Activity
Mon
Wed
Fri
Sun
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
What is this?
Less
More

Memberships

CISSP Study Group

Public • 957 • Free

9 contributions to CISSP Study Group
Exam completed, I am free now :)
Hello friends, I have passed my CISSP exam on October 31st. I was doing intensive preparation during July – October. I made schedule and appointed time at each day. Obviously that I was not following all days due to family/job/personal circumstances, but in 90% it was possible to follow. I have 10 years dedicated experience in industrial cyber security and most of the technical domains was less or more easier for me, but Risk Management, Information Security Governance, Software development and especially CISSP mindset was really “terra incognito” for me. I did not acquire any bootcamps or in class trainings. I was using below resources in the following sequence: 1. Kelly Handerhan videos dated by 2017 2. ICS2 2021 book (reading respective chapter after completion watching video from step#1) 3. Doing Learnzapp test (Do not take Learnzapp questions as the real or similar to the CISSP exam, it is not true. The questions good to learn ICS2 book only) 4. Watching videos on the @PrabhNair1 and Andrew Ramdayal channel 5. Reading success stories in Skool CISSP Study Group (thanks to all folks in Skool community and to @M B for your time to answer on my questions) The exam was really not easy (before I was passed GICSP and CISM exams). I had the following challenges: 1. Domain#8 Software Development questions (I had a lot in my exam) 2. Could security questions 3. Language barrier – some questions I really was not able to understand due to specific English write up, despite I am living and working in English speaking environment. 4. Time, time, time. I have completed 150 questions in 171 min. I used only 2 minute break during the exam. Sometimes I was giving myself only 10-15 seconds on the question, to accumulate time for more challenging questions. The below picture is my Learnzapp balance on the last day of the exam. The progress bar was very subjective for me, but it was helping to track weakness and strength in the domains. As well it was good to quickly learn particular information by reviewing the test results (I suggest to review both - wrongly and correctly answered questions), it directs in dedicated ICS2 book chapter where you can read enhanced information.
16
20
New comment 15d ago
Exam completed, I am free now :)
1 like • 18d
Thanks to all of you guys!
Practice Question
Darrel believes that a database server in his environment was compromised using a SQL injection attack. Which one of the following actions would Darrel most likely take during the remediation phase of the attack? A. Rebuilding the database from backups B. Adding input validation to a web application C. Reviewing firewall logs D. Reviewing database logs
5
9
New comment 10d ago
2 likes • 23d
B
Domain 3: Public Key Infrastructure
As a Cybersecurity Progressional, you are researching a secure communication method for exchanging encryption keys only known between shared parties that is provable and guarantees security, relying only on a Shared Key encryption method to encrypt and decrypt messages. Which method would you choose?
Poll
16 members have voted
2
4
New comment 24d ago
Domain 3: Public Key Infrastructure
0 likes • 27d
@Peter Scheuermann Does quantum computing questions is already included in exam 2024?
Practice Question!
*Scenario* Chris is conducting reconnaissance on a remote target and discovers that pings are allowed through his target's border firewall. What can he learn by using pings to probe the remote network?
4
8
New comment 24d ago
1 like • Oct 22
get the network topology outside the firewall, understand if other firewalls is installed in the entire network after the firewall
Chapter#1: Security Governance
Question that I found interesting: Microsoft's STRIDE threat assessment framework uses six categories for threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. If a penetration tester is able to modify audit logs, what STRIDE categories best describe this issue? A#Tampering and information disclosure B#Elevation of privilege and tampering C#Repudiation and denial of service D#Repudiation and tampering
Poll
11 members have voted
3
1
New comment Oct 15
0 likes • Oct 15
Hello folks, this is the screenshot of the question that I have answered incorrectly😁 I was thinking that I will be a Elevation of the privileges (to get access to the logs) and then tampering. But correct answer is D.
1-9 of 9
@dmitriy-kovbasko-5089
Cybersecurity specialist (OT security) GICSP, CISM certified

Active 6d ago
Joined Jul 8, 2024
powered by