Pass the CISSP on first attempt, guaranteed
Back in 2017 I sat and passed my CISSP exam, it was my first year practicing cyber security. At some point in my early career I decided that instead of wasting time obtaining entry level certifications, I was going to command some respect and obtain the most sought after certifications from the get-go. I attribute my passing of this strenuous exam to (possibly) the greatest study guide document I’ve ever put together. I wanted to take this opportunity to share this guide with the Medium community and my network in hopes it could be that missing piece for someone else’s passing of this examination and taking their career to the next level.
This study guide was modeled after the study guides we often received during our college days, these served as the backbone for all our studying needs for the given subject. We would literally memorize these things inside out, so that on exam day, the keywords were so engraved into our brains that picking the correct answers was effortless.
This guide includes all the highly testable key terms found on the exam. Highly testable means the key term is likely to appear in at least two questions on the exam. Although this guide is highly inclusive, it does not include ALL the possible terms one might see on the examination, as the exam is known for being “a mile long and an inch deep”. Covered will be all 8 domains broken down into 10 modules and attempt to define most terms in only a single bullet point of information to make it easy to commit to memory.
PREVIEW (Full version link at the bottom, free of course):
Module 3: Cryptography
Gets encrypted by a person’s own private key and can be decrypted with that same person’s public key, which everyone has access to.
If other person sends message back, gets encrypted with the other person’s public key and can be encrypted by that person’s private key.
3 Types of Cryptography
Symmetric — sender and receiver share the same key that used to encrypt and decrypt.
- DEA/DES — uses 64 bit encryption that has effectiveness of 56 bits.
- 3DES — 112 bit effective key length; encrypts a message three times with multiple keys.
- AES — use the Rinjdael algorithm with key/block sizes of 128, 192, 256 bits and 10, 12, 14 rounds of encryption.
o Session Keys — secret symmetric key used to encrypt session messages, one session and then destroyed.
Asymmetric — Algorithm identified by ECC or names; each entity has a private key for exclusive use and corresponding public key to the public. Provides nonrepudiation.
- Diffie Hellman — first public key crypto algorithm. Enables two systems to generate a symmetric key securely without requiring a previous relationship.
- RSA — relies of difficulty of finding prime factorization of large numbers.
- ECC — computes discrete logarithms over elliptic curve group.
o Digital Signatures — message is encrypted and digitally signed providing for confidentiality, integrity, and non-repudiation.
o PKI (Public Key Infrastructure) — binds keys with respective user identities by means of a certificate authority (CA)
§ Root CA — initiates all trust paths, all certificate holders given self-signed root CA certificate.
Hashing — HA or MD in algorithm; validation of the original message’s integrity.