khiyalkhiyal Member Posts: 5 ■□□□□□□□□□

Passed my CISSP on first attempt 14/1/2015. When I clicked the "End Exam" button, I was quite confident of having made it; however, it probably just stated, "You have completed the exam". My general experience with any CBT is that they almost always state, "Congratulations" when someone passes the exam. I was so upset that instead of going to the printer to get my printed record of exam, I went to my locker, got all the stuff and was ready to leave. Then I picked up the paper on a second thought and as I was exiting, I took a cursory look and was super excited to see the "Congratulations!"

It took me a few weeks to prepare -- boot camp, and self-study, but this exam had been on my mind for many years so I was inadvertently preparing for it. I firmly believe that this exam cannot be passed without some real-life experience. I have indirectly and directly been involved with at least six of the domains over the past 10 years. Shon Harris book is a good guide for reference so I consulted it whenever I needed to get a detailed understanding of something.

To all yet to take the exam, here is my take on it:

  • It is “really” an inch deep and a mile wide.
  • It is extremely difficult to pass it without having real-world experience.
  • Forget word to word definitions. Save a dozen or so, every single question makes you apply the concepts, not the definition.
  • Time passes quick – I used over five hours.
  • If a question does not make sense, or you don’t immediately come up with an answer, mark it for review and move on.
  • Take a 5-minute break every hour or so. Make sure not to lose your momentum and time your break so you take it at the next difficult question that you face. When you come back, the answer will be immediately obvious.
  • Don’t think about anything related to the exam in your break.
  • The “CEO hat” is a life saver.
  • If you get a question that has a lot of numbers, think beyond the numbers. They don’t want you to do complex math.
  • “Most”, “Least”, “Best”, “Likely”, "Not" are all key words and conveniently highlighted.
  • For the legal domain, you will not find a single question that is straight from any book; instead, it will be application of your knowledge about how the legal system works.
  • Take “Review Questions” for what they really stand for -- “Review”. They are there to help you practice your cognitive skills and develop thinking patterns.
  • Of the several thousand questions that I found on the internet from various sources, there was not a single question that appeared word to word, or even close.

Some logistics:

  • Visit the test center/location a day in advance to familiarize yourself with the area, parking, etc.
  • Arrive at least 30 minutes prior to exam and leave all notes/books/**** sheets/etc behind you. 30 minutes of cramming will likely confuse you more than help you.
  • I was told that there is parking next door to my center, but found out that they close at 7 PM and I had up to 8 PM for exam time. I lost 15 minutes in finding an alternate parking.
  • Have a light snack before the exam. A full meal can make you sleepy and an empty stomach takes a toll on the brain towards the end of the six hours.
  • Check the ID requirements beforehand – They are very strict about them.
  • Cold feet, shivering, panic – all normal; don’t give up. Stay focused.
  • Sleep well the night and the night before – it helps.
  • Above all, Relax!!

I am seriously considering going for the Architecture concentration ASAP while things are fresh in my mind.

Hope this helps.



  • Options
    jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
    Congratulations! Thanks for the encouraging tips; the closer my exam gets, the more I realise memorising specifics will not help. Instead, from what I've read here and on other threads, it's all about concepts.
  • Options
    astudentastudent Member Posts: 26 ■□□□□□□□□□
    Congratulations! Thank you for the advices.

    I know that real-world experience will help for passing this exam. But "extremely difficult to pass it without having real-world experience"? Well.... I will see. :D
  • Options
    dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    Congrats excellent write up. Before i took the exam, I saw where others have said there are no similar questions on the internet to whats on the test . I was wondering how could that be until i took the exam myself. So i say use practice questions to verify your knowledge but don't waste time memorizing them. The MH practice questions and the ones in the back on Shon Harris book are more than enough.
  • Options
    Spin LockSpin Lock Member Posts: 142
    Congratulations on passing and thanks for the great write-up Suhail.

    I would be very interested in hearing more about how real world experience helped as well. I don't disagree with you, just curious to hear your thoughts.

    If your real-world experience consists of setting up routers & switches, my guess is that experience won't help much because the CISSP exam doesn't go into the technical details the way Cisco certs do.

    But if your real-world experience is related to security frameworks, evaluating the pros/cons of access control models, assessing risk, or writing a BC/DR plan, then I think you go into this exam with a definite advantage because those topics are harder to grasp, especially for technical folks. Would you agree or am I off base?
  • Options
    impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    Congrats on the pass, require good study time and experience.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

  • Options
    khiyalkhiyal Member Posts: 5 ■□□□□□□□□□
    Spin Lock wrote: »
    Congratulations on passing and thanks for the great write-up Suhail.

    I would be very interested in hearing more about how real world experience helped as well. I don't disagree with you, just curious to hear your thoughts.

    Thanks. I guess I should have qualified that real-world experience. You are right in that it is less technical, and more actual hand-on application of the concepts. For example, for any question related to BCP, you may know all the stages of any plan, but having gone through an actual recovery, or even having moved off-site provides the "knowledge" required. Similarly, when dealing with malware, knowing what those are is one thing, but to answer the questions you must have gone through the intricacies of knowing how an AV/IDS system works. I experienced our environment coming down due to a zero-day and the knowledge gained during that exercise to bring everything back up was invaluable.

    One thing that I forgot to mention is that the exam is international so there is barely any chance to have anything as specific as HIPAA or any other USA-specific laws/regulations to appear on the exam.
  • Options
    DAVIS NGUYENDAVIS NGUYEN Member Posts: 1,472 ■■■□□□□□□□
    Congrats on passing!
  • Options
    colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    Congrats on the pass!
    Working on: staying alive and staying employed
  • Options
    chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
Sign In or Register to comment.