cissp 第八版_第一次尝试通过cissp的六个技巧

cissp 第八版

I am writing this coming off a pass on the CISSP exam; I completed it this morning after preparing for over a month for the actual exam. The exam itself is just as formidable as the online forums will have you believe, so I thought I would document my top tips while they are fresh.

我是在CISSP考试中通过考试的； 在准备一个月以上的实际考试后，我今天早上完成了考试。 考试本身就像在线论坛会让您相信的那样可怕，因此我认为我会在新知识提示时记录下来。

Some of these tips may seem a bit generic, but my strongest recommendation would be to make sure you have the experience to take the exam first. If you are on the fence about whether you have the required knowledge, maybe try some practice tests and if you score under 50%, you will struggle and may want to save your money for when you have gained the required experience.

其中一些技巧似乎有些通用，但是我最强烈的建议是确保您具有先参加考试的经验。 如果您对是否具备必需的知识持怀疑态度，可以尝试一些实践测试，并且如果您的分数不超过50％，您将很挣扎，并且可能希望在获得所需的经验后省钱。

I initially looked at completing CISSP over five years ago when it was a paper-based test, and I did all the preparation required, including weeks of practice tests. However, at the time, I decided not to risk failure (and my cash). I had over the required five years of experience in cybersecurity at the time (and 15 years of development experience). The depth of understanding I have now is so much more significant, and in hindsight, I am not sure if I would have passed the exam that I took today.

我最初是在五年前完成CISSP的纸质考试时才考虑完成的，我做了所有必要的准备工作，包括数周的实践测试。 但是，当时，我决定不冒险(和我的现金)冒险。 当时，我拥有超过5年的网络安全经验(以及15年的开发经验)。 我现在所具有的理解深度更加重要，事后看来，我不确定我是否会通过我今天参加的考试。

I am glad that I did take the time to gain additional experience because I felt that it helped me this time around. The previous preparation also helped me this time around.

我很高兴我花时间来获得更多的经验，因为我觉得这一次对我有所帮助。 之前的准备工作也对我有帮助。

I have no idea which questions I got right, I passed in 115 questions, and it took me around 85 minutes, which leads me to my first tip.

我不知道哪个问题是对的，我回答了115个问题，这花了我大约85分钟的时间，这使我有了第一条建议。

确保您了解考试的内容。 (Make sure you understand what the exam entails.)

I read a lot about the exam before I booked my test date. There is a lot of out of date information online, and some people seem surprised by the actual format of the test, so here is my summary:

在预定考试日期之前，我对考试有很多了解。 在线上有很多过时的信息，某些人似乎对测试的实际格式感到惊讶，所以这是我的总结：

• The first thing you do is complete an NDA, which is why I’m not being specific in this article and won’t divulge any exam material.
  您要做的第一件事是完成一份NDA，这就是为什么我在本文中没有具体说明并且不会透露任何考试材料的原因。
• It is a computerised adaptive test with between 100 and 150 questions which you complete on a computer with a mouse.
  它是一种计算机化的自适应测试，包含100到150个问题，您可以使用鼠标在计算机上完成该问题。
• You will not be able to go back to a previous question and change your answer. When you click next, that answer is locked in.
  您将无法返回上一个问题并更改答案。 当您单击下一步时，该答案将被锁定。
• Questions will be multiple choice with four answers and interactive questions.
  问题将是带有四个答案和互动问题的多项选择。
• You will get a wipe-clean board to write notes.
  您将得到一块擦拭干净的黑板来写笔记。
• One surprise is you don’t get a score, most sites refer to 70% but you actually just get a pass/fail.
  一个惊喜是您没有得到分数，大多数网站都提到了70％，但实际上您只是通过/未通过。

The Boson Practice test is a good simulation of the look and feel of the test.

Boson Practice测试很好地模拟了测试的外观。

您的经验广度至关重要。 (Your breadth of experience is vital.)

The CISSP exam covers a vast range of topics, from physical security to encryption algorithms to software development lifecycle. It is therefore essential that you have a deep understanding of each of the areas for the exam.

CISSP考试涵盖了广泛的主题，从物理安全性到加密算法再到软件开发生命周期。 因此，对考试的每个领域都有深刻的了解是至关重要的。

If you are coming in as a Network Security Manager, with deep network experience but limited development experience, then you may struggle. Even with the breadth required, there is still depth on many topics within these domains, just understanding the process may not be enough.

如果您是网络安全管理人员，具有深厚的网络经验，但开发经验有限，那么您可能会遇到困难。 即使需要足够的广度，这些领域内的许多主题仍然有深度，仅了解过程可能还不够。

In my background, I have been a software developer, as well as Information Security Manager as well as Senior Manager. So I cover multiple domains of experience, and I relied on all of those skills to complete this exam.

在我的背景中，我曾担任软件开发人员，信息安全经理和高级经理。 因此，我涵盖了多个领域的经验，并且依靠所有这些技能来完成本考试。

I can see exactly why some people feel the exam is too technical or too focused on management; it has a healthy mix of both elements. If you lack in experience in one of those areas, you will feel quite beaten up after the exam.

我可以确切地理解为什么有些人认为考试过于技术性或过于侧重管理。 它既健康又融合了这两种元素。 如果您缺乏在这些领域之一的经验，那么考试后您会感到很沮丧。

使用官方参考书，很好。 (Use the official reference book, it is good.)

