Options
CISSP - passed on first attempt – July 2, 2014
I’m quite happy and relieved to have passed the exam today. Feels damn good to have this monkey off my back!
I have about 15 years IT experience, the last 10 of which I spent serving in a small IT dept as the IT Manager/server/network/security guy, for a business with approximately 100 users. Small company, but publicly traded, so lots of experience with SOX audits and the types of compliance and controls you’d typically see in bigger shops. So I have experience with most of the CBK, both the management type stuff and the technical engineering side of things.
I’ve been half-assedly thinking about the CISSP for a couple years now, but after getting laid off 2 months ago when they closed my local office, I found the motivation I needed to get serious about it. So I studied for a solid two months, probably 6 hours a day on average.
My feeling is that the exam was definitely not easy, but it was much easier than I had expected. Every question was very well written and clearly worded – there were no trick questions, or ambiguous wording. I felt like the real test was simpler, or at least better written, than any the practice tests I’d taken. There were maybe 10 or so questions that I didn’t really know what they were talking about and had never seen the material before, but I assumed these were unscored beta questions.
I was there about 4 hours total. Took me about 3 hours to do my first pass (including 10 minute break) and then I spent about an hour reviewing the 30 or so questions that I marked for review. It really is an analytical exam, and passing probably has less to do with your technical mastery of the CBK, and more to do with your test taking skills. I found that on many questions where I didn’t know the answer, I was able to think my way through it and eliminate three of the answers as being wrong.
I primarily used the Eric Conrad book and the Sybex book, but also had the Shon Harris AIO and the Official (ISC)2 Guide, which I used for references and deeper reading on certain subjects. After taking the test, I really think the Eric Conrad guide is plenty sufficient, and has more than adequate coverage of the material.
I made notes and flash cards as I went through the books, and think that this probably helped immensely. Looking at other peoples notes/cards won’t help – the value comes from writing it out yourself. The last week before the exam, I was mostly reviewing my notes/cards and taking practice tests.
For practice tests, I used the Total Tester and McGraw Hill questions, and thought that they were pretty good, but not as great as some others here have made them sound.
I also used the questions in the Official (ISC)2 Guide, but happily found that they are not very similar to the real test. These practice questions were frustrating, very poorly worded and overly ambiguous. The only similarity to the actual test was their use of highlighted words like “best”, “first”, “least”, etc…
I bought the SSI Logic book “CISSP Exam Prep – 1000 Practice Questions with Detailed Explanation”, and think it was very helpful, with questions that seemed similar in scope & style to the real test.
Also, someone posted this here a couple weeks ago: CISSP-Main - The 250 question “final exam” is very good, in my opinion, with similar feel to the real thing. But watch out for the answers, I found several that are wrong. You should be able to catch them if you know your stuff.
I think a huge factor in my passing, was the advice given by others on this forum regarding how to approach the questions. You’ve probably heard this advice a lot already, but its worth repeating:
Think like a manager – keep reminding yourself of this every question. It’s easy to fall for a technical answer that makes sense, but take a closer look at the answers and you’ll often find a “better” answer.
Know the (ISC)2 code of ethics, and be prepared to apply it when you see a question dealing with ethical matters or decision making. Your gut feeling may be different, but go with the answer that follows the order of the four canons.
Human safety is always top priority – again, ignore your gut feeling about which answer is right, and go with the answer that prioritizes human safety.
Scenario questions can often be full of fluff and filler to distract you. If you look at the answers first, it’ll give you an idea of what they’re looking for, before you read the scenario. But it’s really not that tough to realize which info is important and which isn’t, so I wouldn’t sweat this.
It really is a “high level” type of exam – I spent countless hours studying technical details that never came up. Even the technical questions are high level, relatively speaking.
If you see that all the answers seem right, then look to see if one of them is all inclusive, kind of like saying “all of the above”. If not, try to determine how one of the answers is different than the other three.
When studying, I was frustrated by how different study guides would outline the steps of various processes in different ways, and how the names of the steps would be different in different study guides. I’m referring to things like BCP, DRP, Incident Management, SDLC. After taking the exam, my advice would be to learn the flow and concepts of these processes, rather than memorizing the names of steps.
