cissp preparation experience | Hacking Book | Free Online Hacking Learning

Published on September 4, 2016 classified as safety related | reading times

0X00 introduction

Beijing, 2 September 2016. After five hours and 30 minutes of suffering, I clicked the "end exam" button on a computer and walked out of the narrow exam room. Two young invigilators began to operate on their computers. One got up and went to the printer. The other told me that I could pack up. Go back and wait for the email notification in the mailbox. According to the information of the examinees, those who pass the exam will receive the email notice of Isc2, and those who fail the exam will give a score description on the spot. Sure enough, the invigilator handed me the printed report card, and a simple "Congratulations" made my heart fall. There seems to be no expected excitement, just a kind of relaxation. After eight months of hard work, I finally passed the CISSP exam.

Record some experience and share it with all the safety colleagues who are still struggling on the way of CISSP preparation.

0x01 certificate introduction

CISSP certification profile, a lot of online. Let me just say the following:

As of March 2016, the number of certificate holders in mainland China was about 1800.
CISSP currently has no question bank on the market. Isc2 is very strict in the protection of the question bank. It is strictly prohibited to discuss the questions publicly after passing the examination.
There is a threshold requirement for CISSP to apply for the examination. Only after passing the examination can the certificate be obtained by submitting the work experience certificate of the safety industry.

0x02 textbook recommendation

At present, there are several CISSP preparation textbooks with a large number of users. I will analyze the advantages and disadvantages one by one.

The Official (ISC)² Guide to the CISSP CBK。 This is the official textbook. It is now in the fourth edition. Keep up with the official exam syllabus. There is no Chinese translation, so reading it will test your English reading ability. But this is my first book. The official textbook is still closer to the examination. The division of knowledge domain and the explanation of concept are original, which is very helpful for you to understand the real intention of the examination questions. I've read this book carefully. It turns out to be really useful
All in one by sun Harris. At present, the seventh edition is in English and the sixth edition is in Chinese. This is also the only textbook translated into Chinese. The sixth version still refers to the knowledge domain structure of the old version of CBK, which is a hard injury. After the adjustment of examination syllabus, the structure of knowledge domain has been readjusted, and the emphasis of examination is totally different. For example, in the chapter of physical environment security, AIO talks about a lot of things like locks and video surveillance. In fact, the exam platform doesn't care about these details at all. I skimmed through the latest seventh edition in preparation for the exam. The structure is more reasonable and can be used as an alternative textbook.
CISSP (ISC)² Certified Information Systems Security Professional Official Study Guide。 The latest version is the seventh. This book is very interesting. It completely breaks up the framework of the examination, and the author reorganizes it into 21 chapters according to his own understanding. I just use this book as a reference. The style of writing is colloquial, unlike CBK. It is not recommended to review as the main textbook.
Eleventh Hour CISSP Study Guide。 I've also read this book. It's an outline book. The knowledge points are not expanded in detail. I've sorted out the context of knowledge. After spending more than two hours reading more than half of my time on the high-speed rail, I gave up the book.

It is suggested that CBK should be the main method and AIO should be the auxiliary. When CBK can't understand English, turn over the translation of AIO to help understand memory.

0x03 test question selection

There is no real question bank on the market now, only all kinds of simulation questions. The first one is the exercises after CBK class, which are very useful for deepening memory. In addition, there are more than one thousand questions on the AIO CD-ROM, which I haven't finished before the exam. There are many basic concepts in these questions, but there are very few direct questions in the actual examination. So these questions can only help you understand the concept. In a word, don't expect that the simulation questions you have done will really appear in the examination room. Understanding the essence is the most important. When you do AIO questions can achieve 80% of the correct rate, it is time to prepare for the exam!

0x04 training class

Is the tutorial class useful? My experience is that the most important role of the tutoring class is to help you sort out the context of knowledge and tell you which points are likely to be tested more and which points are less likely to appear in the test from the perspective of the past. So, don't listen to what they boast about 90% +, but they can really save you review time.

Role of 0x05 CISSP and others

Some people say that after getting CISSP, the annual salary can be increased by XX%. I think this is the propaganda strategy of the tutorial class. Some people say that CISSP does not test specific attack and defense technology, and the certificate is useless. I think it's just a techno talk. In the eight months of preparing for the exam, I have combed all the knowledge points in all fields of safety at least once and broadened my knowledge. It's the most important thing to re architect a comprehensive understanding of security. Having achieved the first goal of 2016, I am still in a good mood.

Finally, all the colleagues who live for CISSP passed the test as soon as possible!