There've been so many excellent writeups about passing the CISSP, so I will keep this brief. I read over 750 pages of the Shon Harris book and over 900 pages of the Official Guide (OG). I attended the 5-day ISC2 seminar and obtained their workbook and flash cards. I didn't end up using the workbook at all, but I did use the flash cards. I didn't take any practice exams. I did complete practice questions at the end of each chapter (for the chapters I read). I did skim two of the OG chapters I didn't read.
The test had many easy questions, many medium-difficulty questions, a few hard questions, and a few memorization questions. My primary challenge was trying to avoid misinterpreting the intent of the questions. I used the comment feature to comment on a few of the questions where the intent was unclear. Because I didn't spend time memorizing, I'm sure I missed a number of those questions. Most questions were fairly easy to narrow down to two of the four answers. I finished the exam in about 5 hours and 40 minutes. After completing my review, I had about 8 minutes left. I didn't feel rushed (very happy about that).
Overall, I believe the following helped me pass the exam:
- Studying for and passing the Network+exam
- Studying for and passing the Security+exam
- The Official Guide book
- The AIO book
- My 11+ years experience in IT Audit
- Researching technical security topics for IT audi issues
- Reading books about the Linux operating system and other technical topics
In other words, my cumulative knowledge and experience helped me discern the correct answers. I believe it would be very difficult to pass this exam without experience (from book study alone). On the flip side, I believe it would be very difficult to pass this exam without book study (from experience alone).
Overall, I'm pleased that I took the time to study for and pass the CISSP. It forced me to learn things about a wide variety of security-related topics that I would have never otherwise taken the time to learn.
