Passed CISSP, first attempt, sharing preparation techniques for freaks

gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
Hey everyone, just wanted to share my maybe somewhat unusual way to prepare for this exam.

Background: 15 years of combined physical security (electronic access control & CCTV & burglary and alarm systems) and information security (auditing & hardening Microsoft part of infrastructure, I have almost all top MS certs). I love computers and I'm a nerd, so my knowledge in computer & OS architecture is pretty deep. However, I didn't have much knowledge about business. All the DRP, BCP, risk assessments, BIA -- that's a problem for me cause I had zero or only intuitive knowledge about this stuff before I started my preparation.

Time: Well, experience took its part, of course. On top of it I've spent 180 days 2-4 hours each day preparing.

Resources: paid subscription for 180 days ($50), Wikipedia, one or two articles on the Internet. No Shon Harris, no Kurtz, no Conrad, no boot-camps, no nothing.

: I'm not good with books, I just can't read them. I always go nuts if I don't understand something or disagree with something, so I dig deeper, then even more deep and this never ends. I have troubles trusting anything that I haven't thoroughly checked, so reading a 1000 pages technical book may take several years and I don't have so much time for that. So I usually **** reading books as a preparation method.

Practice tests are fine with me, so I bought paid subscription and started taking tests. Initially I had 40-60% of correct answers, closer to the end I had 75-100% of correct answers on "Pro" and "loosely related" and "all domains" difficulty settings.

So each day I took one or less tests (I know that because when my subscription was about to expire I noticed stats saying that I took about 130 quizes) each with 10 to 15 questions in it.

Each time I was picking a wrong answer or a correct one but not being sure 100% why I picked it, I read correct answer explanation provided by and corresponding Wikipedia articles. Wiki has almost everything you need with the exception of good explanation of how labels system works, I had to find some other article on the Internet about it. Wiki has everything else besides labels.

I had to research some questions really deep, especially those that didn't make sense. Probably it was criticized here a lot already, but I was completely pissed when I learnt that "for the purpose of CISSP exam TLS is a transport level protocol" according to Harris' AIO, while I was sure that it is application level. It took a lot of effort for me to kinda convince myself that I should pick 'transport' as a correct answer on this and I hated myself each time I did it. You know, TCP/IP stack doesn't fit well into OSI model and it's often a matter of opinion, not a sturdy science tech. And I hate opinions, I hate 'Best' answers cause you have to kind of assume that someone's opinion on the subject is correct and is truth in its last instance. I love when everything is 100% determined.

I wouldn't recommend this method to anyone but people with similar mental issues. In case you use this method make sure to not pay attention to outdated questions on, more about this later.

Exam: 6 hours is way beyond comfortable level, I think that by using this approach (ISC)2 filters out people who don't have enough grit to stay alert for such a long time, a skill which infosec professional arguably should have in order to deal with incident response, etc. Other than that it's a typical computer-based exam, like almost any other exam out there.

Now, what is different on exam compared to practice tests. There's no outdated **** on exam. I think that roughly 20% of questions on cccure are outdated. I had zero questions on exam about outdated technologies. No questions about: xDSL, SET protocol, S-HTTP, DES & 3DES and all other outdated cryptography, modem pools and all telephony related crap including phreaking, callbacks, RADIUS and TACACS+ regarding their use with modem pools, boxes of various colors, classful routing, TCSEC (damn, I wasted so much time digging thru this crap), RAID levels 2-4 (who ever used this?), clipper chip, T1/E1, etc. There's so many outdated questions on cccure that they didn't remove! I would suggest not to waste time studying some old technologies from cccure practice tests, however, it will affect your scores on practice tests and you probably won't feel yourself confident about your preparedness.

Another tip: logic helps. Many of 'best answer' types of questions can be cracked pretty easily if you strictly follow the logical thinking and don't assume anything that is 'typical'.

So, that's it. for practice tests and wiki, just that.


  • dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    Congratulations on passing the test. Your story is quite a unique one. I think each test is different as the test form i got had questions from 2 of the above technologies you listed as "outdated".
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    Stop RDP Brute Force Attack with our RDP Firewall :
    It is your personal IPS to stop the attack.

  • bryanthetechiebryanthetechie Member Posts: 172
    Congrats on your pass, gespenstern!
  • spark2spark2 Member Posts: 21 ■□□□□□□□□□
    Thank you very much for sharing the above with us and congrats on your pass
  • papadocpapadoc Member Posts: 154
    Congrats on your pass. Amazed that was the only resource you used!
  • Dub_ladDub_lad Member Posts: 17 ■□□□□□□□□□
    I'm using cccure practice tests and cbt nuggets, which are brilliant. Exam in 3 weeks, did the shin Harris videos and tries the book but both boring as hell
  • Dub_ladDub_lad Member Posts: 17 ■□□□□□□□□□
    How did you find the senerio based questions?
  • sameojsameoj Member Posts: 366 ■■■□□□□□□□
Sign In or Register to comment.