Welcome back to CISSP Preps part 2! A little progress report: I have answered ~500 questions from the OSG, 2053 questions in LearnZapp, 300 practice questions on QE, done 5 non-CAT exams and 2 CAT exams.
I recommend you watch Peter Zerger’s READ strategy video and read Jeffrey Moore’s post on how to answer difficult questions. I’ll expand on that with my personal experience. Please have a seat, allow me to share my thoughts.
Train managing your time#
Don’t rush your reading. I sometimes find myself trying to rush through it, even though I’m fully aware I have 72 seconds per question,which should be plenty to read it a couple of times and think about the answers. I’ve noticed I take more time on the last questions of the exam as my concentration drops and my time goes up.
Identify keywords#
Be on the lookout for words like NOT, MOST, LEAST, BEST, WORST, FIRST, LAST, spot those before anything else. I’ve answered so many questions wrong because the question was asking the opposite of what I answered. Don’t be like me. Read carefully, and you will come across these keywords more often than not.
Understand what is being asked#
I find this particularly difficult. Some questions are written with a lot of irrelevant fluff to distract you. This is especially true for long, scenario based questions. The tricky part is decoding what’s actually being asked, particularly when “fancy terms” show up (see below). Some people suggest reading the last sentence first to shed some light on the question. I do that whenever I need to read something again (sometimes several times) to figure out what they’re actually after.
Mind the fancy terms#
I find this exam to be more of a comprehension test than anything else. Comprehension of the 8 Domains and the English language. To add an extra layer of difficulty, questions use fancy terms to ask about relatively straightforward concepts. I find myself confused often. Partly because English is my second language, and partly because I’m a bit illiterate myself. QE’s advice is to “don’t get held up on verbiage too much.” yeah… right! So I’ve been taking notes on words that confused me and put together a table I call the “Illustrated to Plantpot Conversion Chart: Fancy Terms and What They Probably Mean.” There you can find my interpretation of what these fancy (and spicy!) terms actually (probably) mean.
| Fancy Terms | What they probably mean |
|---|---|
| Abridge | Reduce or shorten |
| Adjudicate | Evaluate or resolve something |
| Amenability | In compliance with standards |
| Appraisal of standards | Verify the established guidelines |
| Assessor | Auditor |
| Charter | For private use |
| Coalescence | To merge or combine something |
| Confer | Grant rights |
| Conservancy | Preserve evidence |
| Contract breach | If related to a contract (not data), failure to meet obligations |
| Critiqued the data | Maintained data integrity |
| Data reliability | Data integrity |
| Defacement | Unauthorized modification, vandalism |
| Determine Parameters | Determine the scope in the requirements phase in SDLC |
| Disparate | Different |
| Disseminate | Share information |
| Elucidation | Present something to someone |
| Encompassing | Physical surroundings |
| Expunged | Completely erase something unwanted or unpleasant (you naughty boy!!!) |
| Fallout | Adverse side effects of a situation |
| Fiduciary risks | Financial risks |
| Forward secrecy | Ephemeral keys |
| Functional Architecture | Functional requirements (What the system should do) |
| Identify implications | Determine the impact |
| Identify predisposing conditions | Likelihood that an event will be harmful |
| Incessant | Constantly available |
| Leverage vulnerabilities | Exploit vulnerabilities |
| Litigation | Involved in a lawsuit |
| Lucid | Easy to understand (unlike the words in this list) |
| Misrepresentation of facts | Threat to data integrity and authenticity. What non-repudiation tries to prevent |
| Obtain credence | Get authorization |
| One way cryptography | Hashing |
| Overhaul | Rebuild or redesign |
| Penance | Punishment |
| Plaintiff | Party taking the case to court (complainant, accuser, petitioner, claimant) |
| Preservation of data | Data integrity |
| Provenance | History of evidence (Chain of custody) |
| Quality of data | Data integrity |
| Relinquish | Give information voluntarily |
| Scrutiny | Attention to details |
| Subpoenaed to testify | Required to provide testimony |
| Substantiate | To verify something |
| Substantiation | Authentication |
| System requirements | Non functional requirements (How the systems should do things) |
| Systemic risk | Potential of a single event to cause a massive outage |
| Unfettered | Unrestricted |
| Unbeknownst | Unknown |
| Under the commission of | With authorization to |
| Unrest | Public anger, people going rabble, rabble, rabble! |
| Uphold integrity | Consistent |
| Veracity of data | Data integrity |
| Verbiage | Excessively technical expressions (this list) |
| Vetted | Process of investigating, validating, verifying and evaluating |
I’m still a few days away from the exam. I’ll keep updating the list if I come across something new. I hope you find this helpful.