[Cisspstudy] cisspstudy Digest, Vol 19, Issue 12

yogeshwaran yogeshm23 at yahoo.com
Sun Jan 17 08:36:53 EST 2010 

hi all,
 
 
what is the certificate validation period?
Do we have to upgrade the certificate ? if so what is the duration?
Do we have to pay any annual cost to maintain the certificate?
 
Regards,
Yogesh.M

--- On Sun, 1/17/10, cisspstudy-request at cccure.org <cisspstudy-request at cccure.org> wrote:


From: cisspstudy-request at cccure.org <cisspstudy-request at cccure.org>
Subject: cisspstudy Digest, Vol 19, Issue 12
To: cisspstudy at cccure.org
Date: Sunday, January 17, 2010, 2:33 AM


Send cisspstudy mailing list submissions to
    cisspstudy at cccure.org

To subscribe or unsubscribe via the World Wide Web, visit
    http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
    cisspstudy-request at cccure.org

You can reach the person managing the list at
    cisspstudy-owner at cccure.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisspstudy digest..."


Today's Topics:

   1. Re: Exam strategy (Leif Palmer)
   2. Re: Question on IDS (Heidar heidarinia)


----------------------------------------------------------------------

Message: 1
Date: Sat, 16 Jan 2010 16:42:29 -0800 (PST)
From: Leif Palmer <ldpalmer at sbcglobal.net>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] Exam strategy
Message-ID: <425938.37647.qm at web180510.mail.gq1.yahoo.com>
Content-Type: text/plain; charset="utf-8"

Yes,

Much congratulations and thank you for sharing the study habits!!!




________________________________
From: Prakash <prakash2757 at yahoo.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Sent: Sat, January 16, 2010 1:35:52 PM
Subject: Re: [Cisspstudy] Exam strategy



That's very much useful "Non Technical" tips.

My hearty congratulations to you. 

Complete the endorsement process & welcome to the elite community of security.

- Prakash

--- On Sat, 1/16/10, tka4ov at inbox.lv <tka4ov at inbox.lv> wrote:


