CISSP Domains 1 & 2 Rapid Review: 7 Exam Traps

CISSP Domains 1 and 2 come down to one move: read the requirement, then match the concept, and never let a look-alike word make you misread the question. This capstone rapid review covers the 26% of the exam carried by Security and Risk Management (16%) plus Asset Security (10%), drilling the high-yield concepts and the exact term swaps the test is built to exploit.

With Michael, Liam, River, and Sara, we move fast through the CIA triad, the quantitative risk math, due care versus due diligence, the (ISC)2 ethics canons, the business continuity metrics, and the Domain 2 data roles, ending on the single most missed sanitization trap.

In this video:

• The risk formulas: SLE = AV x EF and ALE = SLE x ARO, and the direction trap that costs points
• Quantitative versus qualitative analysis, and the one-word tell that decides which is which
• The four risk treatments and why insurance is transfer, not avoidance
• Due care (act) versus due diligence (investigate), the most swapped pair in Domain 1
• The four ethics canons in order, and why society outranks your employer
• RTO, RPO, and MTD, plus why RTO must always be less than MTD
• Data owner versus custodian, controller versus processor, and never degaussing an SSD

Anchored to the (ISC)2 CISSP Detailed Content Outline effective April 15, 2024.