CISSP Exam Cram: What's New in 2021 (coverage of new topics)
ฝัง
- เผยแพร่เมื่อ 1 ก.ค. 2024
- This video is your guide to NEW topics on the CISSP 2021 exam update! Includes coverage of new topics from all 8 domains, as well as content roadmap to the full CISSP Exam Cram series, designed to minimize the time and effort to exam readiness!
PDF presentation download for this session
1drv.ms/b/s!AmhtzcmYt5AViMV3x...
ISC2 Official 2021 CISSP Study Guide and Practice Tests Bundle
amzn.to/3yoWXpO
CISSP 2021 Official Study Guide
amzn.to/3nQEOgt
CISSP 2021 Official Practice Tests
amzn.to/3toaGdp
FREE CISSP 50-questions practice quiz
insidethemicrosoftcloud.com/c...
TABLE OF CONTENTS
Intro: 01:04
Domain 1: 06:20
Domain 2: 07:19
Domain 3: 10:39
Domain 4: 48:30
Domain 5: 57:01
Domain 6: 01:08:42
Domain 7: 01:09:09
Domain 8: 01:17:15
NOTICE: Some of our video description contain affiliate links, which means we may receive a small commission on a purchase without additional cost to you, if you buy something. - วิทยาศาสตร์และเทคโนโลยี
Very nice job Pete! Thank you for sharing your knowledge!
Thanks for watching! 😊
Just passed the CISSP! Feels like nothing that was ever covered was on the test, but due to your videos and mindset it got me through! THANK YOU! I also had the Eighth Edition of the Official Study Guide and the Practice Tests. Went through it all.
Congrats Steven! I'm so glad you cleared and happy I could help! 👍🏆💪
Thank you Pete! for such a well done series of prep videos for the CISSP. I reviewed ALL your videos over the past two weeks as my final prep going into the new 2021 CISSP and passed yesterday.
Thank you, Mike! CONGRATULATIONS! 👍🏆🎉
6:19 Domain 1: Security & Risk Management
7:19 Domain 2 : Asset Security -
8:11 Data Lifecycle (in 2021 Domain 7 - Information Life Cycle) 10:29 Data Classification
10:41 Domain 3 : Security Architecture & Engineering
12:25 New Concepts
13:18 Secure Design Principles - Secure Defaults, Fail Securely (from NIST SP 800-160 Vol 1 -Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems)
14:23 Privacy by Design
17:23 Keep it Simple
20:18 Security as a Service
20:38 IoT
21:05 Smart Devices
21:47 SIEM & SOAR (in Domain 8: )
24:28 Microservices & SOA (Service Oriented Architecture)
25:54 Containerization
27:33 APIs (SOAP or REST)
28:43 Embedded Systems
29:26 High Performance Computing
30:32 Edge Computing
32:02 Cloud Models & Services - On premises, IaaS, PaaS, SaaS
35:33 Difference between Serverless (Function as a Service) & PaaS
38:15 Public, Private & Hybrid Cloud Models
41:43 CASB
43:00 Post Quantum Cryptography - symmetric & asymmetric
49:07 VXLAN
50:00 Network Architectures - SDN, SD-WAN, LiFi, 53:00 Zigbee, 54:01 5G, 55:44 Content Delivery Networks
56:44 Domain 5: Identity & Access Management
57:28 Identity as a Service
58:35 Certificate based Authentication
59:29 AAA Protocol
1:00:55 Active Directory - Kerberos
1:02:23 SSO
1:06:12 Authorization mechanisms/principles - need to know, least privilege, separation of duties
1:08:00 Domain 6 - no changes
1:08:51 Domain 7: Security Operations - modern firewalls, 1:11:41 UEBA - User & Entity Behaviour Analytics, 1:12:53 Threat Intelligence, 1:14:19 (Domain 3: Access Control) AI & ML
1:17:52 Domain 8: Software Development Security 1:19:15 Code Libraries, 1:20:05 Runtime, 1:22:00 CI/CD
1:24:23 Configuration Management
1:26:22 Code scanning - static(white-box) & dynamic(black-box)
Thank you for all of your videos!! I just passed my test and your videos were very helpful!! I’ve probably watched them all at least 5-10 times. I also downloaded and printed out some of your slides. Thank you for everything!
