You are on page 1of 30

CISSP

Certified Information Systems Security Professional

http://www.testinsides.com/CISSP.html

CISSP Exam Description
CISSP Exam Information - Certified
Information Systems Security Professional

For the Next Generation of Information Security Leaders
The vendor-neutral CISSP certification is the ideal credential
for those with proven deep technical and managerial
competence, skills, experience, and credibility to design,
engineer, implement, and manage their overall information
security program to protect organizations from growing
sophisticated attacks.
Backed by (ISC)², the globally recognized, not-for-profit
organization dedicated to advancing the information security
field, the CISSP was the first credential in the field of
information security to meet the stringent requirements of
ISO/IEC Standard 17024. Not only is the CISSP an
objective measure of excellence, but also a globally
recognized standard of achievement.

http://www.testinsides.com/CISSP.html

Who should obtain the CISSP
certification?
The CISSP is ideal for those working in positions such as, but
not limited to:




Security Consultant
Security Manager
IT Director/Manager
Security Auditor
Security Architect

 Security Analyst
 Security Systems Engineer
 Chief Information Security
Officer
 Director of Security
 Network Architect

http://www.testinsides.com/CISSP.html

Globally Recognized Standard in
Information Security
The CISSP draws from a comprehensive, up-to-date, global
common body of knowledge that ensures security leaders
have a deep knowledge and understanding of new threats,
technologies, regulations, standards, and practices. The
CISSP exam tests one's competence in the 8 domains of the
CISSP CBK, which cover:
 Security and Risk Management
 Asset Security
 Security Engineering
 Communications and Network Security
 Identity and Access Management
 Security Assessment and Testing
 Security Operations
 Software Development Security

http://www.testinsides.com/CISSP.html

Exam CISSP Schedule

For more information on the CISSP credential, download the
CISSP Brochure .
All (ISC)² certifications, except CCSP, CCFP, and HCISPP,
are accredited by the American National Standards Institute
(ANSI) to be in compliance with the International
Organization for Standardization and
International
Electrotechnical Commission (ISO/IEC) 17024 Standards.

http://www.testinsides.com/CISSP.html

CISSP® - Why Certify?
People are the Key to a Secure Organization
In an increasingly complex cyber world, there is a growing need for
information security leaders who possess the breadth and depth of expertise
necessary to establish holistic security programs that assure the protection of
organizations’ information assets. That’s where the CISSP comes in.

The CISSP Helps You:
 Validate your proven competence gained through years of experience in
information security
 Demonstrate your technical knowledge, skills, and abilities to effectively
develop a holistic security program set against globally accepted standards
 Differentiate yourself from other candidates for desirable job openings in
the fast-growing information security market
 Affirm your commitment to the field and ongoing relevancy through
continuing professional education and understanding of the most current
best practices
 Gain access to valuable career resources, such as networking and ideas
exchange with peers
The CISSP Helps Employers:
 Protect against threats with qualified professionals who have the expertise
to competently design, build, and maintain a secure business environment
 Ensure professionals stay current on emerging threats, technologies,
regulations, standards, and practices through the continuing professional
education requirements
 Increase confidence that candidates are qualified and committed to
information security
 Ensure employees use a universal language, circumventing ambiguity with
industry-accepted terms and practices
 Increase organizations’ credibility when working with clients and vendors
CISSP in the News
 CISSP Sets Professionals Apart in the IT Security Field" - About.com
 56% of Cyber Jobs in Contracting Industry Require CISSP" - The
Washington Post
 Best Professional Certification Program" - SC Magazine

http://www.testinsides.com/CISSP.html

How to Get Your CISSP®
Certification
1. Obtain the Required Experience
Candidates must have a minimum of five years cumulative paid full-time work experience in two or more of the 8
domains of the (ISC)² CISSP CBK®. Candidates may receive a one year experience waiver with a 4-year college
degree, or regional equivalent or additional credential from the (ISC)² approved list, thus requiring four years of
direct full-time professional security work experience in 2 or more of the 8 domains of the CISSP CBK.
Don't have the experience? Become an Associate of (ISC)² by successfully passing the CISSP exam. You'll have 6
years to earn your experience to become a CISSP.

2. Study for the Exam



Download the Exam Outline
Buy the textbook, the Official (ISC)² Guide to the CISSP
Take an (ISC)² CBK Training Seminar for the CISSP
Study the Interactive Flashcards

3. Schedule the CBT Exam
 Create an account at Pearson Vue and schedule your exam. The CISSP exam is offered in English, French,
German, Portuguese, Spanish, Japanese, Simplified Chinese, and Korean.
 Complete the Examination Agreement, attesting to the truth of your assertions regarding professional
experience and legally committing to the adherence of the (ISC)² Code of Ethics.
 Review the Candidate Background Questions.
 Submit the examination fee.

