Good afternoon!
I am studying for the CISSP exam, and I just started the cryptology
part.
Do I really have to learn how symetric and asymmetric keys work in
details?
Do I really have to learn the number of bytes I have to use etc.?
I already have so much to learn for the exam, what parts should I spend
less time?
Many thanks
Guyp
In article <1140460663.533504.34410@o13g2000cwo.googlegroups.com>,
Guyp
>I am studying for the CISSP exam, and I just started the cryptology
>part.
>Do I really have to learn how symetric and asymmetric keys work in
>details?
>Do I really have to learn the number of bytes I have to use etc.?
A CISSP is supposed to be a person who "does security -right-".
In my opinion, anyone who does -not- know how symmetric and asymmetric
keys work, or about relative key strengths, is doomed to repeat the
security mistakes of the past, and would not deserve a CISSP designation.
> I already have so much to learn for the exam, what parts should I spend
> less time?
CISSP is intended to be one of the hardest certificates around,
because there are so many -wrong- ways to do security. When someone
who wants to be a CISSP asks a question such as you asked, I am
led to wonder whether the person is the right kind of person to be
a CISSP, or at least whether they are trying for the CISSP before
having as much practical experience as would be appropriate for a CISSP.
Thank you for your quick reply.
I understand cryptology is important in security, but I am pretty sure
the day I will have to create a program using BlowFish I will look it
up, and probably not remember it EXACTLY as it is in my book.
So YES it is important, and I guess the fact that asking specific
question like this makes it a difficult exam that will draw a line
between people who can memorize stuff by heart, and those who cannot.
In article <1140462047.664650.99100@g14g2000cwa.googlegroups.com>,
Guyp
>Thank you for your quick reply.
>
>I understand cryptology is important in security, but I am pretty sure
>the day I will have to create a program using BlowFish I will look it
>up, and probably not remember it EXACTLY as it is in my book.
>
>So YES it is important, and I guess the fact that asking specific
>question like this makes it a difficult exam that will draw a line
>between people who can memorize stuff by heart, and those who cannot.
>
The exam attempts to "draw the line" between those who have
lived with the subject matter and those who attempt to cram-study.
To answer your earlier question, you need to study the
domains that you have not "lived" a bit more than those
that should be familiar from experience.
Claude
"Guyp"
> Thank you for your quick reply.
>
> I understand cryptology is important in security, but I am pretty sure
> the day I will have to create a program using BlowFish I will look it
> up, and probably not remember it EXACTLY as it is in my book.
>
> So YES it is important, and I guess the fact that asking specific
> question like this makes it a difficult exam that will draw a line
> between people who can memorize stuff by heart, and those who
> cannot.
I work with security professionals daily. I've not yet taken the
CISSP exam, but I can offer that those who have say that it's not
nearly the hard core specific technical cert test as, say, something
like SANS GIAC certifications would be.
I'd say if you couldn't give a very good fairly detailed explanation
of how public key crptography differs from private key crytography and
what the benefits and detriments are of each, study more.
If you don't know details of blowfish encryption or 3DES, don't sweat
it.
--
Todd H.
http://www.toddh.net/
Real CISSP exam is a lot different from what is potrayed in the books.
CISSP is not a technical exam. maybe 15% of the questions are
technical. Other 85% of the question require broad
knowledge and analytical skills. This is something the books will not
teach you. You need to read a lot of good security articles, and have
real-life experience. So I personally think that if you have real-life
experience, and keep upto date with recent security related published
articles, you will do good on the exam.
Don't spend too much time going through a book page by page and fussing
over key size of DES vs AES etc. You will find that useless on the day
of the exam. Just fimiliarize yourself with the key concepts. If you
understand how asymetric cryptography is different from symetric
cryptography, and which one should be used in what situation you are
good.
I have compiled a list of Core CISSP principles after talking to many
CISSP gurus. It is available at:
http://www.xml-dev.com/blog/?action=viewtopic&id=150
If you understand well each of the concepts, you should easily pass the
exam
In Peace,
Saqib Ali, CISSP
In article <1140467275.263482.208620@z14g2000cwz.googlegroups.com>,
>Real CISSP exam is a lot different from what is potrayed in the books.
>CISSP is not a technical exam. maybe 15% of the questions are
>technical. Other 85% of the question require broad
>knowledge and analytical skills. This is something the books will not
>teach you. You need to read a lot of good security articles, and have
>real-life experience. So I personally think that if you have real-life
>experience, and keep upto date with recent security related published
>articles, you will do good on the exam.
>
>Don't spend too much time going through a book page by page and fussing
>over key size of DES vs AES etc. You will find that useless on the day
>of the exam. Just fimiliarize yourself with the key concepts. If you
>understand how asymetric cryptography is different from symetric
>cryptography, and which one should be used in what situation you are
>good.
>
>I have compiled a list of Core CISSP principles after talking to many
>CISSP gurus. It is available at:
>http://www.xml-dev.com/blog/?action=viewtopic&id=150
>
>If you understand well each of the concepts, you should easily pass the
>exam
>
>
>In Peace,
>Saqib Ali, CISSP
>
I agree that one can spend too much time worrying about
the technical aspects and neglect the others for the exam.
Nice site.
The domains referring to physical and personnel security
are worth mentioning as well...
The online self assessment at
https://www.isc2.org/cgi-bin/content.cgi?category=1325
is a definate help for identifying areas that need study.
Claude #32940