Hi Larry, today I provisionally passed my CISSP, i would specially thanks to you for making such kind of content that help candidates for preparing their exams with proper mind sets, i was following most of your videos that prepared me for the exam, I am very happy to clear the exam, thank you so much.
Hello Larry, Thanks a lot for this Amazing Video . This helped me a lot. This video was the last thing I watched before exam and it helped me a lot to pass. Your guidance on approaching questions helped me decode them. You are an amazing Trainner !!!
For the question regarding which kind of site will be best for propreitary equipment, according to Shon Harris book, hot/warm/cold sites are all managed by a third party and we purchase a subscription from them. Since hot/warm already has some sort of equipment, it is not proprietary. It is whatever the generic equipment provided by the service provider. But for cold site, we can have our own equipment. Similary, we would have our own equipment at redundant site. But a cold site would be cheaper. So, i would have chosen COLD SITE. Where am i wrong?
Anwer to the question on 28:00 sound a bit strange, because if you get the private key in an asymetric encrypted communication, you can read the plaintext, aren't you? And this would be more specific to "what are the bad consquences that could happened", D) just says that it's vulnerable.
Hi Dura2K, you are sort of correct, in a roundabout way. That is, recall no actual data is decrypted with a private key. The only thing a private key should every decrypt is a symmetric session key. If an attacker is able to indeed find a session key for any given data, then your argument would make sense. But the question itself is why would one migrate to quantum resistant or "post quantum computing or (PQC)" encryption protocols and RSA is not quantum resistant. On a related note, just this summer, NIST has entered round 3 of the PQC selection process and Star Trek fans should be happy to see "CRYSTALS-DILITHIUM" make it! (for signing).
@@gungho1984 Yeah i also disagree with your answer on this question. There are many more key asymmetric algorithms than RSA. The whole point of RSA in this context is to come up with a shared secret key to encrypt the data via symetric encryption. Quantum computing can look at that key exchange and break it - coming up with the shared key and unencrypting the data. The whole point you are moving to latice is you don't want people to break your encryption. D is wrong because it only covers RSA - maybe the organization itself is using another algorithm that would still be vulnerable to quantum computing brute force. great video! this video helped me so much better prepare for the test.
Hi Larry, today I provisionally passed my CISSP, i would specially thanks to you for making such kind of content that help candidates for preparing their exams with proper mind sets, i was following most of your videos that prepared me for the exam, I am very happy to clear the exam, thank you so much.
Passed the exam today, went through your video couple of times , thank you so much
Larry - just came to say that this video, probably more than any other resource; got me through the CISSP exam today! thank you for taking the time!!
I passed today! Thanks for your advice Larry!
Nice one, this course gives materialized way to think and select correct answer, builds confidence
Hello Larry, Thanks a lot for this Amazing Video . This helped me a lot. This video was the last thing I watched before exam and it helped me a lot to pass. Your guidance on approaching questions helped me decode them. You are an amazing Trainner !!!
Hi Ajay, thank you so much for your kind words. And Mazel Tov on your passing! Live Long & Prosper.
Thank you so much Larry for this video. i passed the exam today and these techniques really helped
Awesome! Mazel Tov 🖖
Passed the exam. This video helps me a lot.
Hi Iam new this exam please can you help me to start ?
Thank you for Tips, it was great help during the exam. I passed CISSP 4.08 at 100q.
Mazel Tov! Thank you for sharing your results. Live Long & Prosper!
What were some questions asked?
This is so informative. Thank you Larry!
For the question regarding which kind of site will be best for propreitary equipment, according to Shon Harris book, hot/warm/cold sites are all managed by a third party and we purchase a subscription from them. Since hot/warm already has some sort of equipment, it is not proprietary. It is whatever the generic equipment provided by the service provider. But for cold site, we can have our own equipment. Similary, we would have our own equipment at redundant site. But a cold site would be cheaper.
So, i would have chosen COLD SITE. Where am i wrong?
Depending on what is the recovery time objective. Cheapest doesn’t mean it is suitable. It has to be aligned to business needs
@20:42 "you can't decompile it" ... yes you can. I just wouldn't recommend it as a means of efficient code review 😜
Thank you so much for your wonderful video.
Anwer to the question on 28:00 sound a bit strange, because if you get the private key in an asymetric encrypted communication, you can read the plaintext, aren't you? And this would be more specific to "what are the bad consquences that could happened", D) just says that it's vulnerable.
Hi Dura2K, you are sort of correct, in a roundabout way. That is, recall no actual data is decrypted with a private key. The only thing a private key should every decrypt is a symmetric session key. If an attacker is able to indeed find a session key for any given data, then your argument would make sense. But the question itself is why would one migrate to quantum resistant or "post quantum computing or (PQC)" encryption protocols and RSA is not quantum resistant. On a related note, just this summer, NIST has entered round 3 of the PQC selection process and Star Trek fans should be happy to see "CRYSTALS-DILITHIUM" make it! (for signing).
@@gungho1984 Yeah i also disagree with your answer on this question. There are many more key asymmetric algorithms than RSA. The whole point of RSA in this context is to come up with a shared secret key to encrypt the data via symetric encryption. Quantum computing can look at that key exchange and break it - coming up with the shared key and unencrypting the data. The whole point you are moving to latice is you don't want people to break your encryption. D is wrong because it only covers RSA - maybe the organization itself is using another algorithm that would still be vulnerable to quantum computing brute force.
great video! this video helped me so much better prepare for the test.