Passed - Somehow

JebjebJebjeb Member Posts: 83 ■■□□□□□□□□
So never posted, but thought I'd share what worked for me.

I passed this morning.. somehow.Studied for 6 weeks, but have 20 years of misc experience. Not much for reviewing but I speed read so I finished in 2 hrs flat. The test was challenging. Its not like people say "its nothing like anything you have prepared for. Its exactly like you prepare for, strangely enough after all the mnemonics and acronyms, none of them were were useful. Did a data **** on the dry erase paper and then never looked at it. Marked about 20 for review, but only changed 2. I was not sure if I'd pass or not when I hit Grade.

Didn't have a single question from the new formats. And only had about 3 scenarios questions each with a couple questions based on it. Very few questions came up on a similar answer twice. Maybe a handful from the new subject material, but every one helps. DON'T ignore the new stuff. Didn't really need to know any ISO #s except one, and no defined steps of plans. It definitely focused on applied knowledge and understanding.

Here's some of the resources I used, and I scoured the web for Summary sheets. Google is your friend.

AIO 6 - Shon. - Good but verbose
Eric Conrads 11th Hour - easy to read, but not in depth for a single study guide.

the New ISC V4 book is really nice, highlighted the new subject material, didn't get it till the last minute Wish I had gotten it earlier.

I did alot(4-5k) of questions from multiple engines online, skillset the AIO questions, Eric Conrads, etc.. repetition and learnign to read a question is key.

Eric Conrads: Elsevier: conrad: CISSP Study Guide Practice Exams

Shon Harris/McGrew : McGraw-Hill Education | CISSP Practice Exams

Skillset : https://www.skillset.com/

Random : Test http://opensecuritytraining.info/CISSP-Main_files/CISSP_CBK_Final_Exam_v5.5.pdf
Answers: http://opensecuritytraining.info/CISSP-Main_files/CISSP_CBK_Final_Exam-Answers_v5.5.pdf


Heres some other links to Summary sheets

https://cccure.training/m/articles/view/Cram-Study-Guide-for-the-CISSP-Exam

Has 3 of them, including the Sunflower one

http://www.techexams.net/forums/isc-sscp-cissp/102723-passed-cissp-yesterday.html

The Cissp Combined notes On this site a very nice one.

https://www.gypthecat.com/isc2-cissp-revision-notes-study-and-exam-tips

Random Notes

I also made one from the quick tips, from the Shon Harris one, but thats copyrighted

Heres a list of the newish material in the CBK, courtesy of new ISC2 Book
http://www.amazon.com/Official-Guide-CISSP-Fourth-Edition/dp/1482262754


Within the Security and Risk Management domain
Compliance
Data Breaches
Conducting a Business Impact Analysis (BIA)
Implementation
Continuous improvement
Threat Modeling
Determining potential attacks
Performing a Reduction Analysis
Technologies and processes used to remediate threats
Integrating security risk considerations into acquisitions strategy and
practice
Third-Party assessments
Minimum security requirements
Service-Level requirements
Appropriate levels of awareness, training, and education within an
organization
Periodic reviews for content relevancy


Within the Asset Security domain
Data owners
Data processes
Data Remanence
Baselines
Scoping and tailoring
Standards selection


Within the Security Engineering domain
Implementing and managing an engineering lifecycle using security
design principles
Large scale parallel data systems
Cryptographic systems
Assessing and mitigating vulnerabilities in mobile systems
Embedded devices and cyber-physical systems
Data Rights Management (DRM)
Designing and implementing facility security
Wiring closets


Within the Communications and Network Security domain
Converged protocols
Software defined networks
Content distribution networks
Physical devices
Virtualized networks


Within the Identity and Access Management domain
Controlling physical and logical access to assets
Registration and proof of identity
Credential management systems
Integrating Identity as a Service
Integrating third-party identity services
Preventing or mitigating access control attacks


Within the Security Assessment and Testing domain
Assessment and testing strategies
Security control testing
Log reviews
Code review and testing
Negative testing
Misuse case testing
Test coverage analysis
Interface testing
Collecting security process data
Account management
Management review
Key performance and risk indicators
Analyzing and reporting test output