>From: tka4ov at inbox.lv <tka4ov at inbox.lv>
>Subject: [Cisspstudy] Exam strategy
>To: cisspstudy at cccure.org
>Date: Saturday, January 16, 2010, 10:06 PM
>
>
>Hi all, 
>
>just got "congratulations..." letter from ISC! Thank you Clement, and the rest of the crew for providing this great resource. It really helped me A LOT! To "give back to the community", I would like to share my exam strategy. I am not going to talk about preparation for the exam, because the topic was discussed so many times here...
>Exam was physically hard for most people. You have to stay focused for 6 hours (I used all 6 hours to complete 250 questions).The exam strategy taught me by my collegue saved me. 
>
>1. Until the day before the exam, DO study hard!
>
>day before the exam...
>2. Try to not overload yourself with the last-minute reading. If you want to refresh memories, reserve 1 hour in the morning and go trough study cramm (prepare it yourself). Do not read more! You have done everything you could, nothing will make difference now.
>3. Go to bed at 21.00 latest. But just before that take a walk to the place where you are going to take the exam, it will help you to sleep better, and to avoid panic in the morning.
>4. Sleep well!
>
>on the day of the exam...
>5. Wake up and have some carbohydrates for lunch. They will give you power for the rest of the day (marathon runners eat that to stay in concious). Muesly are great! Drink green (herbal) tea. Do not overeat. 
>6. Arrive in advance, check in, sit down.
>7. If proctor will offer to visit the facilities, DO SO. It will save you those 5-10 minutes, that are so much needed at the end.
>
>exam starts...
>8. 6 hours, 250 questions + filling the answer sheet (do not underestimate it!). Make roughly 45 questions per hour. If you do that, you will have 225 in 5 hours. That will leave you 1 hour to complete 25 questions and draw 250 circles on answer sheet (quite a task)
>9. Have 3 breaks! It was hard for me to sit still for 6 hours. I have started to lose concertration after second hour. So I did 5 minutes break. Had a banana (easy to digest, tastes good) and had a zip of HERBAL tea from a thermo-cup I brought with me.
>10. Next pause after 4th hour. Have 10 min break - green tea/ mineral water. Bread +cheese +salad. No heavy stuff! 
>11. Last 5 min pause after 5th hour. EAT SUGAR! It will give you boost of energy for the last hour. Drink licozade, coca-cola, BLACK tea. Have a snickers or twix. Remember Rocky Balboa! This is the last round. After intake of sugars, and the last hour of work you will be deadly tired, but it doesn`t matter, because this is the last hour of exam. Do your best!
>
>after exam...
>12. Welcome to the month of pain! You have to forget about the exam and just wait. It is hard, but do NOT write to ISC asking how you did. Do not schedule another exam, thinking that you have failed for sure. Everything you can do now is just wait. This was the longest month of my life :)
>
>Tips: 
>a. Work with booklet, not answer sheet. Read the question, draw minus next to two options that are obviously wrong, if you can answer now - circle the right one. If not, do not stop on the question - go to the next one.
>b. underline the important words. It will help when you come back to the question for review.
>c. when transferring your questions to the answer sheet. BE CAREFUL! One mistake can make you fail miserably.
>    1. Do not start your exam by drinking coca-cola or eating chocolate bars. They are just giving you temporary boost, that will end, and you will fall asleep after hour.
>e. Study hard! The exam is difficult, and you have to know a lot! I know smart guys that failed to become CISSP. Start studying in advance, if you are starting 2 month before exam ? you are trowing your money away.
>Thanks for reading, I hope it will help someone!
>P.S. Sorry for mistakes, I am not native speaker and rely heavily on MS office spell checker.
>?
>
>
>
>
>Quoting cisspstudy-request at cccure.org:
>Send cisspstudy mailing list submissions to
>>cisspstudy at cccure.org
>>
>>To subscribe or unsubscribe via the World Wide Web, visit
>>http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>or, via email, send a message with subject or body 'help' to
>>cisspstudy-request at cccure.org
>>
>>You can reach the person managing the list at
>>cisspstudy-owner at cccure.org
>>
>>When replying, please edit your Subject line so it is more specific
>>than "Re: Contents of cisspstudy digest...."
>>
>>
>>Today's Topics:
>>
>>1. Question on IDS (Saurabh Bhargava)
>>2. Re: Question on IDS (Jef A.)
>>
>>
>>----------------------------------------------------------------------
>>
>>Message: 1
>>Date: Fri, 15 Jan 2010 16:52:29 +0530 (IST)
>>From: Saurabh Bhargava <catchbhargava at yahoo.com>
>>To: The CISSP Study Mailing list <cisspstudy at cccure.org>
>>Subject: [Cisspstudy] Question on IDS
>>Message-ID: <354277.25971.qm at web94807.mail.in2.yahoo.com>
>>Content-Type: text/plain; charset="utf-8"
>>
>>
>>
>>Hello Everyone: 
>>
>>Need your thoughts on below question: 
>>
>>1. which of the following is the is a weakness of both statistical anomaly detection and pattern matching 
>>
>>A. Lack of learning model
>>B. inability to run in real time
>>C. Requirement to monitor every event
>>D. Lack of ability to scale
>>
>>I think answer is C but author says its A. 
>>
>>My reasoning - Statistical IDS creates a profile of ?normal? and compares activities to this profile. For that, its put in leaning mode and if an attack was happening during "learning" mode, it may go undetected in production environment as well. 
>>
>>Pattern matching depends on signatures so may not be able to pick up "zero day" attacks. 
>>
>>
>>Thoughts pls?
>>
>>cheers, SB
>>
>>
>>
>>-------------- next part --------------
>>An HTML attachment was scrubbed...
>>URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100115/5ffefcf5/attachment-0001.html>
>>
>>------------------------------
>>
>>Message: 2
>>Date: Fri, 15 Jan 2010 08:23:10 -0500
>>From: "Jef A." <jeff132 at gmail.com>
>>To: The CISSP Study Mailing list <cisspstudy at cccure.org>
>>Subject: Re: [Cisspstudy] Question on IDS
>>Message-ID:
>><2e06e8e61001150523o65f9456vccdbd25f86295bbd at mail.gmail.com>
>>Content-Type: text/plain; charset="windows-1252"
>>
>>This question confused me a bit also but this is my reasoning for choosing
>>C. I was immediately able to rule out choices B & D because they
>>just didn't apply. In regards to answer A i considered the idea that
>>statistical anomaly detection is actually learning by comparing current
>>activities to behavior that it believes to be normal. Pattern matching
>>doesn't learn at all because it is only looking for a specific pattern, it
>>is not capable of finding any deviations from that pattern. However the
>>requirement to monitor every event is something that both devices must do
>>and i guess they are considering it a weakness.
>>
>>i am curious to here what others have to say about this questions.
>>
>>On Fri, Jan 15, 2010 at 6:22 AM, Saurabh Bhargava
>><catchbhargava at yahoo.com>wrote:
>>
>>>
>>> Hello Everyone:
>>>
>>> Need your thoughts on below question:
>>>
>>> 1. which of the following is the is a weakness of both statistical anomaly
>>> detection and pattern matching
>>>
>>> A. Lack of learning model
>>> B. inability to run in real time
>>> C. Requirement to monitor every event
>>> D. Lack of ability to scale
>>>
>>> I think answer is C but author says its A.
>>>
>>> My reasoning - Statistical IDS creates a profile of ?normal? and compares
>>> activities to this profile. For that, its put in leaning mode and if an
>>> attack was happening during "learning" mode, it may go undetected in
>>> production environment as well.
>>>
>>> Pattern matching depends on signatures so may not be able to pick up "zero
>>> day" attacks.
>>>
>>>
>>> Thoughts pls?
>>>
>>> cheers, SB
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> cisspstudy mailing list
>>> cisspstudy at cccure.org
>>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>>
>>>
>>-------------- next part --------------
>>An HTML attachment was scrubbed...
>>URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100115/285aa9ea/attachment-0001.html>
>>
>>------------------------------
>>
>>_______________________________________________
>>cisspstudy mailing list
>>cisspstudy at cccure.org
>>http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>
>>
>>End of cisspstudy Digest, Vol 19, Issue 9
>>*****************************************
>>
>
>
>
>-- Tavs bezmaksas pasts Inbox.lv
>-----Inline Attachment Follows-----
>
>
>_______________________________________________
>cisspstudy mailing list
>cisspstudy at cccure.org
>http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100116/a8f6df59/attachment-0001.html>

