Took new CISSP test in May 2015
brenbrenOK
Member Posts: 46 ■■□□□□□□□□
in SSCP
If you think you are going to study any of the current material in any of the current books out and pass, you are kidding yourself. I don't know what they did the last time they changed a test, but to think you can study the Shon Harris book and pass right now, is a total lie and don't let anybody tell you any different. Don't spend money on a book camp, don't spend money on practice tests. They are trying to create a baseline on this new test so don't expect many questions that are in the Shon Harris book or many questions in the new CBK book.
Before anybody starts hating, I have been in the Security industry for 11 years, the last 4 with a major IT company on a government contract. I didn't need the certification for work immediately, but I took it, by reading the Shon Harris book and taking about 5,000 practice test questions. So just doing that I took the test in April. I made a 696, ugh. So much for not studying, but it was really my fault, I went too fast and didn't flag questions and didn't go back and make sure I didn't skip over any questions, if so I wouldn't be here right now. However, with all the information from all sources saying this test would just be a reorganization of material, and updated a LITTLE, and expanded a LITTLE. Total lie. Either they are going to fail everybody or they are going to have to grade on some kind of curve. I signed the NDA so I can't say what was or wasn't on the test, but suffice it to say, there wasn't much on the test you could study for. Maybe they knew it was me re-taking the test so they gave me a different one, but from what I'm hearing from people who took the test, I think we all had the same experience. Good luck to whoever is taking it now, but look at it this way, you don't have to take a long time studying, because there is really nothing to study. If anything get the new CBK book and us psychoanalysis on the book and think of the most deep, thought provoking question that could be asked in about one or two domains in the book, and then go about 10 layers deeper than that. That is the question you are going to get for the majority of this test. Notice I said majority. This is not longer a mile wide and inch deep book, it's more like an inch wide and a mile deep on theory, but "who's theory"? I'm sure I won't be the first or last person to post on this subject. As I sit here I haven't heard if I passed or failed, and when I think about it, I can remember answering some of the questions right, but if you think this is your "grand dad's old test". Think again. Except for a few questions, this is not a memorization test at all. At least with the old domains you knew what a server was and where to put a DMZ. This is a lot deeper test than it used to be.
Before anybody starts hating, I have been in the Security industry for 11 years, the last 4 with a major IT company on a government contract. I didn't need the certification for work immediately, but I took it, by reading the Shon Harris book and taking about 5,000 practice test questions. So just doing that I took the test in April. I made a 696, ugh. So much for not studying, but it was really my fault, I went too fast and didn't flag questions and didn't go back and make sure I didn't skip over any questions, if so I wouldn't be here right now. However, with all the information from all sources saying this test would just be a reorganization of material, and updated a LITTLE, and expanded a LITTLE. Total lie. Either they are going to fail everybody or they are going to have to grade on some kind of curve. I signed the NDA so I can't say what was or wasn't on the test, but suffice it to say, there wasn't much on the test you could study for. Maybe they knew it was me re-taking the test so they gave me a different one, but from what I'm hearing from people who took the test, I think we all had the same experience. Good luck to whoever is taking it now, but look at it this way, you don't have to take a long time studying, because there is really nothing to study. If anything get the new CBK book and us psychoanalysis on the book and think of the most deep, thought provoking question that could be asked in about one or two domains in the book, and then go about 10 layers deeper than that. That is the question you are going to get for the majority of this test. Notice I said majority. This is not longer a mile wide and inch deep book, it's more like an inch wide and a mile deep on theory, but "who's theory"? I'm sure I won't be the first or last person to post on this subject. As I sit here I haven't heard if I passed or failed, and when I think about it, I can remember answering some of the questions right, but if you think this is your "grand dad's old test". Think again. Except for a few questions, this is not a memorization test at all. At least with the old domains you knew what a server was and where to put a DMZ. This is a lot deeper test than it used to be.
Comments
-
gespenstern Member Posts: 1,243 ■■■■■■■■□□That's valuable information, considering that you attempted it before and after and can compare. Thanks for sharing.