I found the Official Study Guide to be excellent, and it prepared me well for practice tests. The actual exam goes way beyond the information in the reference book. You will rely on your experience as well as the information in the reference book.

我发现《官方学习指南》非常出色，为我进行实践测试做好了准备。 实际考试远远超出了参考书中的信息。 您将依靠自己的经验以及参考书中的信息。

There were questions in the exam, including concepts that go beyond the reference material. You have to rely on your experience and knowledge to complete those.

考试中存在一些问题，包括超出参考材料的概念。 您必须依靠自己的经验和知识来完成这些工作。

I believe there is more detail in the Common Body of Knowledge, I didn’t read that in the same detail that I read the Official Study Guide.

我相信“共同知识体系”中有更多细节，我没有像阅读《官方学习指南》那样详细地阅读过。

考试是关于知识在死记硬背中的应用。 (The exam is about the application of knowledge over rote learning.)

I found that many of the practice tests focused a lot on the trivia of cybersecurity, The DoD Red/Orange book and general trivia around the subject matter.

我发现许多实践测试都将重点放在网络安全琐事，《国防部红色/橙色》书以及有关该主题的一般琐事上。

In practice, I found the actual exam to be a lot less trivia and a lot more about the application of the concepts in the reference material. You need to be able to understand the subject matter in enough detail to combine different elements of knowledge, experience and inference to answer the questions.

在实践中，我发现实际考试的琐事要少得多，而有关概念在参考资料中的应用则要多得多。 您需要能够足够详细地理解主题，以结合知识，经验和推理的不同元素来回答问题。

In my opinion, if you learn the material rote, you will fail.

我认为，如果您学习了死记硬背，将会失败。

仔细阅读问题； 您将需要推断信息。 (Read the questions carefully; you will need to infer information.)

I found that the Boson Practice Tests were relatively good preparation for the test-taking techniques. However, I thought they focused too much on the trivia of the subject matter, which may be a throwback to the paper-based test of old.

我发现玻色子实践测试相对较好地准备了考试技巧。 但是，我认为他们过多地关注主题的琐事，这可能是对纸质旧测试的一种回溯。

There were questions where I had to read carefully and infer information from them. In the practice tests, these are the questions that feel like they are trying to trick you. I didn’t feel any of the questions in the actual exam wanted to fool me; I just thought that they required some deduction. This deduction element the most significant area that differs from the practice exams.

在某些问题上，我必须仔细阅读并从中推断出信息。 在练习测试中，这些问题就像是在试图欺骗您。 我觉得实际考试中没有任何问题想骗我。 我只是认为他们需要一些扣除。 这是与练习考试不同的最重要领域。

Without specifics, a question might ask, an attack happens with X, Y and Z steps. What would have been the BEST way to prevent the attack? This type of question relies on you understanding the attack methodology and working back to understand what opportunities you had to prevent it. Y and Z could not happen without X happening first, so if you can prevent X then the attack would have been prevented.

如果没有细节，可能会问一个问题，X，Y和Z台阶会发生攻击。 阻止攻击的最佳方法是什么？ 这种类型的问题取决于您了解攻击方法并重新努力以了解必须采取哪些措施来阻止它。 Y和Z不可能在没有X发生的情况下发生，因此，如果您可以阻止X，那么攻击就可以避免。

Alternatively, it might rely on a deduction that X+Y = Z, and Z means that this occurred. Therefore Q would be the best way to prevent the attack.

或者，它可能依赖于推论X + Y = Z，并且Z表示发生了这种情况。 因此，Q是防止攻击的最佳方法。

It is impossible to learn that from the reference material, it relies on experience and background knowledge in the subject.

从参考资料中得知它依赖于该主题的经验和背景知识是不可能的。

学会像高级经理一样思考 (Learn to think like a Senior Manager)

Lots of people say that you need to think like a manager to pass CISSP. It is actually beyond that; you need to think like a senior manager.

很多人说，您需要像经理一样思考才能通过CISSP。 实际上超出了； 您需要像高级经理一样思考。

You need to have a good understanding of risk management, some technical depth and a sense of when to manage a process rather than getting stuck in to fix it.

您需要对风险管理有充分的了解，需要一定的技术知识，并且对何时管理流程有一定的了解，而不是专心解决问题。

If you are unsure, then err on the side of managing the process rather than jumping in with a technical fix because that is what a manager would typically do!

如果不确定，那么就错在管理流程方面，而不是立即进行技术修复，因为这通常是经理要做的！

CISSP is a daunting exam that requires both significant experience and preparation before embarking on an attempt. At $700 for a single exam attempt, it is expensive if you fail and online forums are full of people that are on their second and third attempt.

CISSP是一项艰巨的考试，在开始尝试之前，需要丰富的经验和准备。 一次考试的费用为700美元，如果您失败了，在线论坛上挤满了第二次和第三次尝试的人，这将是很昂贵的。

My recommendation is that if you are unsure, then take the time to prepare for the exam and try to build an understanding of whether you have the required experience to pass it. It isn’t just about having the required five years; you need to have applied knowledge and expertise beyond time-served.

我的建议是，如果您不确定，请花点时间准备考试，并尝试了解您是否具有通过考试所需的经验。 这不仅仅是要达到要求的五年时间； 您需要拥有超出时间的应用知识和专业知识。

翻译自: https://medium.com/the-innovation/six-tips-for-passing-cissp-on-the-first-attempt-82ab733ea93e

cissp 第八版