowledge of the concepts across a broad spectrum of CISSP topics.  The idea is that everything i...

August 2, 2018


I was fortunate enough to work in the security industry while studying for the CISSP.  

Dealing with firewalls and creating VPNs was a daily routine, and this made the Cryptography domain of the CISSP VERY easy.  

Others may not have the same opportunity, so I thought I would share with everyone how symmetric encryption is used in real life. 

 For other CIS...

July 22, 2018

The Clark-Wilson model is for upholding integrity.  

Just like the Biba Model – which is also for upholding integrity.

They're not for confidentiality.  That’s what the Bell-LaPadula model is for. 

And it’s not availability.  That’s what backups, high-availability firewalls, offsite storage, hot sites, cold sites, warm sites are for.  But, you know,...

July 3, 2018

Attribute-based access control is a new topic for the April CISSP exam update.  It is a more dynamic, flexible, context-aware and adaptive type of access control method.  

When we are talking about access control methods we are talking about things like Role-Based Access Control, Discretionary Access Control or Mandatory Access Control.  ABAC can...

May 12, 2018

When there are network connectivity issues, the first thing to be blamed is the firewall.  

40% of my job is proving that the issue is not with the firewall.  The simplest of tasks is just showing the customer that traffic has ingressed and egressed successfully out of a dual or multi-homed firewall.  

We manage the firewalls of Customer A....

April 26, 2018

One of the practice question review videos from the member's portal.  

Please reload

© 2013 Study Notes and Theory
Terms and Conditions/Privacy Policy

Proudly created to make you

a better security professional.