Within the Security Operations domain
Understanding the requirements for various investigation types
Operational
Criminal
Civil
Regulatory
Electronic Discovery (eDiscovery)
Continuous monitoring
Egress monitoring
Securing the provisioning of resources
Configuration Management
Physical assets
Virtual assets
Cloud assets
Application provisioning
Service Level Agreements (SLA)
Hardware and Software asset management
Mitigation
Lessons learned
Whitelisting/Blacklisting
Third-Party security services
Sandboxing
Honeypots/Honeynets
Antimalware
Testing a Disaster Recovery Plan
Read through
Walk through
Simulation
Parallel
Full interruption


Within the Software Development Security domain
Integrated product teams
Code repositories
Application Program Interfaces (APIs)
Acceptance testing
Assessing software acquisition security

Good Luck, not to finish my endorsement paperwork.

Comments

  • @bh!4u@bh!4u Member Posts: 12 ■□□□□□□□□□
    Congrats on the Pass ! Thanks for your wonderful details in the post. Appreciate the effort to compile the stuff and share .
  • fuz1onfuz1on Member Posts: 961 ■■■■□□□□□□
    Congrats! Great cert to achieve!
    timku.com(puter) | ProHacker.Co(nsultant) | ITaaS.Co(nstultant) | ThePenTester.net | @fuz1on
    Transmosis | http://transmosis.com | LinkedIn | https://linkedin.com/in/t1mku
    If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
    The only real failure in life is not to be true to the best one knows. - Buddha
    If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown
  • Sam_aquaSam_aqua Member Posts: 72 ■■□□□□□□□□
    Congrats Jebjeb on the pass ...

    You mentioned - Didn't have a single question from the new formats ?

    So that would mean - Not to worry about 4th Edition Official guide new contents , right ?

    Pls clarify.

    Cheers
    Sam
  • JebjebJebjeb Member Posts: 83 ■■□□□□□□□□
    I'm sorry, I meant the Hotspot or the drag and drop style (list), and actually had no pick 2+ answers, all were single answer multiple choice. I had up to 10 maybe from the new material. But you also can't tell which 25 don't count, there evaluated as future questions.
  • sesha437sesha437 Member Posts: 48 ■■□□□□□□□□
    Congratulations !!!!!!
    Compare to Shon Harris questions in book or MH website or her practice questions book, how tough the questions in exam?

    Thanks!!!!
  • veronica321veronica321 Member Posts: 10 ■□□□□□□□□□
    @sesha437

    Had cissp exam couple of days back. More of transcender type questions. Q phrasing is tricky and found hard to get the meaning.
  • JebjebJebjeb Member Posts: 83 ■■□□□□□□□□
    Most of the questions are very similar to the 2 test sets you mentioned, the difference is in the answers. The answers are often similar to each but use different terminology, often confusingly phrased. There also were at least 5 questions that were very technical but obscure. Not things I saw covered at that depth in any study material.
  • g33k3rg33k3r Member Posts: 249 ■■□□□□□□□□
    Congrats and thanks for the insight!
  • kukkukukku Member Posts: 130 ■■□□□□□□□□
    Congrats...!!!
  • ArlixArlix Member Posts: 12 ■□□□□□□□□□
    Nice one, thanks for the information :)
  • lmoworldlmoworld Member Posts: 124 ■■■□□□□□□□
    Definitely useful information. Thanks for sharing.
  • freedom777freedom777 Junior Member: A+, MCSE, CCNA, CCNP, CISSP, CCSP, AWS CSAA, AWS SysOps Member Posts: 32 ■■■□□□□□□□
    Congrats and thanks for sharing your experience.
  • greg9891greg9891 Member Posts: 1,175 ■■■■■■■□□□
    Congrats
    Certs Gained 2018: CCENT ,210-255 ( Cyber Security Operations)
    Upcoming: ICND2, CTT, 210-250 (Cyber Security Fundamentals)

    Isaiah 28:10 - For precept must be upon precept, precept upon precept; line upon line; here a little, and there a little.
  • JebjebJebjeb Member Posts: 83 ■■□□□□□□□□
    Thank you all. I received the Endorsement approval today. Sent the paperwork in on a Friday, received the receipt acknowledgment on Monday, and 12 days later I just received the Congratulations letter. So just under 2 weeks turn around.
Sign In or Register to comment.