-
E Double U Member Posts: 2,233 ■■■■■■■■■■b/eads will be happy to hear thisAlphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
gespenstern Member Posts: 1,243 ■■■■■■■■□□E Double U wrote: »b/eads will be happy to hear this
Oh yeah. But he was sure that exam didn't change much. So I'm expecting another line here, let's see... -
rebelution Member Posts: 33 ■■■□□□□□□□My company sends everyone who needs to be CISSP compliant to a training they have contracted out. I'll be in it next week and I intend to talk to the instructors about what was mentioned by the OP. I'll update with what I hear.
-
brenbrenOK Member Posts: 46 ■■□□□□□□□□I'm not sure who you are taking your testing from, but I have all the material from the old test and all the material from the new test and there wasn't much difference from the material. Actually the old material was put together better since the company had to throw together info that was "new" and there were many mistakes and MANY quotes/explanations from Wikipedia, which I thought was kind of funny. I'd ask this training company if any of the people who they have taught for the new exam have gotten their grades yet, because I haven't heard of anybody who has yet. Just telling the truth here, and maybe the first people who take the tests, will be the guinea pigs who get graded on a scale, but new material based off of old material will not allow you to pass this test.
-
brenbrenOK Member Posts: 46 ■■□□□□□□□□The test changed dramatically. Like I said, I'm not sure, if they are just doing this so they can decide which questions will be in the final version, but this was a total shock for me.
-
beads Member Posts: 1,533 ■■■■■■■■■□Hey I am open to the possibility that the (ISC)2 is up to just about anything but world domination. Then we'd have to call in the Avengers and take em all out. Evil invisible hand conspiracies and all. Under the Members only section you can get the latest published statistics on membership. Its also in a very human but machine reading unfriendly format.
This is hardly a great way to tell if people are passing the exam or not but the (ISC)2 website currently reports: 64889 CISSPs in the United States as of 1 May 15. Using this method we'll have to look and compare next month when the stats change again. It would also be nice if we had some stats from the first quarter, month over month, etc. but I don't think anyone on the board had that type of insight into this being such a problem.
If for some reason you are sitting on a plethora of juicy conspiracy, I mean CISSP stats from before the format change please compile and submit to the board for comparison.
Fair enough? Glad I have become so infamous for being the tech-grouch of the board. LOL
- b/eads -
brenbrenOK Member Posts: 46 ■■□□□□□□□□Where anywhere in my comments did I mention anything about a conspiracy? Where did I say anything about the number of CISSP's as of May 1st? Buddy you have a conspiracy going on in your head. I posted here because I took this test on April 1st and I took the test on May 5th. I went to a boot camp in March and I went to a boot camp in April. Boot camps both the same, instructors saying "well we will review this, but this won't be on the test this is too deep". New boot camp instructor, was better for me because he went a little deeper into networking, I like that kind of stuff, but I have work to do and I let the engineers mostly handle that. However admittedly this instructor was not big on programming and said, again, like the other guy, don't have to worry about getting too deep in here, they won't ask you those kinds of questions. Are they going to pass people this time around, I'm sure they will. When you look at next month's numbers will the number be up? I don't know, they told the people taking it on April 15th that it would be 6-8 weeks, so I don't think anybody knows. HMMMM nobody has any insight into this being such a problem, really? No joke, nobody has gotten their scores so NOBODY knows yet. I've got something better. No conspiracy, you have 8 certs behind your name that I can see, you go take the new test and come back and report on here. I've got no conspiracy, I have my experience taking the test just a little over one month apart and what I took on May 5th looked nothing like what I took on April 1st and that's no joke.
-
brenbrenOK Member Posts: 46 ■■□□□□□□□□IF (ISC)2 were so concerned in actually teaching people to be a CISSP, I know that's not a job it's a certification, then why not do something novel. Have people who already have their CISSP take the test without fear of losing it, then have regular people taking it for the first time and do some kind of psychometrics on that. Wouldn't that be a better measure of what should or should not be on the test? I can't specify what kind of questions that were on this one compared to the last one, suffice it to say, that there is a huge difference. I can tell you that I have written security plans, I have audited security plans, I have done risk assessments, I have done pen testing, I have been on the business side and I have written SLA's, and I reported SLA metrics on a monthly basis for 4 years. I was involved in MDM architecture, clients, and policies for GFE and BYOD devices. I have configured Symantec Endpoint Protection and configured policies, firewalls, proactive threat protection and network threat protection in that product, which is just like every other Endpoint protection. With all of this MAYBE 5, at the MOST 10 questions were on this test that you could have studied from the book. If you don't believe me go sign up tomorrow.
