So other than the books did you use any study aids or web sites?
And it seem like it better to take the harder test (ie Comtia Cysa+), first then followed by the CISSP. Is correct?
Just Passed the CISSP new CAT test...Ask Me Anything
- Thread starter David_TheMan
- Start date
So other than the books did you use any study aids or web sites?
And it seem like it better to take the harder test (ie Comtia Cysa+), first then followed by the CISSP. Is correct?
David_TheMan
Banned
Mr Uncle Leroy
All Star
I believe a few months ago I said I was targeting the CASP, but I decided to say fukk that and get the CISSP since its rated better in the DoD system
As you see the CISSP has better coverage. Marketability just went up. Again can't stress how good a hustle the government contracting game is to you younger guys wanting to get into the industry and eat. Get your clearances anyway you can, take a bad paying contract to get that Secret or TS and feast.
Now back on topic. Passed the test, must say its one of the easiest tests I've ever taken.
I had 100 questions exactly, I have to say its difficulty is very similar to Sec+ IMHO. You study the Shon Harris book cover to cover, then read the Sybex ISC2 book for refinement of what you just learned and you'll be good.
Any specific questions though and I'm here to help.
You are given a phone to repair and analyze. The customer complaint is that a rogue hacker is illegally monitoring and stalking customer on their phone. The hacker has inserted words, letters, etc while customer is on the phone.
The customer has installed AV, anti rootkit
and anti malware. The customer believe the back is happening at a router/gateway level AND via backdoor app.
The customer needs privacy.
When the phone is on airplane mode and the rogue hacker is still able access to the phone using IMSI catcher and other telecomm hack tools. The hacker has been able to establish rogue web access to phone, but the average phone user cant connect to the web because phone is on airplane mode. All protocols are supposedly turned off.
How would you determine where and how the hacker has illegally established access on the phone?
How would you remove the hackers access?
How would you log and track the hackers on the phone?
How would you prevent the hackers from reaccessing phone and installing backdoor?
David_TheMan
Banned
This isn't a CISSP question nor a CySA+ question.
If you are just asking me in general though,
I don't know, probably depending on the OS I would try to check which processes were running on the system to see what was outside of normal operations.
If the access is coming over wi-fi I would then check network activity being directed to that IP that the phone occupies to see if we could ascertain what traffic is potentially malicious and maybe see if we could find when this trafic started network side.
How would I remove hackers access, probably re-root the phone with the proper firmware for it and remove all info on the phone. To prevent re-access of the hacker, harden the system, remove unneccessary programs, install av and ips software on phone, place passwords on all wireless access entries like bluetooth, wifi, and etc, and redeploy phone.
Cheese McNair
Bought it this morning, drive it like I stole it
You’ve been doing this since ‘03? What’s your age range if you don’t mind?
David_TheMan
Banned
Early 30s.
Started working in IT right out of high school while I was going to college.
Try to know by by name was the general purpose of each framework is.Another question, how well do you have to know these different frameworks... shyt is putting me to sleep for real
Definitely know the purpose of the various laws are.
For things like IDEAL, ACID, CMMI, know what the steps are and what happens in each step.
Know what the various XML languages purposes are.
Won't that water the meaning of the cert?
This is what im most surprised about, because the Sec+ was the easiest cert I ever did.I believe a few months ago I said I was targeting the CASP, but I decided to say fukk that and get the CISSP since its rated better in the DoD system
As you see the CISSP has better coverage. Marketability just went up. Again can't stress how good a hustle the government contracting game is to you younger guys wanting to get into the industry and eat. Get your clearances anyway you can, take a bad paying contract to get that Secret or TS and feast.
Now back on topic. Passed the test, must say its one of the easiest tests I've ever taken.
I had 100 questions exactly, I have to say its difficulty is very similar to Sec+ IMHO. You study the Shon Harris book cover to cover, then read the Sybex ISC2 book for refinement of what you just learned and you'll be good.
Any specific questions though and I'm here to help.
Was the CISSP a lot of terms/definitions?
Were there any situational/scenario based questions? What was the most difficult part?
One more on the way breh
David_TheMan
Banned
The CISSP had a lot more straight definition questions than I thought it would have.
They have a few scenario and a few drag and drop questions, but that is about it, way more straight definitions than I thought.
Most difficult part for me was memorizing the different markup language
Easier than the A+?
Yep, Motherboard section had me all the way fukked up
Did you ever figure out subnetting?