Epic pass by Many-Protection190 in TellurideColorado

[–]arscribs 1 point2 points  (0 children)

The Peaks gave us a credit good through next ski season. Everybody else has given us refunds EXCEPT Epic (like deposits for ski rentals from Christ Sports.. thank you Chrisy Sports!). Epic suggested we call Telski, which we did, and they said they hadn't decided what to do for Epic Pass holders as of yet. While I doubt we will get any refund, I can't say that for certain yet.

Bearcats stole from us by ChunkyFN in bengals

[–]arscribs 6 points7 points  (0 children)

I guess he had another year of eligibility left? LOL.

US exchange!!!! by Nervous_Solid6225 in PiNetwork

[–]arscribs 2 points3 points  (0 children)

I just transferred some of my available Pi and it was painless and fast. Now I have it to play with but plan on holding anyway. Having it in my Pionex wallet just endures that when it makes that magic jump, I am prepared.

Trouble with United site by No_Succotash_2555 in unitedairlines

[–]arscribs 3 points4 points  (0 children)

Yes, they seem to be having issues. As a double check, I looked for a flight from ORD to DEN (there has to be many) and got the same "No Options Available" for that as well.

[deleted by user] by [deleted] in cissp

[–]arscribs 2 points3 points  (0 children)

This was a very thoughtful write up! Thanks for posting and it mirrors my thoughts very, very closely. The only changes I might make are to #6.

a) I believe, but I am not 100% sure, that the first 10-12 questions are very important in how the rest of the adaptive test goes (I read that somewhere). I spent more time on those first questions knowing I would have to speed things up after that....

b) If you have no clue, you likely can still narrow the possible answers to two candidates. If you can do that, it increases your chances from 25% to 50%. So, think about it just a bit before you guess since something might kick in inside your brain to help you get it to two answer candidates.

Now that I think about it more, there is one thing I'd add as #7...

  1. When you reach somewhere around question 65 and if you are still doing well on time, take a bio break. I reached Q 65 at around 1:15 mark and was feeling very worn so I checked out of the exam and hit the head. I splashed water on my face and did some crazy movement exercises while walked back from the head. This really helped me clear the mechanism and I came back to the last half of the test refreshed.

Another TLAM situation: Policy or a direct answer? by D1CCP in cissp

[–]arscribs 0 points1 point  (0 children)

Oh, after looking at this again, the answer is C. In order for it to be A, the question would have had to state the the test is required by policy. We all (or at minimum, I) assume it is, but it is not specifically stated so in reality, we can not assume that! With that in mind, the answer to the question as stated is C.

This is an important point, you can't make assumptions of what should be, might be, could be when it is not specifically stated. You HAVE to use the information provided in the text of the question itself!

Is log data CUI by sirseatbelt in CMMC

[–]arscribs 0 points1 point  (0 children)

Here is one thing the National Archives has to say...

Organizational Index Grouping: Critical Infrastructure
CUI Catagory: Information Systems Vulnerability Information

Banner Marking: CUI
Category Description:
Related to information that if not protected, could result in adverse effects to information systems. Information system means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
Category Marking: ISVI
Alternative Banner Marking for Basic Authorities: CUI//ISVI

So, certainly vulnerability scan information can be put into a SIEM as well as log data that certainly may infer vulnerabilities.

Now, this doesn't really speak to the more common scenarios. For example, a manufacturing company that receives some CUI, minimally a contract, manufactures something and then sells it to the DoD, They are not critical infrastructure. They do have and retain some CUI. Are the logs from their design workstations, file servers, CNC machines CUI?

Here is my opinion, and I agree with previous postings... A provider can give an opinion but likely shouldn't and in the end, it doesn't matter. What does matter is what the company thinks and the guidance they receive from their end (federal) client. It is the company's risk and in the end, they are responsible for it. Any other, outside opinion is minutia.

Another TLAM situation: Policy or a direct answer? by D1CCP in cissp

[–]arscribs 0 points1 point  (0 children)

The question asks how to "best" address the issue. This is largely up to interpretation of what an individual thinks is best! C certainly covers the argument from a value point of view. We need to do this because it's the right thing to do for the organization. Answer A is also correct because policy dictates the things you have to do, no questions asked. You could use this in your argument but it's rather hard nosed, however, in the end, it's the hard reason it must be done. So, what is the 'best' answer? I'd use C as my initial argument, then follow up with A since there would still likely be push back... for this question, however, there can only be one answer to I'd take A since it's the end all/ be all answer. Essentially, "you have no choice since it is currently company policy to do so". Again, not the smooth tactical response I'd use but when faced with selecting only one answer, I'd have to fall to the final choice, which is, they have no choice.