-
brenbrenOK Member Posts: 46 ■■□□□□□□□□Anyway sue me for being the first person who is willing to post the truth about the test. I'm not asking for absolution from you, nor do I care if you believe me. It is what it is.
-
riyan Member Posts: 161 ■■■□□□□□□□@brenbrenok did u read cbk 4th edition cover to cover?
your 2nd attempt result is yet to be announced. it would be very surprising if you could not make it considering your past experience and work history. we have been trying to advice cissp cert aspirants to cater into account the changes for CBK 4th edition. You can see the previous post.
Good luck!!!! -
brenbrenOK Member Posts: 46 ■■□□□□□□□□Pretty much cover to cover. Took the questions at the end of every domain and did well enough to pass. And I very well may have passed but what I was studying for using everything I had, in my mind did not prepare me for this test. I was prepared for the questions that were one the first test, actually I was over prepared for the question that were on the first test, the 2nd time. The crazy thing was that the few questions that were on there where you could have learned from either of the books, were so elemental, I thought there must have been some trick. LOL. But when the (ISC)2 code of ethics is not even a question on the test? Come on, are they really testing on the CBK? That's all I'm going to say right now, so I don't get in trouble. I hope I'm just talking for nothing and I get a letter in a month that says I passed, however it sure doesn't feel that way now. I do have the 4th Edition, in fact I bought it twice. Once when it first came out on Amazon, electronically, and then I bought the hard cover when it came available. I really did fall into the trap that if you have studied the Shon Harris book, you will be okay. And I compared it to the 4th Edition, and most of it is almost identical, however books being somewhat identical does not tell the story of how they structured this test. I've heard many people say that this test is a mile wide and an inch deep. My test was 1/4 mile wide and a 1/2 mile deep. And it could just be this way during the time that we unfortunate people happen to be taking the test during this change. I can't imagine the test staying in it's current state. Thanks for letting me vent. However these website claiming that 90% of their students pass are going to be in for a rough time, and I can see many, many people asking for their money back. Cheers
-
grungeisevil Member Posts: 39 ■■□□□□□□□□Thanks for sharing brenbrenOK. Really appreciate this as my exam's are in June and this may change the pattern on how I approach the exam.
I'm slightly confused by your statement and hope you don't mind clarifying. You said that you've read Shon Harris's book and also said that the test was 1/4 mile wide and 1/2 mile deep.
My understanding is that Shon's book is pretty in depth when it comes to explaining each domains. Are you saying that even with such details, the exam questions are not asking based on the information explained by the book?
If so, that is really scary and I may need to rethink on the timing of my exam.
Thanks again buddy -
maxer Member Posts: 11 ■□□□□□□□□□Considering the amount of text written from brenbrenok in each message and his tone of writing it makes me think that those statements are not to be taken very seriously, the truth is always in the middle, never at extremes, just my 2 cents.
I just think to study CBK 4th and related questions, then i have my experience and that's all i need to give the exam.
No personal issue with him though.
Rg,
Maxer -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Obviously it is good to hear a perspective on the new test and it's appreciated. But at the same time most people know what this test is like going in. My buddy is in the Naval Reserves and teaches a CISSP course to Navy personnel. He has a pretty decent pass rate for his course and he has told me that a lot of people who have taken his course had already taken the test once before his course. Some have taken it more and had taken several boot camps. This is a ton of information and honestly if you go in with an idea less then everything is testable then you are setting yourself up for failure.
The biggest thing is you have to toss out your thought process and think like ISC2. Now I will figure that your argument will be that their thinking isn't how it is in the real world and you would be correct in that thought. But the same can be said for any number of certifications. There is the Microsoft way and the way that works. Microsoft way for the test and the way that works for the real world.
5000 questions and the Shon Harris book is honestly not enough to pass this exam. I realize you have 11 years of security experience, but again with a test like this that wouldn't be enough to pass. My Navy friend above worked with a three letter agency in information assurance for years and even he took two bootcamps along with studying for about a year in order to pass.