4. Pass the Exam
Pass the CISSP examination with a scaled score of 700 points or greater. Read the Exam Scoring FAQs.

5. Complete the Endorsement Process
Once you are notified that you have successfully passed the examination, you will be required to subscribe to the
(ISC)² Code of Ethics and have your application endorsed before the credential can be awarded. An endorsement
form for this purpose must be completed and signed by an (ISC)² certified professional who is an active member,
and who is able to attest to your professional experience. With the endorsement time limit, you are required to
become certified within nine months of the date of your exam or become an Associate of (ISC)². If you do not
become certified or an Associate of (ISC)² within 9 months of the date of your exam, you will be required to
retake the exam in order to become certified. (ISC)² can act as an endorser for you if you cannot find a certified
individual to act as one. Please refer to the Endorsement Assistance Guidelines for additional information about
the endorsement requirements.

6. Maintain the CISSP Certification
Recertification is required every 3 years by meeting all renewal requirements, which include:
Earn and submit a minimum of 40 continuing professional education (CPE) credits each year of the 3-year
certification cycle and total of 120 CPE credits by the end of the 3-year certification cycle. For CISSPs who hold
one or more concentrations, CPE credits submitted for the CISSP Concentration(s) will be counted toward the
annual minimum CPE credits required for the CISSP.
Pay the annual maintenance fee (AMF) of US$85 each year of the 3-year certification for a total cycle
Abide by the (ISC)² Code of Ethics
For more details concerning the CISSP annual maintenance and renewal requirements, please contact (ISC)²
Member Services at membersupport@isc2.org.

Audit Notice*
Passing candidates will be randomly selected and audited by (ISC)² Member Services prior to issuance of any
certificate. Multiple certifications may result in a candidate being audited more than once.

http://www.testinsides.com/CISSP.html

Experience Waiver for CISSP®
CISSP candidates are eligible to waive one year of professional experience
if certain circumstances apply and with appropriate documentation.
The purpose of this is to recognize the efforts of any CISSP candidate who
has received education and/or any credential deemed as approved, and
apply it toward a waiver of experience.

Policy
A candidate shall be permitted a waiver of one year experience if:
Based on a candidate’s education
Candidates can substitute a maximum of one year of direct full-time
security professional work experience described above if they have a fouryear college degree or regional equivalent or an advanced degree in
information security from the U.S. National Center of Academic Excellence
in Information Assurance Education (CAE/IAE).

OR
For holding an additional credential on the (ISC)² approved list below
Valid experience includes information systems security-related work
performed as a practitioner, auditor, consultant, investigator, or instructor
that requires information security knowledge and involves the direct
application of that knowledge. The five years of experience must be the
equivalent of actual full-time information security work (not just
information security responsibilities for a five-year period); this requirement
is cumulative, however, and may have been accrued over a much longer
period of time.

http://www.testinsides.com/CISSP.html

CISSP Training Straight from the
Source
(ISC)² is the creator of the CISSP exam, so why would you get your training anywhere
else? The (ISC)² Official CBK Training Seminar for the CISSP is the key to success in
obtaining your certification.

CISSP Course Overview
Led by an (ISC)² authorized instructor, this training seminar provides a comprehensive
review of information security concepts and industry best practices, covering the 8
domains of the CISSP CBK:







Security and Risk Management
Asset Security
Security Engineering
Communications and Network Security
Identity and Access Management
Security Assessment and Testing
Security Operations
Software Development Security

Several types of activities are used throughout the course to reinforce topics and increase
knowledge retention. These activities include open ended questions from the instructor to
the students, matching and poll questions, group activities, open/closed questions, and
group discussions. This interactive learning technique is based on sound adult learning
theories.
This training course will help candidates review and refresh their information security
knowledge and help identify areas they need to study for the CISSP exam and features:




Official (ISC)² courseware
Taught by an authorized (ISC)² instructor
Student handbook
Collaboration with classmates
Real-world learning activities and scenarios

http://www.testinsides.com/CISSP.html

Who should attend?