------------------------------

Message: 2
Date: Sun, 17 Jan 2010 00:33:33 -0800 (PST)
From: Heidar heidarinia <h_heidarinia at yahoo.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] Question on IDS
Message-ID: <998073.59173.qm at web33302.mail.mud.yahoo.com>
Content-Type: text/plain; charset="utf-8"

?
Right?answer? is?
?? D. Lack of ability to scale
?
?
?
The disadvantages of network-based IDSs include:
?
They are not very scaleable; they have struggled to maintain capacities of 100 Mbps.
They are based on predefined attack signatures?signatures that will always be a step behind the latest underground exploits
IDS vendors have not caught up with all known attacks, and signature updates are not released nearly as frequently as antivirus updates.
?
?
?
Requirement to monitor every event?
? The primary host-based IDS purpose is to monitor systems for individual file changes.
?
Lack of learning model 
?This :is not weakness of statistical anomaly.
?
?
Inability to run in real time
?Network-based IDSs typically utilise network adapters running in promiscuous mode to monitor and analyse network traffic in real time
?
?
?
I hope you find useful
?
HH
?


?

________________________________
From: Jef A. <jeff132 at gmail.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Sent: Fri, January 15, 2010 8:23:10 AM
Subject: Re: [Cisspstudy] Question on IDS

This question confused me a bit also but this is my reasoning for choosing C. I was?immediately?able to rule out choices B & D because they just?didn't?apply. In regards to answer A i considered the idea that statistical anomaly detection is actually learning by comparing current activities to behavior that it believes to be normal. Pattern matching doesn't learn at all because it is only looking for a?specific?pattern, it is not capable of finding any deviations from that pattern. However the requirement to monitor every event is something that both devices must do and i guess they are considering it a weakness. 

i am curious to here what others have to say about this questions.


On Fri, Jan 15, 2010 at 6:22 AM, Saurabh Bhargava <catchbhargava at yahoo.com> wrote:


>
>Hello Everyone:? 
>
>
>Need your thoughts on below question:?
>
>
>1. which of the following is the is a weakness of both statistical anomaly detection and pattern matching?
>
>
>A. Lack of learning model
>B. inability to run in real time
>C. Requirement to monitor every event
>D. Lack of ability to scale
>
>
>I think answer is C ?but author says its A.?
>
>
>My reasoning -?Statistical?IDS creates a profile of ?normal? and?compares activities to this profile. For that, its put in leaning mode and if an attack was happening during "learning" mode, it may go undetected in production environment as well.?
>
>
>Pattern matching depends on signatures so may not be able to pick up "zero day" attacks.?
>
>
>
>
>Thoughts pls?
>
>
>cheers, SB
>
>
>
>
>_______________________________________________
>cisspstudy mailing list
>cisspstudy at cccure.org
>http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100117/e35fd833/attachment.html>

------------------------------

_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


End of cisspstudy Digest, Vol 19, Issue 12
******************************************



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100117/03a6206f/attachment-0001.html>

More information about the cisspstudy mailing list