Information Security can be successful only if its treated like a way of thinking, a program and not a project. Preparation for this exam asks for the same approach.
What was in my Toolbox:
Approach: Why does this section I am reading matter for security, who is approving this activity, what is the goal? Ask yourself these questions as you are reading each domain.
Friends from the Telegram group to have 24/7 company to discuss and study with. Know when to have quiet study time and when to engage in the group.
Books: CBK,Shon,Sybex
NIST
Online study and self made notes, questions
Kelly's boot camp same as her Cybrary videos
SNT Telegram Group (I got all the prayers, good wishes, and support throughout and while taking the exam I felt I was doing it on everyone's behalf, so I HAD to do well)
Important areas:
Significance of Board/Executive Committee(Process Guide Page 1) applicable to all domains
Madunix Process guide-understand what each step really means Sybex: BCP, DRP
Shon: Crypography concepts,Telecommunication and networking, Mobile Device Management
DoS: https://security.radware.com/ddos-knowledge-center/ddospedia/ and then searched online for solutions for attacks Secuirty in the Cloud: NIST 800-144/145
Test Engines:
End of chapter questions from each book
Must do: testbanks.wiley.com with Official ISC2 practice test
Must do: https://www.mhprofessionalresources.com/sites/CISSPExams/exam.php?id=AccessControl
CCCure: It is good for practice but ignore answers for Incident Response.
Boson: I think it was too technical and not necessary.
Total Tester: Too technical. AIO book questions are enough.
Time: 3.5 months with study as top priority in life
I had a study plan with dates for each domain, practice tests, reviews all the way up to the day before the exam date.
Strategy for the week leading up to the exam:
200 practice questions daily. Review incorrect questions.
Solidify some concepts. Write topics on a white board from memory.
Process guide - I recommend reading this at the end of each domain. Don't wait till the end like I did :)
Exam:
In real life top down approach is what makes programs and projects successful. Same thing applied in the exam.
I remembered from everyone in the Telegram group - DO NOT FIX ANYTHING. Select the management, policy or contract level answer choice.
I looked up at the question number every 25 questions. I told myself not to get distracted with the timer or the question number.
Question language was easy. It just needed to be broken into important parts and key words to make sure I was targeting what the question was all about.
Comments