Preface
"How do you think like a manager?" It is one of the most common questions asked when preparing for the CISSP exam. Using 25 CISSP practice questions with detailed explanations, this book will attempt to answer how to think like a member of a senior management team who has the goal of balancing risk, cost, and most of all, human life. The questions will take you through how to resist thinking from a technical perspective to one that is more holistic of the entire organization. Like all of Study Notes and Theory's CISSP practice questions, these questions correlate multiple high-level security concepts and require thinking like a manager. Extracting the most value comes from understanding not only which choice is correct, but more importantly, why the other choices are wrong.
The Study Notes and Theory platform is here to fine-tune and provide clairvoyance into CISSP concepts from a different perspective than traditional study material. Insight is provided into how to think like a manager, strategy and mentality during the exam, core CISSP concepts, and some essential exam knowledge. The idea is that sometimes a simple word, phrase, or statement by someone else can change our own point of view. The unique thing about the CISSP exam is that no number of books, bootcamps, practice question engines, or anything else available are even close to the questions found on the real exam. It is not about memorizing topics but understanding and being able to apply the concepts. Years of direct security experience is the recommended best resource for the CISSP exam. However, some experience can be supplemented by reading multiple information security books, watching videos, and taking thousands of practice questions.
Thank you for your time in reading this book and for your support of Study Notes and Theory.
Thank you to the following for advancing and contributing their precious time and effort to the Study Notes and Theory platform: Ahmed Khatib, Ahmed Khan, Dawood Kevar, Wala Suliman, Fadi Sodah, Prashant Mohan, Mohamed Atef, Prabh Nair, Thor Pedersen, and Zakaria Hadj.
The information contained in this book is for informational purposes only. This book is not meant to reflect the real exam and there is no affiliation with the (ISC) . Any advice is based on my own experience. You should always seek your own truth, because in the end it's going to be just you in that exam testing center. This publication does not guarantee an exam pass, this can only be achieved through hard work and dedication. The use of other CISSP recommended material must be used for success. The practice questions, exam strategies, and explanations are of my own opinion. No part of this publication shall be reproduced, transmitted, or sold in whole or in part in any form, without the prior written consent of the author. All trademarks and registered trademarks appearing in this guide are the property of their respective owners. Readers of this book are advised to perform their own due diligence of the material in this book and should be independently verified by your own qualified professionals. By reading this guide, you agree it is not responsible for the failure of your exam relating to any information presented in this guide.
How To Think Like A Manager for the CISSP Exam
Edited by Lori C.
2020 Study Notes and Theory. All Rights Reserved.
Visit the author's website at www.studynotesandtheory.com
Digital book(s) (epub and mobi) produced by Booknook.biz .
Dedicated to all the security professionals sacrificing, struggling, and staying up late nights on their journey to the CISSP.
TABLE OF CONTENTS
QUESTION 1
Which of the following is the most important reason to verify the media sanitization process?
A. Human error
B. Adherence to security policy
C. Confidentiality
D. Shredder calibration
Exam Strategy and Mentality
Get your exam mentality in gear to face four choices that seemingly are correct, but only one will be the ultimate high-level answer. Focus on the words most important reason.
The new CISSP computer adaptive testing (CAT) style exam was implemented on December 18, 2017 . Now you have a maximum of three hours to complete the exam instead of the previous six hours. Whether you have just started studying for the exam, or are a few days away from it, take your time with practice questions. You will not be able to go back and review questions on the real exam anymore.
With this and all other questions, argue with yourself over why choice A, B, C, or D is the most important reason. Alternatively, you can also take this practice question and look for the least important reason first. This technique increases your chances of getting the question correct by eliminating a choice that may seem less important than the others, while getting you closer to the most important reason. If shredder calibration is less important than accounting for human error, choice D can be eliminated.
At a high-level, the least important reason would have a lower impact on the three core foundations of security: confidentiality, integrity or availability. The most important reason would have a wider impact.
Think Like a Manager
A manager would go with the choice which, if not considered, would have the most negative impact to not only the media sanitization process, but also every other type of process.
Types of Media Sanitization
Clearing - To overwrite and replace confidential data spaces on media with something meaningless using approved software or hardware technology .
Purging - To completely overwrite data on a disk by degaussing or firmware commands which would lead data to be unrecoverable with a high level of confidence .
Destruction - Physical destruction is the only way to truly make data unrecoverable and to render the media useless. Destruction methods include shredding, pulverizing, disintegration, and incineration .
Exam Essentials
Look for the choice that plays an all-encompassing and authoritative role in all of the other remaining choices.
Sometimes it helps to change the question to what it really wants us to know:
Why does the CISSP exam want me to know the most important reason to verify that there is no data leftover after sanitization?
A. There will always be mistakes
B. Nothing happens without a policy
C. Secrets must be kept confidential
D. Proper operation of shredding devices
Study Notes and Theory's CISSP practice questions are complex for a reason: to prepare you for the real exam. It works in your favor to really breakdown the question and the given choices. It's important to get the question correct, but it's more important to understand why the other choices are wrong. The real exam does not care whether you can memorize encryption ciphers, OSI model protocol numbers, or the steps of the software development life cycle. The exam tests whether you can apply those concepts.
QUESTION 1 - EXPLANATION
A. Human error
Humans will always make mistakes. This is not the most important reason, but it is one reason we should verify that data has been totally sanitized without a shred of data remanence. Data custodians can make mistakes when sanitizing data or any other process that requires human involvement. In addition to the verification process post-sanitization, proper personnel training should be conducted pre-sanitization to ensure adequate skill and competency .