This training course is intended for professionals who have at least
5 years of recent full-time professional work experience in 2 or
more of the 8 domains of the CISSP CBK and are pursuing CISSP
training and certification to acquire the credibility and mobility to
advance within their current information security careers. The
training seminar is ideal for those working in positions such as, but
not limited to:









Security Consultant
Security Manager
IT Director/Manager
Security Auditor
Security Architect
Security Analyst
Security Systems Engineer
Chief Information Security Officer
Director of Security
Network Architect

http://www.testinsides.com/CISSP.html

Official (ISC)² CBK® Training &
Paper-based Examination Search
All certification and concentrations examinations
offered by (ISC)² are available at all locations on all
the scheduled dates.
Certification Training
Official (ISC)² CBK Training Seminars are available
through (ISC)² Training Centers and Official Training
Providers around the globe. If it’s not official it’s not
the most up-to-date and relevant content. (ISC)²
Training is available in-class or Live OnLine. SC
Magazine Award Winner
Examination
All (ISC)² certification examinations are available at
Pearson Vue Centers around the globe. Paper-based
examinations are available only on a limited basis. All
examinations offered by (ISC)² are available at all
locations on all the scheduled dates. Be sure to
download your Exam Outline to help you in your
studies.
Search Hint
To list the widest range of training and paper-based
exams available:
leave all search fields blank; or
select a country from the pull down menu and leave
all other fields blank.

http://www.testinsides.com/CISSP.html

(ISC)² Official Training Providers

(ISC)² has Official Training Providers including leading IT training
centers and associations in Europe, the Middle East, and Asia to
assist security professionals and practitioners in obtaining the
"Gold Standard" in Information Security certification.
To ensure you receive the Official CBK® Training Seminar with
the most up-to-date and relevant content, delivered by authorized
instructors, make sure you look for the mark of an (ISC)² Official
Training Provider.
Interested in becoming an Official Training Provider? Learn more
here




Africa Official Training Providers
Americas Official Training Providers
Asia-Pacific Official Training Providers
Europe Official Training Providers
Middle East Official Training Providers

http://www.testinsides.com/CISSP.html

Learning Objectives



Understand and apply the concepts of risk assessment, risk analysis, data
classification, and security awareness and Implement risk management and
the principles used to support it (Risk avoidance, Risk acceptance, Risk
mitigation, Risk transference)
Apply a comprehensive and rigorous method for describing a current and/or
future structure and behavior for an organization's security processes,
information security systems, personnel, and organizational sub-units so
that these practices and processes align with the organization's core goals
and strategic direction and address the frameworks and policies, concepts,
principles, structures, and standards used to establish criteria for the
protection of information assets, as well as to assess the effectiveness of
that protection and establish the foundation of a comprehensive and
proactive security program to ensure the protection of an organization’s
information assets
Apply a comprehensive and rigorous method for describing a current and/or
future structure and behavior for an organization's security processes,
information security systems, personnel, and organizational sub-units so
that these practices and processes align with the organization's core goals
and strategic direction and examine the principles, means, and methods of
applying mathematical algorithms and data transformations to information
to ensure its integrity, confidentiality, and authenticity
Understand the structures, transmission methods, transport formats, and
security measures used to provide confidentiality, integrity, and availability
for transmissions over private and public communications networks and
media and identify risks that can be quantitatively and qualitatively
measured to support the building of business cases to drive proactive
security in the enterprise.
Offer greater visibility into determining who or what may have altered data
or system information, potentially affecting the integrity of those asset and
match an entity, such as a person or a computer system, with the actions
that entity takes against valuable assets, allowing organizations to have a
better understanding of the state of their security posture.
Plan for technology development, including risk, and evaluate the system
design against mission requirements, and identify where competitive
prototyping and other evaluation techniques fit in the process
Protect and control information processing assets in centralized and
distributed environments and execute the daily tasks required to keep
security services operating reliably and efficiently.
Understand the Software Development Life Cycle (SDLC) and how to apply
security to it, and identify which security control(s) are appropriate for the
development environment, and assess the effectiveness of software
security

http://www.testinsides.com/CISSP.html

ISC CISSP Exam Outline

Exam Outlines provided in the Candidate Information
Bulletin (CIB) for (ISC)²® certification examinations are
available in PDF format. These outlines were developed
to provide candidates with basic information about the
domains covered in the examination. The outlines are not
intended to be in-depth reviews of the examinations, nor
should they be considered as replacements for the
experience and knowledge necessary for successful
performance. To learn about how (ISC)² keeps its
certifications current and relevant please read the Job
Task Analysis whitepaper.

http://www.testinsides.com/CISSP.html

Download your free copy now

Complete and submit the form below to download the
Exam Outline (Candidate Information Bulletin) of your
choice. Please enter all information and make sure
your email address is valid. All information you submit
using this form will be kept in the strictest confidence.
Please refer to our privacy policy for further details. To
protect your information, your response is 128-bit SSL
enabled and all information is encrypted.

http://www.testinsides.com/CISSP.html

Demo of ISC CISSP Practice Test
Question No : 1
Which of the following is generally indicative of a replay
attack when dealing with biometric authentication?
A. False Acceptance Rate (FAR) is greater than 1 in
100,000
B. False Rejection Rate (FRR) is greater than 5 in 100
C. Inadequately specified templates
D. Exact match
Answer

