Passed - Somehow
So never posted, but thought I'd share what worked for me.
I passed this morning.. somehow.Studied for 6 weeks, but have 20 years of misc experience. Not much for reviewing but I speed read so I finished in 2 hrs flat. The test was challenging. Its not like people say "its nothing like anything you have prepared for. Its exactly like you prepare for, strangely enough after all the mnemonics and acronyms, none of them were were useful. Did a data **** on the dry erase paper and then never looked at it. Marked about 20 for review, but only changed 2. I was not sure if I'd pass or not when I hit Grade.
Didn't have a single question from the new formats. And only had about 3 scenarios questions each with a couple questions based on it. Very few questions came up on a similar answer twice. Maybe a handful from the new subject material, but every one helps. DON'T ignore the new stuff. Didn't really need to know any ISO #s except one, and no defined steps of plans. It definitely focused on applied knowledge and understanding.
Here's some of the resources I used, and I scoured the web for Summary sheets. Google is your friend.
AIO 6 - Shon. - Good but verbose
Eric Conrads 11th Hour - easy to read, but not in depth for a single study guide.
the New ISC V4 book is really nice, highlighted the new subject material, didn't get it till the last minute Wish I had gotten it earlier.
I did alot(4-5k) of questions from multiple engines online, skillset the AIO questions, Eric Conrads, etc.. repetition and learnign to read a question is key.
Eric Conrads: Elsevier: conrad: CISSP Study Guide Practice Exams
Shon Harris/McGrew : McGraw-Hill Education | CISSP Practice Exams
Skillset : https://www.skillset.com/
Random : Test http://opensecuritytraining.info/CISSP-Main_files/CISSP_CBK_Final_Exam_v5.5.pdf
Answers: http://opensecuritytraining.info/CISSP-Main_files/CISSP_CBK_Final_Exam-Answers_v5.5.pdf
Heres some other links to Summary sheets
https://cccure.training/m/articles/view/Cram-Study-Guide-for-the-CISSP-Exam
Has 3 of them, including the Sunflower one
http://www.techexams.net/forums/isc-sscp-cissp/102723-passed-cissp-yesterday.html
The Cissp Combined notes On this site a very nice one.
https://www.gypthecat.com/isc2-cissp-revision-notes-study-and-exam-tips
Random Notes
I also made one from the quick tips, from the Shon Harris one, but thats copyrighted
Heres a list of the newish material in the CBK, courtesy of new ISC2 Book
http://www.amazon.com/Official-Guide-CISSP-Fourth-Edition/dp/1482262754
Within the Security and Risk Management domain
Compliance
Data Breaches
Conducting a Business Impact Analysis (BIA)
Implementation
Continuous improvement
Threat Modeling
Determining potential attacks
Performing a Reduction Analysis
Technologies and processes used to remediate threats
Integrating security risk considerations into acquisitions strategy and
practice
Third-Party assessments
Minimum security requirements
Service-Level requirements
Appropriate levels of awareness, training, and education within an
organization
Periodic reviews for content relevancy
Within the Asset Security domain
Data owners
Data processes
Data Remanence
Baselines
Scoping and tailoring
Standards selection
Within the Security Engineering domain
Implementing and managing an engineering lifecycle using security
design principles
Large scale parallel data systems
Cryptographic systems
Assessing and mitigating vulnerabilities in mobile systems
Embedded devices and cyber-physical systems
Data Rights Management (DRM)
Designing and implementing facility security
Wiring closets
Within the Communications and Network Security domain
Converged protocols
Software defined networks
Content distribution networks
Physical devices
Virtualized networks
Within the Identity and Access Management domain
Controlling physical and logical access to assets
Registration and proof of identity
Credential management systems
Integrating Identity as a Service
Integrating third-party identity services
Preventing or mitigating access control attacks
Within the Security Assessment and Testing domain
Assessment and testing strategies
Security control testing
Log reviews
Code review and testing
Negative testing
Misuse case testing
Test coverage analysis
Interface testing
Collecting security process data
Account management
Management review
Key performance and risk indicators
Analyzing and reporting test output
Within the Security Operations domain
Understanding the requirements for various investigation types
Operational
Criminal
Civil
Regulatory
Electronic Discovery (eDiscovery)
Continuous monitoring
Egress monitoring
Securing the provisioning of resources
Configuration Management
Physical assets
Virtual assets
Cloud assets
Application provisioning
Service Level Agreements (SLA)
Hardware and Software asset management
Mitigation
Lessons learned
Whitelisting/Blacklisting
Third-Party security services
Sandboxing
Honeypots/Honeynets
Antimalware
Testing a Disaster Recovery Plan
Read through
Walk through
Simulation
Parallel
Full interruption
Within the Software Development Security domain
Integrated product teams
Code repositories
Application Program Interfaces (APIs)
Acceptance testing
Assessing software acquisition security
Good Luck, not to finish my endorsement paperwork.
