Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests

You'll take the exam in a computer-based testing center located near your home or office. The centers administer many different exams, so you may find yourself sitting in the same room as a student taking a school entrance examination and a healthcare professional earning a medical certification. If you'd like to become more familiar with the testing environment, the Pearson Vue website offers a virtual tour of a testing center.

home.pearsonvue.com/test-taker/Pearson-Professional-Center-Tour.aspx

When you take the exam, you'll be seated at a computer that has the exam software already loaded and running. It's a pretty straightforward interface that allows you to navigate through the exam. You can download a practice exam and tutorial from the Pearson Vue website.

http://www.vue.com/athena/athena.asp

At the time this book went to press, (ISC) 2was conducting a pilot test of at-home computer-based exams for CISSP candidates in the United States. It is possible that this pilot will be extended to a permanent product and may become available in additional countries. Check the (ISC) 2website for more information.

If you don't pass the CISSP exam, you shouldn't panic. Many individuals don't reach the bar on their first attempt, but gain valuable experience that helps them succeed the second time around. When you retake the exam, you'll have the benefit of familiarity with the CBT environment and CISSP exam format. You'll also have time to study the areas where you felt less confident.

After your first exam attempt, you must wait 30 days before retaking the computer-based exam. If you're not successful on that attempt, you may re-test after 60 days. If you don't pass after your third attempt, you can re-test after 90 days for that and any subsequent attempts. You can’t take the test more than 4 times within a single calendar year. You can obtain more information about (ISC)2 and its other certifications from its website at www.isc2.org.

Candidates who want to earn the CISSP credential must not only pass the exam but also demonstrate that they have at least five years of work experience in the information security field. Your work experience must cover activities in at least two of the eight domains of the CISSP program and must be paid, full-time employment. Volunteer experiences or part-time duties are not acceptable to meet the CISSP experience requirement.

You may be eligible to waive one of the five years of the work experience requirement based upon your educational achievements. If you hold a bachelor's degree or four-year equivalent, you may be eligible for a degree waiver that covers one of those years. Similarly, if you hold one of the information security certifications on the current (ISC) 2credential waiver list ( www.isc2.org/credential_waiver/default.aspx), you may also waive a year of the experience requirement. You may not combine these two programs. Holders of both a certification and an undergraduate degree must still demonstrate at least four years of experience.

If you haven't yet completed your work experience requirement, you may still attempt the CISSP exam. Individuals who pass the exam are designated Associates of (ISC) 2and have six years to complete the work experience requirement.

Once you've earned your CISSP credential, you'll need to maintain your certification by paying maintenance fees and participating in continuing professional education (CPE). As long as you maintain your certification in good standing, you will not need to retake the CISSP exam.

Currently, the annual maintenance fees for the CISSP credential are $125 per year. This fee covers the renewal for all (ISC) 2certifications held by an individual.

The CISSP CPE requirement mandates earning at least 120 CPE credits during each three-year renewal cycle. Associates of (ISC) 2must earn at least 15 CPE credits each year. (ISC) 2provides an online portal where certificate holders may submit CPE completion for review and approval. The portal also tracks annual maintenance fee payments and progress toward recertification.

This book is composed of 12 chapters. Each of the first eight chapters covers a domain, with a variety of questions that can help you test your knowledge of real-world, scenario, and best-practice security knowledge. The final four chapters are complete practice exams that can serve as timed practice tests to help determine whether you're ready for the CISSP exam.

We recommend taking the first practice exam to help identify where you may need to spend more study time and then using the domain-specific chapters to test your domain knowledge where it is weak. Once you're ready, take the other practice exams to make sure you've covered all the material and are ready to attempt the CISSP exam.

All the questions in this book are also available in Sybex's online practice test tool. To get access to this online format, go to www.wiley.com/go/sybextestprepand start by registering your book. You'll receive a PIN code and instructions on where to create an online test bank account. Once you have access, you can use the online version to create your own sets of practice tests from the book questions and practice in a timed and graded setting.

SUBDOMAINS

1.1 Understand, adhere to, and promote professional ethics

1.2 Understand and apply security concepts

1.3 Evaluate and apply security governance principles

1.4 Determine compliance and other requirements

1.5 Understand legal and regulatory issues that pertain to information security in a holistic context

1.6 Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)

1.7 Develop, document, and implement security policy, standards, procedures, and guidelines

1.8 Identify, analyze, and prioritize Business Continuity (BC) requirements

1.9 Contribute to and enforce personnel security policies and procedures

1.10 Understand and apply risk management concepts

1.11 Understand and apply threat modeling concepts and methodologies

1.12 Apply Supply Chain Risk Management (SCRM) concepts

1.13 Establish and maintain a security awareness, education, and training program

1 Alyssa is responsible for her organization's security awareness program. She is concerned that changes in technology may make the content outdated. What control can she put in place to protect against this risk?GamificationComputer-based trainingContent reviewsLive training

2 Gavin is creating a report to management on the results of his most recent risk assessment. In his report, he would like to identify the remaining level of risk to the organization after adopting security controls. What term best describes this current level of risk?Inherent riskResidual riskControl riskMitigated risk

3 Francine is a security specialist for an online service provider in the United States. She recently received a claim from a copyright holder that a user is storing information on her service that violates the third party's copyright. What law governs the actions that Francine must take?Copyright ActLanham ActDigital Millennium Copyright ActGramm Leach Bliley Act