Difficult CISSP Questions and how to solve them
The first thing most people hear about the CISSP examination is how difficult or unfair the questions are. Although this may be a good warning, it does not begin to prepare you to do well on the exam itself. For some of the CISSP exam questions, just knowing the facts is not enough. These questions are referred to as "hard questions". This paper examines seven types of hard questions you are likely to see on the CISSP examination and the best approaches for solving them.
A large portion of the CISSP examination will test your knowledge of these aspects. However, the mere knowledge of these aspects does not prepare you for the more difficult questions you may see on the CISSP examination. A significant portion of the course is devoted to study skills, memorization techniques, application of concepts, and principles. Although it is impossible to predict exactly what questions you may get on the exam, we have classified the difficult questions into seven categories and given examples and approaches for identifying and overcoming them.
1.1 Detailed Knowledge Questions
Description
Requires a detailed knowledge of a technology or principle.
Example Question
At what level of the OSI model can a packet be corrected on the bit level?
a) Level 2
b) Level 3
c) Level 4
d) Level 5
Answer
The correct answer is a) Level 2. Level 2 is the data link level. More specifically, Media Access Control is a sub level of Level 2 that performs error control. If a single bit is in error, it can either flag it as an error or, in the case of parity bits, it can rebuild the frame and perform a bit-level error correction. Also note that Level 4 (transport) also performs error control, but it is based on a packet. If an error is detected at Level 4 it can only request a retransmission. This is just a hard question. You may know the OSI stack very well and still miss this question.
Approach
Study well, and think the question through. Even though the CISSP is commonly described as "a mile wide and an inch deep," you still have to know the security-relevant aspects of mechanisms and techniques. Take several approaches at comparing and contrasting similar and alternative mechanisms. For example, error correction can be done at Level 2, Level 4, and even Level 7.
Ask yourself, "What is the difference between error correction at Levels 2, 4, and 7?" At the same time make sure you understand the difference between the four output modes of DES. For example, why would someone use ECB over CBC?
1.2 Subset Questions
Description
These are questions where at least two of the answers are right but one is more right than the others. As it turns out, we find that many of these types of questions can be viewed as a subset question in which one or more of the answers are actually subsets of the most correct answer.
Example Question
An attack that involves an attacker creates a misleading context in order to trick a user into making an inappropriate security-relevant decision is known as:
a) Spoofing attack
b) Surveillance attack
c) Social engineering attack
d) Man-in-the-middle attack
Answer
The correct answer is c) Social engineering attack. Both a) and c) involve misleading, but only social engineering involves contact with the user (social) and leads toward a bad security decision (engineering).
Approach
First you need to recognize this as a subset question. Draw arrows from one answer to another if you believe that the first answer is a subset of the second. Then ask yourself if the "inner" answer is always correct or not. If the subset answer is always correct, then pick that one. If not, pick the one that is correct
1.3 Too Much Information Questions
Description
This is a type of question that gives you too much information. The candidate is sometimes fooled into finding an appropriate equation to use all of the variables offered in the question.
Example Question
When performing a risk assessment you have developed the following values for a specific threat/risk pair. Asset value = 100K, exposure factor = 35%; Annual rate of occurrence is 5 times per year; the cost of a recommended safeguard is $5000 per year, which will reduce the annual loss expectancy in half. What is the SLE?
a) $175,000
b) $35,000
c) $82,500
d) $77,500
Answer
The correct answer is
b) $35,000. SLE is simply AV x EF.
a) is ALE;
c) the ALE improvement given the safeguard is put in place;
d) is the safeguard value.
1.1 Detailed Knowledge Questions
Description
Requires a detailed knowledge of a technology or principle.
Example Question
At what level of the OSI model can a packet be corrected on the bit level?
a) Level 2
b) Level 3
c) Level 4
d) Level 5
Answer
The correct answer is a) Level 2. Level 2 is the data link level. More specifically, Media Access Control is a sub level of Level 2 that performs error control. If a single bit is in error, it can either flag it as an error or, in the case of parity bits, it can rebuild the frame and perform a bit-level error correction. Also note that Level 4 (transport) also performs error control, but it is based on a packet. If an error is detected at Level 4 it can only request a retransmission. This is just a hard question. You may know the OSI stack very well and still miss this question.
Approach
Study well, and think the question through. Even though the CISSP is commonly described as "a mile wide and an inch deep," you still have to know the security-relevant aspects of mechanisms and techniques. Take several approaches at comparing and contrasting similar and alternative mechanisms. For example, error correction can be done at Level 2, Level 4, and even Level 7.
Ask yourself, "What is the difference between error correction at Levels 2, 4, and 7?" At the same time make sure you understand the difference between the four output modes of DES. For example, why would someone use ECB over CBC?
1.2 Subset Questions
Description
These are questions where at least two of the answers are right but one is more right than the others. As it turns out, we find that many of these types of questions can be viewed as a subset question in which one or more of the answers are actually subsets of the most correct answer.
Example Question
An attack that involves an attacker creates a misleading context in order to trick a user into making an inappropriate security-relevant decision is known as:
a) Spoofing attack
b) Surveillance attack
c) Social engineering attack
d) Man-in-the-middle attack
Answer
The correct answer is c) Social engineering attack. Both a) and c) involve misleading, but only social engineering involves contact with the user (social) and leads toward a bad security decision (engineering).
Approach
First you need to recognize this as a subset question. Draw arrows from one answer to another if you believe that the first answer is a subset of the second. Then ask yourself if the "inner" answer is always correct or not. If the subset answer is always correct, then pick that one. If not, pick the one that is correct
1.3 Too Much Information Questions
Description
This is a type of question that gives you too much information. The candidate is sometimes fooled into finding an appropriate equation to use all of the variables offered in the question.
Example Question
When performing a risk assessment you have developed the following values for a specific threat/risk pair. Asset value = 100K, exposure factor = 35%; Annual rate of occurrence is 5 times per year; the cost of a recommended safeguard is $5000 per year, which will reduce the annual loss expectancy in half. What is the SLE?
a) $175,000
b) $35,000
c) $82,500
d) $77,500
Answer
The correct answer is
b) $35,000. SLE is simply AV x EF.
a) is ALE;
c) the ALE improvement given the safeguard is put in place;
d) is the safeguard value.