I passed this morning.. somehow.Studied for 6 weeks, but have 20 years of misc experience. Not much for reviewing but I speed read so I finished in 2 hrs flat. The test was challenging. Its not like people say "its nothing like anything you have prepared for. Its exactly like you prepare for, strangely enough after all the mnemonics and acronyms, none of them were were useful. Did a data **** on the dry erase paper and then never looked at it. Marked about 20 for review, but only changed 2. I was not sure if I'd pass or not when I hit Grade.
Didn't have a single question from the new formats. And only had about 3 scenarios questions each with a couple questions based on it. Very few questions came up on a similar answer twice. Maybe a handful from the new subject material, but every one helps. DON'T ignore the new stuff. Didn't really need to know any ISO #s except one, and no defined steps of plans. It definitely focused on applied knowledge and understanding.
Here's some of the resources I used, and I scoured the web for Summary sheets. Google is your friend.
AIO 6 - Shon. - Good but verbose
Eric Conrads 11th Hour - easy to read, but not in depth for a single study guide.
the New ISC V4 book is really nice, highlighted the new subject material, didn't get it till the last minute Wish I had gotten it earlier.
I did alot(4-5k) of questions from multiple engines online, skillset the AIO questions, Eric Conrads, etc.. repetition and learnign to read a question is key.
Eric Conrads: Elsevier: conrad: CISSP Study Guide Practice Exams
Shon Harris/McGrew : McGraw-Hill Education | CISSP Practice Exams
Skillset : https://www.skillset.com/
Random : Test http://opensecuritytraining.info/CISSP-Main_files/CISSP_CBK_Final_Exam_v5.5.pdf
Answers: http://opensecuritytraining.info/CISSP-Main_files/CISSP_CBK_Final_Exam-Answers_v5.5.pdf
Heres some other links to Summary sheets
https://cccure.training/m/articles/view/Cram-Study-Guide-for-the-CISSP-Exam
Has 3 of them, including the Sunflower one
http://www.techexams.net/forums/isc-sscp-cissp/102723-passed-cissp-yesterday.html
The Cissp Combined notes On this site a very nice one.
