Disclaimer: It is not my intention to violate the ISC2′ NDA. Please do not email me specific questions related to the content of the exam. A copy of NDA can be found here.
In my opinion, it was the most difficult exam I’ve ever taken because of the following reasons:
- I studied a lot, a lot more than when I took CISSP.
- I covered the official book at least 5 times + list of materials below (see STUDY PLAN).
- I practised on https://www.freepracticetests.org (total = 3000 questions answered, although the database has only around 1400, so some questions were seen 2/3 times).
Yet, the exam presented me with the content I have not come across during my studies. I guess this is the trickiest part of the exam. After seeing the first 10 questions, I realized that I had to step back from the “ISSAP study knowledge” and start thinking heavily based on my IT Sec experience.
- Read the question, read the question again and then read the question again (you get the idea).
- Go through all the questions answering the ones you fairly sure about (confidence 90%+). Those which you can’t answer, mark for the second round. Go through the marked questions and think hard. Don’t give up! I ended up with 50 marked questions after the first round.
- Do your best on every single question. Every question counts!!!
- Think as an Architect, use your experience!
- Don’t underestimate it or relay on CISSP knowledge, as you will not pass it!
The chapters below refer to the book – Ross Anderson “Security Engineering”: http://www.cl.cam.ac.uk/~rja14/book.html
So, I read the official book a few times plus the materials outlined below:
DOMAIN 1 ACCESS CONTROL
Chapter 4 Access Control
Chapter 8 Multilevel Security
Chapter 9 Multilateral Security
Chapter 10 Banking and Bookkeeping
Chapter 15 Biometrics
DOMAIN 2 COMMUNICATIONS
Chapter 3 Protocols
Chapter 19 Electronic and Information Warfare
Chapter 20 Telecom System Security
Chapter 21 Network Attack and Defence
* Read NIST 800-48 [Wireless]
* Read NIST 800-58 [VOIP]
DOMAIN 3 CRYPTOGRAPHY
Chapter 5 Cryptography
DOMAIN 4 SECURITY ARCHITECTURE
Chapter 6 Distributed Systems
Chapter 25 Managing the Development of Secure Systems
Chapter 26 System Evaluation and Assurance
* Read NIST 800-64 [SDLC]
DOMAIN 5 BCP AND DR
* NIST 800-30 [Risk Assessment]
DOMAIN 6 PHYSICAL
Chapter 11 Physical Protection
Chapter 12 Monitoring and Metering
Chapter 16 Physical Tamper Resistance
Chapter 17 Emission Security
NIST 800-30 [Risk Assessment]
NIST 800-48 [Wireless]
NIST 800-58 [VOIP]
NIST 800-64 [SDLC]
Common Criteria v2.3