CISSP Success! First attempt

SecurityBSecurityB Registered Users Posts: 2 ■□□□□□□□□□
Background:
4 years as a software engineer, 2 years in IT. I have Net+ and Sec+, but other than that have had done only low-level server admin and other basic IT. However, I'm quite heavily involved in the management of security programs at work.

Timeline:
Took 2-week training class sponsored by my employer and realized how behind I was. I spent the next two months studying ~4 hours per day until the exam. I was averaging 70-80% on most practice exams up to the test.


The exam itself:
First of all, let me echo the advice from others that have said that no resource is exactly like the real exam. This is mostly true, but if you think that the plethora of resources out there can't help you prepare then you're simply lazy or misinformed. It's hard to explain exactly how the exam is formatted, but I found that almost no question seemed to have a 'right' answer that screamed out to me. Out of all 250, there were maybe 5 straightforward definition-mapped questions (which were super easy). Otherwise, everything was about choosing the most or least correct answer possible. I either literally or figuratively threw my hands up after reading almost every question.


It took me 5.5 hours to finish the exam and I completed three passes. On the first pass I answered everything, guessing and flagging those I couldn't figure out in the first minute or so. On the second pass I went through the flagged questions, thought about them some more, and chose an answer. On the third pass, I re-read each question to make sure I didn't miss a sneaky 'NOT' somewhere. After the first pass I felt hopeless, having flagged more than 100 questions. On the second pass, I was able to figure a couple of the tougher ones out and I felt a little better. On the third pass, the answers seemed to make sense and I could justify them, so I felt much better. When I finally ended the exam, I had no idea what to expect but was happily surprised when I got handed a single sheet of paper.


As for advice, I found that learning the definition of everything in the AIO or any other resource will only get you about half of the answer--I could usually eliminate 1 or 2 choices right off the bat because by recognizing the terms I knew they didn't belong. Then there would usually be two answers that almost identical except for one slight nuance, and to answer it I had to rely on experience and understanding of the issue.


Resources:

  • CCCure paid edition. I used this the most out of everything. I completed more than 100 exams and over 3,000 questions. I think this was a great resource despite some of the controversy.
  • Transcender CISSP question pack. Pretty good resource, but I wouldn't say it's any better than CCCure. It has fewer questions, but the difficulty is about as close to the exam as you can get.
  • 2-week CISSP training course. Sponsored by my employer. We used a book by Element K and went through all the domains, but I didn't actually learn very much. The most important aspect of this class was that I realized my weak points and was able to make notes of where I needed to focus. Since we blew through material one domain per day, that's about all I could get out of it.
  • AIO 6th ed by Shon Harris. Standard issue. Like many others, I found myself falling asleep while trying to read this so after the first couple weeks I ended up just using this as a reference. If I saw a concept or topic in a question that I didn't understand, I would read about it in the AIO and take some notes.
  • Total Tester software (comes with AIO book). This is the material that comes on the CD with the AIO book. I used it for practice exams and thought it was quite accurate and even the look of the GUI was similar to the real thing. I wish I could have copied some of the questions to my flashcards to review again later but was unable to, so I just used this for full-length practice exams.
  • CISSP Sudy Guide, 2nd ed by Conrad, Misenar, and Feldman. Everyone always raves about this book, and with good reason. It isn't nearly as in-depth as the AIO, but I think its brevity helped me learn the concepts better. Good exam advice, good questions, good amount of detail. I don't think it's enough on it's own, but a necessity in your study materials.
  • StudyBlue flashcards. Online app for making flashcards, which is incredibly useful. I've used it for years for a number of different certs, classes, etc. I made lots of cards during the aforementioned 2-week training course, then I would add questions/topics/terms from other resources that I was struggling with and go through them on my phone during the day. These helped a lot with rote memorization. If you get the paid 'pro' version, it lets you search for materials from other people, so if you're interested you can find, save, and edit copies of my flashcard decks at your leisure.
  • CISSP Study Guide 6th ed by Stewart, Chappel, and Gibson. Basically only used this book for its practice questions, which are quite good (although it only has 15 per chapter). I might have looked over a concept or two, but that's about it for the text. It is well written, but not a must-have.
  • CISSP Practice - 2,250 questions by Vallabhaneni.This was essentially useless. I did maybe 300 questions out of them and they were odd, loosely related, and not very relevant in my opinion. I would only suggest using this resource if you've done everything else.
  • 11th Hour CISSP Guide by Conrad, Misenar, and Feldman. Didn't pick this one up until about a week before the exam, so I only used it shortly. It's brief, but gives a good overview of each domain as well as the "top 5 hardest questions" from each. This was helpful in reviewing all the domains in the last couple days before the exam to hit the highlights. Highly recommended.
  • McGraw Hill Practice Questions. Didn't find this resource until late in the game, but I found it extremely helpful. The questions aren't too difficult, there's a decent amount of them, and the explanations are good. Again, it would have been better if I could copy them to flashcards to review again later.
  • Sunflower Guide by de Frankrijker and Reiner. Read about this on TechExams and found the link. Lots of good info on here and a great study resource that is very well put together. I kept this handy and referenced it as I was going through practice questions as a way to compartmentalize the topics into their associated domains. Again, didn't find this until about a week before the exam so I only used it for a short time.


After putting this list together, it looks like I used a ton of resources, and I did. I tried to do practice questions for each domain from each resource just to make sure there wasn't any topic being covered heavily one place that wasn't in others, and I found that it's generally quite consistent. If I had to do it over again, I think I would stick with CCCure, the AIO, the Conrad study guide, and my flash cards. I seemed to get the most out of these resources.


I may have only scraped by with a 701, but I'm glad to have it behind me. Good luck to all future testers!

Comments

Sign In or Register to comment.