The Four CISSP Exam Frameworks A good way to look at the CISSP exam is to view in through the lens of four different frameworks: CIA: Confidentiality, Integrity and Availability. Technology: technical skills. Management: what is the best approach to do something from a security manager’s perspective? Risk: risk management which is very important topic in the exam Every time you see a CISSP question, you should be able to look it from one of those perspectives or frameworks. If you get a question about symmetric vs asymmetric encryption, then that’s the technology perspective and the question is testing your technical knowledge. A question about the company’s best approach for security, is challenging your management perspective, and here you should put your self in the place of a security manager and think how would a security manager act in the situation. Then you have questions about availability vs confidentiality vs integrity and this is the CIA perspective, while a question about the annual loss expectancy (ALE) is related to risk management. What is the difference between differential and incremental backups? The difference in incremental vs. differential backup is that, while an incremental backup only includes the data that has changed since the previous backup, a differential backup contains all of the data that has changed since the last full backup.1