It really makes my day to hear reports like this. THANK YOU and CONGRATULATIONS! 👍🏆🎉
Nice explanation. Probably for the first time , I saw a CISSP video so nicely articulated and in simple way.
Thank you, Keten. Glad to hear that. Good luck on your exam! 👍
Pete, thanks for the videos which have helped me pass the test as support material for the official book.
Glad to hear that! Congrats on passing the exam! 👍🎉🏆
Great content delivered at the time I am prepping for my exam. Very helpful. Cheers.
Thanks Chris! Glad it was helpful. Best of luck! 👍
Thanks for covering the updated content :)
My pleasure! Hope it's helpful. 👍
That video was the last one I watched just 20 minutes before I had to surrender my personal belongings at Test Center. I just wanted to tell you Pete that your materials were among my best in this long journey towards CISSP. Amazing contribution. Thank you very much!!! BTW I passed yesterday 100 questions in 105 minutes :)
CONGRATULATIONS! 100 questions is as good as it gets! 👍
Thank you so much sir, really appreciate your effort in helping CISSP candidates for no cost !!
Keep up the good work !!
THANK YOU! Good luck on the exam. Ping me if questions as you prepare! 👍
@@InsideCloudAndSecurity Do I need to purchase the new study guide or studying through your videos is sufficient?
Depends on your current knowledge level. If you just need focused info for exam day, my series is perfect. If starting from scratch, my series is perfect reinforcement of official study guide with the key facts you need for the exam!
Indeed this is a commendable piece of work!!
Today I just took my CISSP exam and I provisionally past at 100 questions strictly using your videos and the Wiley test questions!!!! Thank you these videos are invaluable!
Excellent! CONGRATULATIONS! 🏆🎉
Thanks a lot for this video which clarified almost all my doubts. 👍
Glad to hear that! Ping me if any questions as you prepare. 👍
Fantastic! Thank you! 😀
You are so welcome! Ping me if questions as you prepare. 👍
Thank you sir! I just (conditionally) passed the CISSP 100 questions in. Been binging your videos for the past week - so definitely would not of done it without these. I saw this one last night, 10hrs before my exam, since I was studying old materiel! lol ...I suppose I just guessed the answers right :D
Awesome resource.
The 2021 additions to this exam are relatively minor. Incremental changes for sure. I created all my videos in 2021 since this was the year the exam was being updated.
Congratulations on passing!! A big accomplishment as you head into the new year! 👍🏆🎉
Probably gonna be a lifesaver for a guy that’s been studying for the earlier exam.
Hope so. Reach out if any questions as you prep! 👍
Awesome video Uncle Pete!
Thank you kindly 😉
thanks a lot boss ....your video's are the best for me
You are most welcome! 👍
Thank you so much!
You're welcome! Best of luck on the exam. Reach out if questions as you prepare. 👍
Hi Pete. I noticed that you have a minor mistake @1:10:00 on the firewall definition. The WAF and NGF definitions are swapped. Great content, thanks for sharing
Yes, errata has already been noted update in future release and if you download the accompanying PDF you'll see it's corrected there. 👍My mouth was clearly on autopilot that day
Your talk on nextgen fw and waf are backwards.
Next gen fw = DPI
WAF = OWASP and web app protections
Indeed. Mentioned in the pinned comment awhile back. ☹️My mouth was on autopilot for a couple min that day it seems. Slide is correct in the download if you use as a study reference. Editor is going to add an annotation today to take care of that. 😉
Just for info: Diameter used in 4G has no in-security in-build. It might be used in inside a VPN between operators (e.g. when you roam or call another operator) or when they are connected via a dedicated cable. But in most cases no security (no int,conf,auth).
