1. The conceptual model is the foundation to prepare for the CISSP exam. Build your conceptual model before diving into the details. The Amicliens InfoSec Conceptual Model presented in the CISSP Starter page is a good example. You can build your own.
2. It creates no value reading cover to cover or a bunch of books or running through thousands of practice questions without effective understanding. it’s a good indicator for you to verify your comprehension: try to explain the CISSP exam outline to your colleagues or friends, and you will know it.
3. Understand the core concept through crucial terminologies. Define them precisely. e.g. Domain 1: Security and Risk Management.
   What is Security?
   What is Risk?
   What is Risk Management?
4. Set your goal and plan for your journey before you go. Seriously, exam questions in the CISSP exam are not that hard IMO, but to move through the CISSP journey and kill the beast is absolutely a big challenge. Considering all the common factors CISSP aspirants faced, CISSP could be one of the most challenge exams like GMAT, CBAP, or PMP. A SMART goal, workable plan, and determination and discipline contribute to your success.
5. Last but not least, joining the CISSP community or groups makes your journey more interesting! Join and invite your friends to my Facebook group, the Effective CISSP!
   https://www.facebook.com/groups/EffectiveCISSP

Your company finished conducting an asset inventory. As the head of the sales department, you are assigned as the data owner of the customer master data. You are learning about the role and responsibility of the data owner. Which of the following is least related to the data owner?
A. Classify the data based on business value
B. Delegate the system administrator to authorize users
C. Take the ultimate responsibility if the data is breached
D. Define the classification scheme

Continue reading →

You are the CISO for a global company. After studying the mission vision, strategic goals, the corporate strategy, and business and security requirements, you start to develop the information security strategy. Which of the following should you conduct first?
A. Determine the blueprint and milestones
B. Conduct gap analysis
C. Consider resources and constraints
D. Develop an information security program policy

Continue reading →

Your company decides to engineer an information system in-house to support the new business of selling toys online. The development team is in the process of selecting the compiled programming language to develop the back-end system which deals with the business logic and data access and will be evaluated in terms of performance, availability, scalability, security, maintenance, and extensibility, while security is the most concern. Which of the following is the most appropriate?
A. C++
B. Python
C. Java
D. JavaScript with Node.js

Continue reading →

You are implementing remote access solutions to support employees traveling on business. They will connect mobile phones or laptops to corporate networks, on the road or in the hotel, via the unprotected public network. Which of the following is least likely used?
A. 802.1X
B. eXtensible Access Control Markup Language
C. IPSec VPN with tunnel mode
D. RADIUS

Continue reading →