Tips for the CISSP Exam
This past month I passed the CISSP exam and I wanted to share my experience with my exam prep.
First some background
The ISC2 CISSP (Certified Information Systems Security Professional) exam covers topics relevant to information security professionals. It is a vendor neutral exam that is one of the most sought after IT security certifications worldwide.
The current 2018 exam focuses on 8 domains:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
The current version of the exam utilizes adaptive testing which the score is based upon the difficulty of all the items presented and answers provided. The testing algorithm adjusts the difficulty of the questions based upon the past questions you have already answered. This allowed the test administration time to be reduced from 6 hours to 3 also reduced the number of items from 250 linear questions to as little as 100 items on the CISSP adaptive exam.
My Preparation Experiences
When I took the exam, I ended up finishing with a passing score after the minimum number of questions. I spent about 7 months preparing for the exam and answered about 3500 to 4000 practice questions. The exam is a mile wide and an inch deep so the practice questions were helpful in developing a sense for the level of understanding the exam was looking for. I would recommend using a materials for various sources to see different viewpoints of the exam.
Resources Used
CISSP All-in-One Exam Guide, Eighth Edition
This book I found more useful as a reference book than a study guide. It goes into more detail than the test goes into. I initially read this book first in my prep buy I would recommend using it as a supplement after studying with other aids.
This book does come with a decent amount of the higher difficulty questions and a license key to access online practice tests.
Cybrary CISSP Course by Kelly Handerhan
https://www.cybrary.it/course/cissp/
This free course is time well spent. Kelly does an excellent job of breaking down the exam topics to the level that is required for the exam. While this course doesn’t provide study questions, it does have a subtopic study guide and flash cards.
CISSP Certification Video Boot Camps by Thor Pedersen
https://www.udemy.com/course/cissp-domain-1-2/
The series of web courses offered through Udemy is worth the investment. Each course costs 9.99 and covers two of the domains with video lectures and practice questions. In addition, Thor an additional set of 500 practice questions packaged as two additional Udemy courses. After taking the exam, the level of these questions match the level of questions on the exam.
CISSP Official (ISC)2 Practice Tests by Mike Chapple and David Seidl
This book provides 1300 unique test qestions including 100 questions per domain plus four additional 125 question practice exams. The questions here cover all levels of difficulty and provide explanations for each of the answers. The questions are also available through an online web portal that simulates the interface used by the official exam.
CISSP course path offered by Pluralsight
If you have a pluralsight membership, I would check out this offering of web courses by Kevin Henry. There are 33 hours of material covered all of the domains in 11 courses. This course doesn’t provide practice questions but it gives another view of the exam material.
Final Tips
- The exam is an inch wide and a mile deep.
- Don’t limit yourself to a single study guide
- Practice practice questions. Plan on at least 3 to 4000 practice questions.
- Many of the multiple choice questions have several answers that are correct but the challenge is to find the best answer.
- Technical questions should be answered at the level of a manager. Again remember the details are an inch deep.
- Likewise, management questions should be answered at the level of an engineer.