CISSP Certification Resources

(*) Highly Recommended for the Exam

About

I passed the CISSP exam on Jun 2nd 2020, under 2 hours. I had 20+ years of IT experience in various industries. But I did not specialize in Security Industry. I prepared for the exam for about 3 months. I took ISC2 Instructor led online training course (did not help much regarding certification exam). The student handbook for the training course covered the CISSP exam curriculum(With additional NIST references).

The exam tests the candidate's understanding of the subject and rational to pick best available option. It does not test the rote memorization.If you understood the process, there is no need to memorize the steps.

I took Cybrary's kellyhandrans CISSP course (When it was free at Cybrary) and Latest Larry Greenblatt's recorded CISSP online video training( 99$, well worth it), both helped to understand CISSP exam concepts and high quality questions came with it, helped to decode the actual exam questions. Used the Kaplan CISSP tests for practice.

As recent candidates mentioned most of the questions in the exam were on BCP, DRP, OWASP ,SDLC ,IAM ,NETWORK LAYERS/PROTOCOLS, CLOUD(to answer the cloud questions you have to delve deep into cloud computing topics in my experience). Most of the Questions were clearly described without using the words like not, least, max, min and short (3 or 4 sentences). Questions were not page long as some of the practice exam portray. No drag and drop questions either. I was able to answer the question first time I read and did not change the answer after re reviewing. No calculations, no formula's in the exam, but only one question with NIST number (May be that was not counted for evaluation). Since I could not go back after answering the question , I took more time for each question .

In my opinion, the exam can be passed without going through the paid courses(Unless somebody pays for you). But I did not have any Idea how to study for this exam at the beginning. I tried to stich up the freely available resources ((*) marked ), which will cover most of the exam aspects.If you have already some experience in networking and software security, they can get you through the exam without paid resources.If you dont have network,security experience start with the official CISSP study guide. Most used CISSP study guide is: (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 8th Edition.

Listing the free resources I Used during CISSP Certification studies. I will keep updating resources in the future. Please let me know if the links are not working or any good free resources available to add to the web page.


Saiprasad C Bandlora
Email:bandloras@outlook.com

CISSP-Exam-Outline

Quick Way to Start studying for CISSP , Short chapter summary videos From Destination Certification
Destination Certification : Quick Review of CISSP chapters (*)

Another Source which can be a good start
CISSP EXAM PREP - Super Study Guide (*)

If you dont have experience in networking and security, go through one of the official CISSP study guides.The popular one is(You can choose which is more suitable to you): (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 8th Edition.

Cheat Sheets

Domain 1: Security and Risk Management
Domain 2: Asset Security
Domain 3: Security Architecture and Engineering
Domain 4: Communications and Network Security
Domain 5: Identity and Access Management
Domain 6: Security Assessment and Testing
Domain 7: Security Operations
Domain 8: Software Development Security

CISSP Exam Tips

Larry Greenblatt - CISSP 2018 Exam Tips (35:48)(*)
Kelly Handerhan - Why you WILL pass the CISSP (16:51)(*)
CISSP Exam Changes: Tips and tricks to pass the new CAT format (34:01)(*)

How to answer CISSP Questions

Larry Greenblatt's Questions (*)
How to Answer Hard CISSP Questions in 5 Steps (08:17)(*)
How to Answer CISSP Exam Questions (10:06)(*)

Main Exam Resources

2020 CISSP Boot Camp (*)

Larry Greenblats Latest 5 Day Prerecorded Boot Camp(with 100 Questions) - 99.95$ Well Worth purchasing
OR
Larry Greenblatt's 8 Domains of CISSP 2015 Still Good For the exam (*)

MP3's from Kelly's Cybrary course. (*)
Kelly Handerhan's CISSP Course Powerpoint Presentation (*)
BCP/DRP By Larry Greenblatt (*)

Other Resources

2020 CISSP Mentor Program
CISSP MasterClass - Mission 1000 CISSP's In 2020!
CISSP in 30 Days with Google Classroom (You can join free google class room, check for the code in youtube comments)

CISSP Relavent NIST Documents (*)

Read the important portions of the doucment like classification, etc make summary notes to remember later. NIST documents Condensed information is covered in various sections of the course materials.