I think this is an exam that many people (myself included) over study for…probably because it has a reputation of being so difficult. And those who fail, it’s probably not because they didn’t study the material enough, but rather it’s because they approached the questions the wrong way. But then again, maybe the reason I thought it was fairly easy is because I over studied…
I have about 15 years IT experience, the last 10 of which I spent serving in a small IT dept as the IT Manager/server/network/security guy, for a business with approximately 100 users. Small company, but publicly traded, so lots of experience with SOX audits and the types of compliance and controls you’d typically see in bigger shops. So I have experience with most of the CBK, both the management type stuff and the technical engineering side of things.
I’ve been half-assedly thinking about the CISSP for a couple years now, but after getting laid off 2 months ago when they closed my local office, I found the motivation I needed to get serious about it. So I studied for a solid two months, probably 6 hours a day on average.
My feeling is that the exam was definitely not easy, but it was much easier than I had expected. Every question was very well written and clearly worded – there were no trick questions, or ambiguous wording. I felt like the real test was simpler, or at least better written, than any the practice tests I’d taken. There were maybe 10 or so questions that I didn’t really know what they were talking about and had never seen the material before, but I assumed these were unscored beta questions.
I was there about 4 hours total. Took me about 3 hours to do my first pass (including 10 minute break) and then I spent about an hour reviewing the 30 or so questions that I marked for review. It really is an analytical exam, and passing probably has less to do with your technical mastery of the CBK, and more to do with your test taking skills. I found that on many questions where I didn’t know the answer, I was able to think my way through it and eliminate three of the answers as being wrong.
I primarily used the Eric Conrad book and the Sybex book, but also had the Shon Harris AIO and the Official (ISC)2 Guide, which I used for references and deeper reading on certain subjects. After taking the test, I really think the Eric Conrad guide is plenty sufficient, and has more than adequate coverage of the material.
I made notes and flash cards as I went through the books, and think that this probably helped immensely. Looking at other peoples notes/cards won’t help – the value comes from writing it out yourself. The last week before the exam, I was mostly reviewing my notes/cards and taking practice tests.
For practice tests, I used the Total Tester and McGraw Hill questions, and thought that they were pretty good, but not as great as some others here have made them sound.
I also used the questions in the Official (ISC)2 Guide, but happily found that they are not very similar to the real test. These practice questions were frustrating, very poorly worded and overly ambiguous. The only similarity to the actual test was their use of highlighted words like “best”, “first”, “least”, etc…
I bought the SSI Logic book “CISSP Exam Prep – 1000 Practice Questions with Detailed Explanation”, and think it was very helpful, with questions that seemed similar in scope & style to the real test.
Also, someone posted this here a couple weeks ago: CISSP-Main - The 250 question “final exam” is very good, in my opinion, with similar feel to the real thing. But watch out for the answers, I found several that are wrong. You should be able to catch them if you know your stuff.
I think a huge factor in my passing, was the advice given by others on this forum regarding how to approach the questions. You’ve probably heard this advice a lot already, but its worth repeating:
Think like a manager – keep reminding yourself of this every question. It’s easy to fall for a technical answer that makes sense, but take a closer look at the answers and you’ll often find a “better” answer.
Know the (ISC)2 code of ethics, and be prepared to apply it when you see a question dealing with ethical matters or decision making. Your gut feeling may be different, but go with the answer that follows the order of the four canons.
Human safety is always top priority – again, ignore your gut feeling about which answer is right, and go with the answer that prioritizes human safety.
Scenario questions can often be full of fluff and filler to distract you. If you look at the answers first, it’ll give you an idea of what they’re looking for, before you read the scenario. But it’s really not that tough to realize which info is important and which isn’t, so I wouldn’t sweat this.
It really is a “high level” type of exam – I spent countless hours studying technical details that never came up. Even the technical questions are high level, relatively speaking.
If you see that all the answers seem right, then look to see if one of them is all inclusive, kind of like saying “all of the above”. If not, try to determine how one of the answers is different than the other three.
When studying, I was frustrated by how different study guides would outline the steps of various processes in different ways, and how the names of the steps would be different in different study guides. I’m referring to things like BCP, DRP, Incident Management, SDLC. After taking the exam, my advice would be to learn the flow and concepts of these processes, rather than memorizing the names of steps.