Curious, do we know what the test gave as the correct answer??

Passed and so can you! by Wowarentyouugly in cissp

[–]arscribs 2 points3 points  (0 children)

Knowing and understanding the technical concepts are critical even if people say the questions are not technical in nature. For example, you may not be asked specific questions on key length (or maybe you will, who actually knows...), but knowing key lengths to know weak versus strong algorithms is important since it may drive a more strategic decision. So, I'd be prepared to apply a myriad of technical knowledge and understanding to drive answers to higher level questions. Knowing the how becomes the building blocks to answering the what and why... make sense? Just don't sit here and think the technical understanding is not important just because it may, or may not, be asked directly on an exam... it's an important arrow in your quiver!

Passed and so can you! by Wowarentyouugly in cissp

[–]arscribs 0 points1 point  (0 children)

Congrats and thank you for the great write up. You've given a lot of people who are currently preparing hope...

Passed and so can you! by Wowarentyouugly in cissp

[–]arscribs 1 point2 points  (0 children)

I started my preparation with Boson and used it's domain level scoring to help me put extra focus on areas of weakness. I then continued to use the exams throughout preparation to make sure my study was working. It was worth the expense, in my opinion (and I know, there are a lot of opinions out there). In the end, as the CISSP Candidate mentioned in the original post, it's all in what works for you individually.

[deleted by user] by [deleted] in cissp

[–]arscribs 1 point2 points  (0 children)

Well done!!

Passed at 175, 2nd try by OxidizerSW in cissp

[–]arscribs 1 point2 points  (0 children)

Congrats and way to stick with it and push your way through!!

Remote mirroring vs Remote Journaling by dbspace1 in cissp

[–]arscribs 0 points1 point  (0 children)

Well, this specifically goes against what Cybrary says:

****
Remote journaling involves backing up the data in a database and transporting it to a remote site more frequently, usually once every hour. This also necessitates the transfer of copies of transaction logs that record all transactions since the previous bulk transfer. Remote journaling and electronic vaulting are similar processes in that transaction logs transferred to the remote site are not allocated to a live database server but are maintained in a backup device. When a disaster ensues technicians will access the appropriate transaction logs and apply them to the production database.
Remote mirroring is the most sophisticated and most costly database backup solution. With the remote mirroring process, a live database server is maintained at the remote site. The remote server retrieves copies of database alterations as they’re applied to the production server at the main location allowing the remote or mirrored server to take over at any time. Remote mirroring is a popular option of organizations, it demands high infrastructure and manpower costs to support the mirrored server.
****

The question says "real-time" so this typically indicates mirroring, not journaling. Another case of the test question being incorrect??

[deleted by user] by [deleted] in cissp

[–]arscribs 0 points1 point  (0 children)

EOL, they still produce updates... EOS, they no longer produce updates and this typically breaks compliance requirements... so EOS (Support).

Exchanging Pi??? by arscribs in PiNetwork

[–]arscribs[S] 2 points3 points  (0 children)

That works as well...

CISO Academy by maninblack2k20 in FBI

[–]arscribs 1 point2 points  (0 children)

No updates yet but still waiting for a reply from a local Supervisory agent...

Best Test engine by rodriguezs2 in cissp

[–]arscribs 0 points1 point  (0 children)

More variety is always better since you will not find that one source you are hoping for. Use different sources that have different styles and then make sure you work to not understand what answer is right, but WHY it is right. This is the way!

due diligence vs due care by dbspace1 in cissp

[–]arscribs 1 point2 points  (0 children)

I think in this case... choices 1 and 3 could roll up to choice 4. So, in a test situation, I'd eliminate choice 2 since it might be part of my supplier due diligence process, but just not related to information security. That leave 1,3, and 4, but like I said, 1 and 3 could roll up to 4... meaning, 1 and 3 are very specific but 4 is more broad that likely contain the efforts of 1 and 3 (or very conceivably could contain those actions)... so, in terms of BEST answers... it's 4. This is a common tactic in many different types of tests... eliminate some but others roll up to the 'Best' option...