(ISC)' Code of Ethics :
NIST SP 800-34 Rev 1: Contingency Planning Guide for Federal Information Systems
NIST SP 800-37 Rev 2: Risk Management Framework for Information Systems and Organizations:
NIST SP 800-41 Rev 1: Guidelines on Firewalls and Firewall Policy.
NIST 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations.
NIST 800-53A Rev 4: Assessing Security and Privacy Controls in Federal Information Systems and Organizations.
NIST SP 800-61, Rev 2: Computer Security Incident Handling Guide
NIST SP 800-88, Rev 1: Guidelines for Media Sanitization.
NIST SP 800-115: Technical Guide to Information Security Testing and Assessment.
NIST SP 800-122: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII).
NIST SP 800-124, Rev 1: Guidelines for Managing the Security of Mobile Devices in the Enterprise.
NIST SP 800-137: Information Security Continuous Monitoring (ISCM) for ederal Information Systems and Organizations
NIST 800-153: Guidelines for Securing Wireless Local Area Networks (WLANs):
FIPS PUB 140-2 Security Requirements For Cryptographic Modules
NIST 800-125 Guide to Security for Full Virtualization Technologies

Useful Videos for CISSP

Common Criteria in 5 minutes, What is Common Criteria? (05:07) (*)
Kerberos Authentication Explained | A deep dive (16:51)(*)
Digital Certificates Explained - How digital certificates bind owners to their public key (10:05) (*)
Reflected XSS Cross-site Scripting) | CISSP Answers (06:15) (*)
Stored XSS (Cross-site Scripting) | CISSP Answers (06:20) (*)
What is the TCB | CISSP Answers (03:42) (*)

Bell LaPadula (13:44)
Clark Wilson Model (04:52)
Biba Integrity Model (5:31)
Webinar: Business Continuity Management: Impact Analysis and Risk Assessment (59:18)

Useful Articles

OWASP Top Ten
OWASP A1:2017-Injection
OWASP A2:2017-Broken Authentication
OWASP A3:2017-Sensitive Data Exposure
OWASP A4:2017-XML External Entities (XXE)
OWASP A5:2017-Broken Access Control
OWASP A6:2017-Security Misconfiguration
OWASP A7:2017-Cross-Site Scripting (XSS)
Attack Surface Analysis Cheat Sheet

CISSP Domain Summary

Destination Certification : Quick Review of CISSP chapters (*)

CISSP - Work note
Memory Palace -Prashant Mohan.pdf
Sunflower CISSP Summary

Practice Questions

Wentz Wu -Practice Questions of the Day(Quotd) (*)
Adam's - CISSP Quotd (*)
IT Dojo - CISSP Quotd (*)
FRSecure CISSP Mentor Program- Practice Questions (*)
Free-daily-cissp-questions (*)

Test Questions
Exam Prep Practice Quiz
CISSP-practice-exam-free-online-test-questions
Training Camp Free CISSP Quiz
cissp-certification-sample-questions
GO-Certify Free Quizzes

Practice Tests

Brainscape Flashcards (*)

Android App:CISSP Practice Test Free 2020
YASNA CISSP Free Prctice Test
Simplilearn Free CISSP Exam Prep Practice Test
Syngress Practice Test (Require Adobe Flash)
McGraw-Hill Practice Test (Require Adobe Flash)

Exam Day Tips

On the exam previous day I did not read much. Reviewed the notes and Watched some CISSP summary charpter video's on YouTube (Destination Certification). Went to bed early.

Next Day, I just reviewed the some important notes I had written again and few memory map videos on YouTube, since my exam was in the afternoon. I tried to keep my body and mind fresh. I recommend not to read questions on the exam day because that may not help answering exam questions.

While answering the questions I did not spend too much time on managing the clock.(Checked like once in 30 min are so). When I was going too fast I slowed down, when I was too slow, I tried to pick up the pace.

ISACA Glossary

ISACA Glossary

Cissp Terms

Cissp Terms With description and pronounciation