Please don't take this response as a sign of disrespect because that is not my aim. But based off of your post I can only say that a larger effort needed to be put in for this exam. I did the following:
60 days of studying with:
Transcender
11th Hour
Slides made by my buddy for his course
The Official ISC2 Guide with notes
Cybrary CISSP Videos
Various random online material
Six years of varying IT/Security experience
Even with all of that I felt unprepared for the exam. When I finally finished I was positive that I did not pass and my brain was mush. My buddy would ask me on a daily basis, "are you still studying?" If I said I was pretty sure I was good to go, he'd ask me a question and then send me back to studying because I didn't have the right answer.
Just my 2 cents. (I'll wait for the rush of down posts to my repWIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
gespenstern Member Posts: 1,243 ■■■■■■■■□□the_Grinch wrote: »The biggest thing is you have to toss out your thought process and think like ISC2.
Just a side note, never understood that "think like ISC2" or "wear a manager hat" and stuff like that. Personally, I thought like I always do and passed and was completely satisfied with exam questions. Unlike some other exams, hehe
Yeah, they have some minor issues like "for the purpose of CISSP exam TLS is a transport layer protocol" which is clearly dumb, but I hope that they fix these things gradually and eventually TLS will be an application layer with a little session layer activity. Same goes for everything else... -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■I tend to think for a lot of us, as engineers or administrators, we look at issues from an almost completely technical perspective. Where as, ISC2 tends to look at it more from a policy or higher level perspective. Obviously, there are and should be two perspectives, but in regards to the test there is but one. A lot of it depends on your position and what you do.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
brenbrenOK Member Posts: 46 ■■□□□□□□□□What I meant is "everybody" says this test is a mile wide and an inch deep. The test I took was not a mile wide and an inch deep. Yes Shon Harris' book is very good, what I am saying is THIS test that I took was no representation of the Shon Harris book. I admitted here that I studied the Shon Harris book and went to a book camp the first time around on April 1st. I do have a breadth of knowledge on all the areas she explains in her book. You are correct the exam questions that I took on the NEW TEST on May 5th, was not even close to the test I took on April 1st. I did have the new CBK and I also read that. This test asked WAY deeper questions than what I had been studying previously. I actually commented after about the 50th question and asked them if they were sure I was taking the correct test. Without saying it was like a deep CSSLP test. I do have the CBK CSSLP book too and when I got home I read that and the standard "things" you learn in there were too high level for this particular test. Like I said, maybe it's the timing between the old and the new and they are working on what they want the final test to be, but I was very surprised after just have taken the test one month earlier.
-
beads Member Posts: 1,533 ■■■■■■■■■□brenbrenOK wrote: »Where anywhere in my comments did I mention anything about a conspiracy? Where did I say anything about the number of CISSP's as of May 1st? Buddy you have a conspiracy going on in your head. I posted here because I took this test on April 1st and I took the test on May 5th. I went to a boot camp in March and I went to a boot camp in April. Boot camps both the same, instructors saying "well we will review this, but this won't be on the test this is too deep". New boot camp instructor, was better for me because he went a little deeper into networking, I like that kind of stuff, but I have work to do and I let the engineers mostly handle that. However admittedly this instructor was not big on programming and said, again, like the other guy, don't have to worry about getting too deep in here, they won't ask you those kinds of questions. Are they going to pass people this time around, I'm sure they will. When you look at next month's numbers will the number be up? I don't know, they told the people taking it on April 15th that it would be 6-8 weeks, so I don't think anybody knows. HMMMM nobody has any insight into this being such a problem, really? No joke, nobody has gotten their scores so NOBODY knows yet. I've got something better. No conspiracy, you have 8 certs behind your name that I can see, you go take the new test and come back and report on here. I've got no conspiracy, I have my experience taking the test just a little over one month apart and what I took on May 5th looked nothing like what I took on April 1st and that's no joke.
First off, I ain't your "buddy". Second the conspiracy comment was never directly accredited to any one individual nor was it intended to be. I was being a bit facetious, that much is true. Security people are often guilty of seeking out such information or accusing others of being a part of some paranoid plot. Are you sure you work in security? Lighten up.