Exact match

http://www.testinsides.com/CISSP.html

Demo of ISC CISSP Practice Test
Question No : 2
Which one of the following considerations has the LEAST
impact when considering transmission security?
A. Network availability
B. Data integrity
C. Network bandwidth
D. Node locations

Answer

Network bandwidth

http://www.testinsides.com/CISSP.html

Demo of ISC CISSP Practice Test
Question No : 3
Which of the following is the BEST solution to provide
redundancy for telecommunications links?
A. Provide multiple links from the same
telecommunications vendor.
B. Ensure that the telecommunications links connect to
the network in one location.
C. Ensure that the telecommunications links connect to
the network in multiple locations.
D. Provide multiple links from multiple
telecommunications vendors.
Answer

Provide multiple links from multiple
telecommunications vendors

http://www.testinsides.com/CISSP.html

Demo of ISC CISSP Practice Test
Question No : 4
Which of the following statements is TRUE of black box
testing?
A. Only the functional specifications are known to the
test planner.
B. Only the source code and the design documents are
known to the test planner.
C. Only the source code and functional specifications are
known to the test planner.
D. Only the design documents and the functional
specifications are known to the test planner.
Answer

Only the functional specifications
are known to the test planner.

http://www.testinsides.com/CISSP.html

Demo of ISC CISSP Practice Test
Question No : 5

Which of the following is the BIGGEST weakness when usin
native Lightweight Directory Access Protocol (LDAP) for
authentication?
A. Authorizations are not included in the server response
B. Unsalted hashes are passed over the network
C. The authentication session can be replayed
D. Passwords are passed in cleartext

Answer

Passwords are passed in cleartext

http://www.testinsides.com/CISSP.html

Demo of ISC CISSP Practice Test
Question No : 6
In order for a security policy to be effective within
an organization, it MUST include

A. strong statements that clearly define the
problem.
B. a list of all standards that apply to the policy.
C. owner information and date of last revision.
D. disciplinary measures for non compliance.
Answer

disciplinary measures for non
compliance

http://www.testinsides.com/CISSP.html

Demo of ISC CISSP Practice Test
Question No : 7
What is the PRIMARY difference between security
policies and security procedures?
A. Policies are used to enforce violations, and procedures
create penalties
B. Policies point to guidelines, and procedures are more
contractual in nature
C. Policies are included in awareness training, and
procedures give guidance
D. Policies are generic in nature, and procedures contain
operational details
Answer

Policies are generic in nature, and
procedures contain operational details

http://www.testinsides.com/CISSP.html

Demo of ISC CISSP Practice Test
Question No : 8

Application of which of the following Institute of
Electrical and Electronics Engineers (IEEE)
standards will prevent an unauthorized wireless
device from being attached to a network?
A. IEEE 802.1F
B. IEEE 802.1H
C. IEEE 802.1Q
D. IEEE 802.1X
Answer

IEEE 802.1X

http://www.testinsides.com/CISSP.html

Demo of ISC CISSP Practice Test
Question No : 9

Which one of the following transmission media is
MOST effective in preventing data interception?
A. Microwave
B. Twisted-pair
C. Fiber optic
D. Coaxial cable

Answer

Fiber optic

http://www.testinsides.com/CISSP.html

Demo of ISC CISSP Practice Test
Question No : 10

What is the MOST efficient way to secure a
production program and its data?
A. Disable default accounts and implement access
control lists (ACL)
B. Harden the application and encrypt the data
C. Disable unused services and implement
tunneling
D. Harden the servers and backup the data
Answer

Harden the application and encrypt
the data

http://www.testinsides.com/CISSP.html

Tested and Approved

Valid and accurate study material by
Testinsides.com. All of our products Q&A
are tested and approved by our experts.

http://www.testinsides.com/CISSP.html

Guaranteed to Pass

Test inside ensure your 100% passing
Guarantee. We provide you all latest and
updated exam questions and answers which
are easy to learn in PDF and Testing Engine
Format.

http://www.testinsides.com/CISSP.html

Quality and Value

We beleive in Quality material. All of our
Questions and Answers are well shaped in PDF
and Simulator format. These products are realy
worth of your valueable.

http://www.testinsides.com/CISSP.html

Try Before Buy

100% Success is ensured as per Money back
Guarantee Moreover we have also offer Free
demos on request so you can use them and
verify the standard, quality and accuracy.

http://www.testinsides.com/CISSP.html

Become Certified From
Testinsides.com

http://www.testinsides.com/CISSP.html