[Cisspstudy] CCCure Quizzer

Clement Dupuis clement.dupuis at cccure.com
Wed Jun 24 09:54:33 EDT 2009 

Good morning to all,

Sorry for the slow response, I am oversea delivering a class which makes it
a bit hard to follow in real time.

As you have all come to realize by now, there are too many books for you to
study today.  Stick to the leading books such as the Shon Harris All In One
or the ISC2 Official Book and you will be fine.

I saw people arguing about thing such as how much faster is symmetric when
you compare it to Asymmetric.  The important thing is not to remember exact
number such as 100 to 1000 times faster, the important thing is to
understand WHY it is faster, where one would be use and where the other one
would be use.  Unless you would list only one Symmetric algorithm and only
one Asymmetric algorithm, such question does not make a lot of sense.  It
would be like asking if a truck or a car will be faster?  Most of us would
say a car but what if the road conditions are bad and you have a foot of
snow on the ground?  Of course the larger truck would have fun in one foot
of snow while the car would be at a stand still.    The same apply with
cryptography, you have to know what is the goal to achieve and then you can
choose the proper one.  It is important to know that Symmetric crypto
systems tend to be faster because they make use of simple steps such as
substitution, rotation, shifting columns, shifting rows, etc....
Asymmetric systems tend to be slow because of the very complex mathematical
formulas being used such as factoring a large number into the prime numbers
used to create the large number or the Discrete Logarithm problem in a
finite field.  If you know the WHY you can make sense of the question,
eliminate the choices that does not make any sense and then find the correct
answer.  You have to know the subjects (what, where, when, why)  and not
only memorize quesitons.

*1) Is it reliable? I mean are the questions/answers correct?*

As far as the questions on CCCure are concerned, we do review questions
every single day and we always attempt to make them better all the time.  We
rely on you to let us know if you think that a question might not be totally
accurate or you have doubts.  Do use the comment option and send us
feedback.   My friend James Hajec, CISSP has been correcting, updating,
improving dozens of them every week.   He has volontered to help me in the
maintenance of the quizzes.

*2) Are the questions similar to the expected on the real exam? In topics,
difficulty, lenght, etc?*

The exam questions have a VERY unique style that nobody has been able to
reproduce.  They are produce by being reviewed by the Exam Questions Review
committee.  On the committee you have people from North America, Europe,
Africa, the Middle East, and Asia.   They sit together and they ensure that
the question is sound, it is clear to all, and that there is only one good
choice.  This is how the ISC2 come out with their questions.

>From the feedback I had on the forum, it seems the CCCure quiz is the
closest to the real exam.  However, this is NOT what I consider the most
important.

The quizzes have to be used for a couple of great reasons:

1.  The quiz will help you identify what YOU DON'T KNOW

2.  The quiz will help you remember key topics that  you will encounter on
the exam.

Any questions that you miss on the quiz should be reviewed and researched
until you understand why it was the BEST choice and why you missed it.  I
strongly recomment that you do a CUT and PASTE of that question into a word
document.  This word document will become your own customize quiz of all of
the questions you had difficulties with.  You attempt that quiz a bit later
one.

*2) Are the questions similar to the expected on the real exam? In topics,
difficulty, lenght, etc? (part 2)*

The questions in most of the books that you buy are a lot shorter and easier
than the questions on the real exam.

I would for sure stay away from cram exams such as testking,
realexamquestions, etc....  They are packed with mistakes.

If someone claim to have real exam questions, this mean they stole them as
there are none available publicly.  Some of these so called REAL exam
questions are simply printout of the CCCure quiz engine but with outdated
questions.  Be careful if you buy commercial quizzes.


*3) In every test that I took, I find some questions (close to 10% every
time), I had no clue about them. Is this "normal" or I shall review these
topics? I use the Shon Harris 4th Edition Book + Shon Harris DVDs and found
no reference to these topics. One example I've seen a lot is many questions
about Magnetic Tapes.*

ISC2 are asking specifically for 5 years of experience in two or more of the
ten domains,  this means they expect you to have experience, skills, and
knowledge that you have accumulated over the years.  They expect ALL
security professionals to have some foundation knowledge and they do ask you
questions that are general security questions.

The fact that it is not specifically listed in a book does not means it will
not be on the exam or it is not a valid subject.

In the Candidate Information Bulletin that you have downloaded from ISC2 (if
you did not download it, you should), you will see that there is today
almost 3 pages of references being used for the purpose of the exam.  It is
very very wide indeed.  There is no way that 100% of all this will be
covered in any books.

It never hurt to learn a bit more than needed.

In any case, I wish you all the best

Take care

Clement
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090624/64f1d17e/attachment.html>

More information about the cisspstudy mailing list