No one anticipated such a radical change in the exam as well. Otherwise, yes, people would have been compiling stats well in advance and comparing to the statistical BASELINE in order to see the if the statistical mean is or has changed. You might recall such as being known or referred to as the "scientific method". Its very quantitative in nature and frankly all we have to work with post fact, post exam change. In simplest terms I am describing a type of audit. You practice audit during your duties as a security practitioner every day or your not practicing security - trust me. I had this discussion any number of times over the year and in the end no one has ever proven me wrong. Security involves audit and audit based principles at its very core or you'd have nothing to base your decisions on. Given that the new stats generally come out at the beginning of the month, it should be noticeable even-though the individual hasn't been notified. Since your not a member I cannot give you the link to the information yet but it is indeed there. Used to be able to look up individual names but I haven't bothered in many years to know if or where that might be nowadays or if it still exists.
The CISSP is a broad based security exam once covering 10 now a combined 8 domains. Should be broader but with your network centric background I can understand your frustration with the new exam. I am quite confident in stating someone has already passed the exam with no other additional information not available to you or anyone else. Perhaps those who will are just insanely lucky and we'll have you and you alone to thank in showing the (ISC)2 the ills of there ways in creating such a monstrosity.
Your ticked and hate everyone who passed earlier - go it. Please have a nice rant.
- b/eads -
brenbrenOK Member Posts: 46 ■■□□□□□□□□Maxer,
The amount of text I'm writing is because I just took the two test so close together. Don't take my comments seriously, I'm not here to get your approval. I'm not sure what writing tone you think I'm taking. I've posted about 10 times here, what motive would I have to come on here and post about anything that wasn't true. I didn't post one thing about the test I took in April because I know that was my fault, I went too fast, didn't double-check my work, didn't flag any questions, because I knew the material that I studied, and yea I got a 696, I will take the blame for that. I'm simply trying to describe the different experience I had taking the old and new test. Every person that was in this latest boot camp has reported back the same thing to our group. It's true there were no questions on (ISC)2's Code of Ethics, there were not a lot of questions on most things that you would think would be on a CISSP test, based on the test that I took before. Have you taken the test? -
brenbrenOK Member Posts: 46 ■■□□□□□□□□Grinch,
I don't feel disrespected, I'm sorry I didn't fully say what else I studied. Yes I read Eric Conrad's 11th hour book, I made flash cards, I was in a study group, and again I will say I made a 696 on the previous test, and I will admit it was my fault for not going back and rechecking my questions, flagging questions, etc. I'm trying to relay my first hand knowledge of taking this new test. Flash cards would not have done any good, knowing networking, cryptology, security models(other than one very obvious one, and there were only two questions on that) wouldn't have helped. Knowing where a DMZ should be or even knowing what a DMZ was would not have helped on this test. This was a totally different test, that's all I can say. I'm just confused on how they are going to grade this. I guess I'm not explaining myself very well, but no matter, I was just here to pass on information. I knew they were going to take it in a newer direction, I just didn't think it would be this radical. -
brenbrenOK Member Posts: 46 ■■□□□□□□□□How can you know if somebody has passed the test yet when not enough people have taken the test for it to be scored yet. I know 50 CISSP's who have taken the test earlier and who are friends of mine. Where did you imagine my saying I was mad at people who passed the test because I didn't. If you would have read any of my earlier posts, I'm mad at myself for not following the strategy when I took the test the first time. I understand auditing and I have done that, auditing is based on known security controls you have in place and how effective those controls are. I audited four of our security plans. Yes I have audited system and security event logs, network logs, etc. Yes I know that we will only have post fact, post exam change to go on when such numbers are posted. I can tell you first hand that the test I took was a radical change. I don't have a network centric background and I never said I did. I know this is a broad security exam, I have broad security knowledge, somehow you are not getting what I'm saying. I'm not hating here. And you're being a condescending....not so nice guy. And I didn't say I failed, I don't know, I might have I have to wait and see, I'm simply giving my experience after taking the previous test and the new test so close together. If you don't want to believe me then you don't have to. So you lighten up, you don't have first hand knowledge of what the new test is. I do. After you talk to more people who have taken the new test, then come back and tell me that they didn't tell you it was completely different.
