Most consumer routers have a feature they call a DMZ, or demilitarized zone. You may hear networking types talk about the DMZ at work. So what is a router DMZ, exactly?
Can I use a CISSP book to study for SSCP? That’s a good question, and a good idea, but I don’t recommend it anymore.
SSCP covers less ground and goes into more depth than CISSP does. SSCP is designed for hands-on security operations types. CISSPs tend to be policy types and/or managers. You’ll do better with a post-2015 SSCP guide, such as SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Second Edition. You might as well get a used copy to save money.
That said, if you know the material, you can pass it using old books. I passed CISSP with old, dated books because the new books weren’t ready yet. I relied on work experience to close the gaps. Work experience is just as important as book knowledge. Perhaps more so. I’ve worked with people with lots of book knowledge who couldn’t solve the problems they encountered on the job. You can’t fake your way through operations.
If you have an old CISSP book from before 2015, read the seven relevant domains from the CISSP book: Access Control; Cryptography; Malicious Code and Activity; Monitoring and Analysis; Networks and Communications; Risk, Response and Recovery; and Security Operations and Administration. Anything that’s fair game in those domains for CISSP always was fair for SSCP too.
Tomorrow is election day. When you vote, use a paper ballot. Paper ballots aren’t flawless either, but they are the less flawed of the two options we have.
So remember two things tomorrow. Go vote. And ask for paper.
Yesterday, half the Internet was broken. I knew something was wrong when I couldn’t get into Salesforce to check on a support ticket for my biggest customer. Another member of my team sent us a warning that a big DDoS attack was happening, and not to count on being able to issue very many quotes today. So what, exactly, is a DDoS attack and how do DDoS attacks work?
I suppose there’s another question to ask too: What can you do to avoid being part of the problem? We’ll save that for the end.
CISSP difficulty is one of the most frequent questions I get once someone finds out I have it. “How hard is CISSP?” or “Could you pass CISSP again?” are two questions I get a lot.
They’re fair questions, and the answer is, it depends. But I can help you figure out the answer for yourself.
If you are wondering about cordless phone frequencies, there are seven bands that have been in use since the 1980s. You can still buy phones for four of those frequencies.
There are two reasons to be concerned about a cordless phone’s frequency. The first is interference. Some phones interfere with other devices, such as wi-fi. The other reason is security.
Besides work experience, I probably get more questions about CISSP continuing education than anything else CISSP-related. Fortunately, keeping your CISSP can be a lot cheaper and easier than getting it in the first place was.
CISSP continuing education is measured in CPEs. You get one CPE per hour of “study.” Study is a pretty loose term. If you’re learning about security, you can probably find a way to make it count. You need to get 40 CPEs per year.
Someone asked me to compare Security+ vs CISSP, particularly the difficulty. I’m glad to oblige. I have both certifications.
Let’s start by looking at a couple of hypothetical questions. Don’t expect to see either of these on the test; I’m making them up as I go. But don’t be surprised if you see something similar.
“Does HTTPS matter?” a friend of a friend asked. “I heard it does. Is that still true?” Yes, yes, and yes. Here’s why.
HTTP connections are unencrypted. HTTPS connections are encrypted. You can tell when you’re using HTTPS because the URLs start with https:// instead of http://, and your location bar will have a lock in it. Encryption is good.