👍 ...and Diameter weaknesses would be a concern in 5G NSA, true?
@@InsideCloudAndSecurity Yes, diameter is used for mobility (aka location tracking), policy (anything with regard to routing and charging) in a NSA deployment. So the attacks for location tracking, data interception (backend, you just route the traffic differently), fraud using diameter will work also in NSA. There might even be a good possibility, that some diameter attacks will work with SA, as the 5G SA core will need to have interworking functions (protocol translator boxes) to be able to communicate with other operators.
For the 5G NSA air attacks, they work also like the 4G attacks, as the backend would not support the enhanced user identity privacy on the 5G radio interface, so the radio interface would just use the "normal" 4G identifiers (IMSI / TMSI) in clear.
Another question is, if the 5G air privacy will be allowed in all countries, it makes live for stingrays/false base stations pretty hard and some government prefer to use them over making a lawful interception request to the operators and get the data from there.
sorry this is a bit longer....telco backend sec is somewhat in the 80's...as it is now opening up a lot of nasty details pop up and the legacy stuff is a hard problem.
@@silkeholtmanns6514 Thank you for the detailed response. Fascinating topic and few with real expertise in this area, like yourself.
It's funny because when you look at the initial breakdown of the domains literally the only thing going up is domain 8 by 1% lol. When I took my exam, I am pretty sure there are questions that were for testing purposes for the new exam, like firewalls that may or may not operate on layer 6
Given several questions in every exam are unscored, you could well be right!
Very good video.. Thanks
Glad you liked it, Mike. Ping me with any questions as you prepare. 👍
Thanks for the review. I actually just heard of Kubernetes the other day and was wondering what in Gods name is that? Cause they have a certification for it. Containerization seems to be becoming more and more the rage in the last couple of years.
Definitely the de facto standard for containerization. If that's an area of interest for you, Kubernetes is the one to learn! 😉
. @3:21 minutes, you mentioned flash cards (700). I know there is a practice book that comes with the bundle, but am not sure how to get these flash cards?...I just started preparing for CISSP and came across your videos. Really great videos. Thanks
From the introduction section of the book: Here are some suggestions for using this book and study tools (found at www.wiley.com/go/cissptestprep): Download the flashcards to your mobile device, and review them when you have a few minutes during the day.
@@InsideCloudAndSecurity thanks again
Thank you Pete! Good stuff.
I see few things like pass the hash which I am not familiar with. not sure if this info is accurate. www.globalknowledge.com/us-en/resources/resource-library/articles/everything-you-need-to-know-about-the-2021-cissp-exam-changes/#gref
My pleasure. Reach out if questions as you prepare. 😉
That info is mostly accurate, but calls out a couple of things as new which are not actually new. They are simply elevated to line items in the syllabus. For example, Bell Lapadula Star property has been in the exam for years and is described in my series. Pass the hash is new, and mentioned briefly in this video and also in the "attacks and countermeasures" video in my series. As I warned in this video, some items that look "brand new" are existing items that have simply been elevated to explicit mention in the syllabus, which may mean they are somewhat more likely to get mentioned in a question. I do not see anything on that list that is not mentioned somewhere in my series.
Because I created virtually all of my content in 2021, I'm a little more familiar than most with what is actually new, and which topics are simply getting greater attention
@@InsideCloudAndSecurity Thank you, Pete! I might have missed a few things. will watch the video again.
@Geetha Ram do bear in mind I have 16 videos (and counting) in the series, and I mentioned some of those topics are covered in greater depth in the existing videos. You'll find them all in the CISSP Exam Cram playlist on the channel th-cam.com/play/PL7XJSuT7Dq_XPK_qmYMqfiBjbtHJRWigD.html. But feel free to reach out anytime you have a question! 👍
1:11:42 you just miss match the two type of firewall
Indeed. Good catch Simon and thanks.Just posted the updated pdf and post errata in comments/community and address in the FAQ/AMA video coming up.