-
brenbrenOK Member Posts: 46 ■■□□□□□□□□Grinch,
I am a policy guy. I am the one who writes processes and procedures and policy "stuff". I do a lot of things and do have a broad knowledge in all of these areas, that's why I was able to make a 696 the first go-around. When I got that score of course it was heartbreaking, but I took it in stride and doubled down on my studying for the next 30 days, so with everything being the same, and my working knowledge of the additional information, if this were the old test with these new things added in, I wouldn't be sweating it. More than a couple things I have looked up and was like "whew" I got that right, but that wasn't anything I studied. So maybe they are going more intuition-like on these, and getting away from standard cryptography, networking, architecture, etc, because I guess like Albert Einstein said, if I want to know my phone number I will look it up in the phone book, why do I have to remember that? LOL. Anyway I really came here just to talk about my experience, and yes I do get a little passionate, but I will let other people find this thread and post their experiences. I shouldn't expect anybody to believe the first guy who comes forward and talks about their particular experience. Most of the people who were in my boot camp are still in shock. LOL. And they are calling the company and asking for refunds. -
brenbrenOK Member Posts: 46 ■■□□□□□□□□Here's a post from another thread and what this guy heard from the people who went to the bootcamp and who took the new test, so it's just not me:
Hey Pablo,
A 4 guys I know took the exam throughout the last 4 days and all received the same feedback - they need to wait the 6 weeks in order to get receive their results. I talked to one of my colleagues that used to write exam questions for ISACA (I understand it's not ISC2), but he said that what they are trying to do is established a new baseline. They are examining the level of difficulty of the exam and how everyone compares to each other on a large scale.
I would assume that there is more leniency during this initial phase of the exam than when the baseline has been established.
I attended a bootcamp recently in which they updated their training materials to align to the 8 domains. Without violating the NDA, the guys that took it just told me they felt underpepared and the current available material out there does not prepare you for the current version of the exam (After April 15th). That's all I got - I take the exam tomorrow, so just hoping for the best and going in with the attitude that I've put in the work at studying and preparing myself for this exam. -
brenbrenOK Member Posts: 46 ■■□□□□□□□□Sounds like it. One of the reasons I decided to take this test is because I am on a contract with the Federal Government and I come across CISSP's all the time, and to put it bluntly, who don't know squat, so I would have thought he would want to listen to what my experience was on this new test. His prerogative. It will come out in due time. Anybody who doesn't believe me and can come back and report what their experience was.
-
riyan Member Posts: 161 ■■■□□□□□□□brenbrenOK do not take seriously other members views about your observation. As I said to you, official result is yet to be announced. Some members (You-Know-Who) are fond of rubbing salt on someone else injury. Do not put any heed to them.
I have one question, why did not you do a waiting before you appear for post-15 April test. Who advised you or from where you get the feeling that you will face the same type of questions?