I think this is an exam that many people (myself included) over study for…probably because it has a reputation of being so difficult. And those who fail, it’s probably not because they didn’t study the material enough, but rather it’s because they approached the questions the wrong way. But then again, maybe the reason I thought it was fairly easy is because I over studied…
Comments
-
Options
tst121
Member Posts: 6 ■□□□□□□□□□
Hi,
Congratulations. I am in similar situation as you and really thinking of taking CISSP. I've tried to pm for further advice. -
Options
Doyen
Member Posts: 397 ■■■□□□□□□□
Congratulations on the pass
Goals for 2016: [] VCP 5.5: ICM (recertifying) , [ ] VMware VCA-NV, [ ] 640-911 DCICN, [ ] 640-916 DCICT, [ ] CCNA: Data Center, [ ] CISSP (Associate), [ ] 300-101 ROUTE, [ ] 300-115 SWITCH, [ ] 300-135 TSHOOT, [ ] CCNP: Route & Switch, [ ] CEHv8, [ ] LX0-103, [ ] LX0-104
Future Goals: WGU MSISA or Capital Technology Univerisity MSCIS Degree Program
Click here to connect with me on LinkedIn! Just mention your are from Techexams.net. -
Options
zxbane
Member Posts: 740 ■■■■□□□□□□
Congrats! I'm sure that without a doubt your vast years of experience played a part in your success. -
Options
datacomboss
Member Posts: 304 ■■■□□□□□□□
Congrats on the pass and thanks for the perspective. The CISSP is my next mountain to climb after completing the PMP."If I were to say, 'God, why me?' about the bad things, then I should have said, 'God, why me?' about the good things that happened in my life."
Arthur Ashe -
OptionsTheProfezzor
Member Posts: 204 ■■■□□□□□□□
Congratulations on the pass. I face the monster in 8 days. Lets hope your suggestions are worth it
OSCP: Loading . . . -
Options
CyberfiSecurity
Member Posts: 184
Congrats![SIGPIC][/SIGPIC]
Vice President | Citigroup, Inc.
President/CEO | Agility Fidelis, Inc. -
Options
aftereffector
Member Posts: 525 ■■■■□□□□□□
Congratulations! I felt exactly the same way you did when I sat for the test - it's not technical, it's not even particularly tricky, but you have to know the concepts inside and out. When you do, the test almost takes itself!CCIE Security - this one might take a while... -
Optionscgrimaldo
Member Posts: 439 ■■■■□□□□□□
congrats! I am in studying for the exam as well. While I can't dedicate 6 hours a day to studying, I try to squeeze in reading sessions when I can. I hope it's enough! Your review is definitely helpful. Thank you!
-
Options
impelse
Member Posts: 1,237 ■■■■□□□□□□
Congrats and thank for the tip.Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack. -
Options
EasyPeezy
Member Posts: 111 ■■■□□□□□□□
Congratulations....2015 Goals: ISO27001:Lead Auditor COLOR=#FF0000]Passed[/COLOR...
2016 Goals: M.Sc Cyber Security :study:, ITILF COLOR=#FF0000]Passed[/COLOR, COBIT5 F COLOR=#ff0000]Feb[/COLOR][COLOR=#ff0000].[/COLOR, CGEITCOLOR=#ff0000]Jun[/COLOR][COLOR=#ff0000]. ???[/COLOR, CIPMCOLOR=#ff0000]???[/COLOR -
Optionstst121
Member Posts: 6 ■□□□□□□□□□
Hi Easy,
Are you currently working in IT sec? How can I PM you? -
OptionsEasyPeezy
Member Posts: 111 ■■■□□□□□□□
Yes please.... feel free.2015 Goals: ISO27001:Lead Auditor COLOR=#FF0000]Passed[/COLOR...
2016 Goals: M.Sc Cyber Security :study:, ITILF COLOR=#FF0000]Passed[/COLOR, COBIT5 F COLOR=#ff0000]Feb[/COLOR][COLOR=#ff0000].[/COLOR, CGEITCOLOR=#ff0000]Jun[/COLOR][COLOR=#ff0000]. ???[/COLOR, CIPMCOLOR=#ff0000]???[/COLOR -
Options
fullcrowmoon
Member Posts: 172
I'm in the same situation - taking the PMP the first week in August and then hoping to take the CISSP in December, if I feel prepared enough.
Congrats to the OP for passing his exam!"It's so stimulating being your hat!"
"... but everything changed when the Fire Nation attacked." -
Options
bensen408
Member Posts: 5 ■□□□□□□□□□
Congrats! I'm taking the CompTIA Security+ exam next Saturday and was tossing between whether to move on to the SSCP or to Microsoft and start my MCSE track.