I remember when ISC2 introduced mandatory CBT somewhere around 2012. There were quite apprehension at that time and it took around six (6) months to settle things down. I would also draw your attention between updates in 1st --> 2nd --> 3rd CBK. All of them had ten (10) knowledge area and they just re-shuffle the chapters here & there and renamed the chapters and may added some cosmetic changes. But for 4th CBK they reduced the domains thus MILE-WIDE is cut short to Half-Mile-Wide. Naturally they need to increase the depth so that overall complexity would be same. The true nature of Post-15 April 2015 changes are now unfolding. I am sure other post-15 april 2015 era CISSP exam candidate feedback will be similar. Till we reached some kind of understanding and equilibrium phase
-
brenbrenOK Member Posts: 46 ■■□□□□□□□□Yea I'm not, I saw your Ghost of Shon Harris comments. LOL. Too funny. Hmmm well I took the test as soon as possible, because 1.) I'm impulsive and I hate not passing a test 2) Most of the newer stuff that was in there about asset security, security testing, I thought more emphasis on Cloud computing, PaaS, Saas, IaaS, and the like I have been doing full time for the last 4 years. So with that being said, and EVERYWHERE I read, CCCure, InfoSec, and other Boot Camp type places said that studying the old material was fine and there was not much new in there it was just rearranged. I even resat for a Boot Camp, on them, and the material they produced was almost identical to the material that was before this new test. So believing that and having 30 more days to do nothing but build on what I had studied already, including the new stuff of course, I thought I was truly prepared. I was expecting the normal question about architecture, networking, cryptography, operations, BIA/BCP/COOP, like everybody else who has taken the test so I'm not "giving" anything away. This was definitely a more thought provoking test, I get that, but some of the questions were industry specific. But when I tell you that the above NORMAL questions, were pretty much non-existent, I'm telling the truth. I have a lot of experience in this industry, and I felt like I should have felt more confident coming out of this test. There were a couple of gimme's, that were really gimme's, but then from there, WOW. So I slowed down a whole lot more on this test, I flagged about 50 questions and went back to review those and really didn't change many of them at all. All I'm really trying to say is that having knowledge of asymmetric and symmetric encryption, knowing the OSI stack, knowing what Biba, Clark Wilson or Brewer and Nash, knowing networking and hops and link encryption, packet inspection, all the stuff that is readily available in either the Shon Harris book, or the new CBK seems to be a think of the past. Now they might just be using the current people as guinea pigs, like beads said, and I'm okay with that, because I might have passed. This was definitely a more thought provoking test, and memorizing EAL levels, OSI levels, etc just like I said above was really no help. Without saying exactly, there were tons of more scenario based questions that FORCED you to think outside the box. I'm pretty good at that so I'm thinking I might have done okay. Like you said it will all come out. I was just trying to give people a heads up. Not sure anybody can tell someone how to study for a scenario based question, you've never seen before, because they were all different scenarios, and some of them were really deep. I'd better not say anymore, I don't want to get myself in trouble, so I'd better stop. He can come back to me with what ever he's got, but until he takes the new test, as far as I'm concerned, he cannot tell me what my experience was. Can't wait to hear other people's experience who took the old test and then the new. Still kicking myself for making a 696 on the last go-around. One more correct question and I wouldn't be here.
-
mjsinhsv Member Posts: 167b/eads is "keepin it real". We need more members like him.
The test really needed a refresh.
I've seen posts in the past from folks who said all they did was memorize the sunflower and passed with no experience.
That really helps the profession and the validity of the cert.
I have a buddy who was in the Atlanta class last month who told me the ISC instructor informed them all that ISC is really pushing the experience level that will be required to pass the exam.
KUDOS to ISC for doing this.
Maybe there will be less CISSP's saying they have met other CISSP's who don't know sh1t. -
YouWill787 Member Posts: 20 ■□□□□□□□□□I'm beginning to think that part of the NDA for the CISSP is agreeing to scare the bejesus out of CISSP hopefuls via any means possible.
I'd like to preface this appropriately: I'm not taking a stance on any statement, but instead trying to spur conversation. I haven't taken the test before April 15th nor after. I'm one of the apparently unlucky ones who decided to really kick into gear on preparing to tackle this beast at a time that unfortunately put my testing time frame just far enough beyond the transition that attempting to rush my studying to make it before the changeover would have turned my ~$600 fee into more of a bet on the horse with the best payout and worst odds.
One thing I noticed is that it's not even 4 weeks past the changeover date so no one knows if they've passed yet. A lot of the posts I've read on the pre-April 15th test was that people felt extremely unprepared and were uneasy on their assurance that they were passing, in fact, many were sure they failed. Upon submitting the test and being handed their outcome, many passed despite their discomfort. Is it possible that the CISSP just has that effect on most people?
The other thing I've seen mentioned is how much more can even be added to the exam? I think that's a weird question, because I feel like a metric crap ton more could be added. A more accurate question might be, how much more material could be added to the CISSP exam while still remaining within the confines of what the certification embodies? They went from 10 domains to 8 domains but there were many statements that none of the material was dropped so still 10 domains of stuff, just in 8 domains, whatever, the domain names seem irrelevant to me. I figured originally that this would mean an update to material: know more about pentesting, know more about cloud computing, know more about mobile technology, etc,. I think the 4% ratio came from diffing the CBK 3rd and the CBK 4th and returning about 4% more material.
I post in peace.