https://www.gypthecat.com/isc2-cissp-revision-notes-study-and-exam-tips
Random Notes
I also made one from the quick tips, from the Shon Harris one, but thats copyrighted
Heres a list of the newish material in the CBK, courtesy of new ISC2 Book
http://www.amazon.com/Official-Guide-CISSP-Fourth-Edition/dp/1482262754
Within the Security and Risk Management domain
Compliance
Data Breaches
Conducting a Business Impact Analysis (BIA)
Implementation
Continuous improvement
Threat Modeling
Determining potential attacks
Performing a Reduction Analysis
Technologies and processes used to remediate threats
Integrating security risk considerations into acquisitions strategy and
practice
Third-Party assessments
Minimum security requirements
Service-Level requirements
Appropriate levels of awareness, training, and education within an
organization
Periodic reviews for content relevancy
Within the Asset Security domain
Data owners
Data processes
Data Remanence
Baselines
Scoping and tailoring
Standards selection
Within the Security Engineering domain
Implementing and managing an engineering lifecycle using security
design principles
Large scale parallel data systems
Cryptographic systems
Assessing and mitigating vulnerabilities in mobile systems
Embedded devices and cyber-physical systems
Data Rights Management (DRM)
Designing and implementing facility security
Wiring closets
Within the Communications and Network Security domain
Converged protocols
Software defined networks
Content distribution networks
Physical devices
Virtualized networks
Within the Identity and Access Management domain
Controlling physical and logical access to assets
Registration and proof of identity
Credential management systems
Integrating Identity as a Service
Integrating third-party identity services
Preventing or mitigating access control attacks
Within the Security Assessment and Testing domain
Assessment and testing strategies
Security control testing
Log reviews
Code review and testing
Negative testing
Misuse case testing
Test coverage analysis
Interface testing
Collecting security process data
Account management
Management review
Key performance and risk indicators
Analyzing and reporting test output
Within the Security Operations domain
Understanding the requirements for various investigation types
Operational
Criminal
Civil
Regulatory
Electronic Discovery (eDiscovery)
Continuous monitoring
Egress monitoring
Securing the provisioning of resources
Configuration Management
Physical assets
Virtual assets
Cloud assets
Application provisioning
Service Level Agreements (SLA)
Hardware and Software asset management
Mitigation
Lessons learned
Whitelisting/Blacklisting
Third-Party security services
Sandboxing
Honeypots/Honeynets
Antimalware
Testing a Disaster Recovery Plan
Read through
Walk through
Simulation
Parallel
Full interruption
Within the Software Development Security domain
Integrated product teams
Code repositories
Application Program Interfaces (APIs)
Acceptance testing
Assessing software acquisition security
Good Luck, not to finish my endorsement paperwork.
Comments
-
@bh!4u Member Posts: 12 ■□□□□□□□□□Congrats on the Pass ! Thanks for your wonderful details in the post. Appreciate the effort to compile the stuff and share .
-
fuz1on Member Posts: 961 ■■■■□□□□□□Congrats! Great cert to achieve!timku.com(puter) | ProHacker.Co(nsultant) | ITaaS.Co(nstultant) | ThePenTester.net | @fuz1on
Transmosis | http://transmosis.com | LinkedIn | https://linkedin.com/in/t1mku
If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
The only real failure in life is not to be true to the best one knows. - Buddha
If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown -
Sam_aqua Member Posts: 72 ■■□□□□□□□□Congrats Jebjeb on the pass ...
You mentioned - Didn't have a single question from the new formats ?
So that would mean - Not to worry about 4th Edition Official guide new contents , right ?
Pls clarify.
Cheers
Sam -
Jebjeb Member Posts: 83 ■■■□□□□□□□I'm sorry, I meant the Hotspot or the drag and drop style (list), and actually had no pick 2+ answers, all were single answer multiple choice. I had up to 10 maybe from the new material. But you also can't tell which 25 don't count, there evaluated as future questions.
-
sesha437 Member Posts: 48 ■■■□□□□□□□Congratulations !!!!!!
Compare to Shon Harris questions in book or MH website or her practice questions book, how tough the questions in exam?
Thanks!!!! -
veronica321 Member Posts: 10 ■□□□□□□□□□@sesha437
Had cissp exam couple of days back. More of transcender type questions. Q phrasing is tricky and found hard to get the meaning. -
Jebjeb Member Posts: 83 ■■■□□□□□□□Most of the questions are very similar to the 2 test sets you mentioned, the difference is in the answers. The answers are often similar to each but use different terminology, often confusingly phrased. There also were at least 5 questions that were very technical but obscure. Not things I saw covered at that depth in any study material.
-
greg9891 Member Posts: 1,189 ■■■■■■■□□□Congrats:
Upcoming Certs: VCA-DCV 7.0, VCP-DCV 7.0, Oracle Database 1Z0-071, PMP, Server +, CCNP
Proverbs 6:6-11Go to the ant, you sluggard! Consider her ways and be wise, Which, having no captain, Overseer or ruler, Provides her supplies in the summer, And gathers her food in the harvest. How long will you slumber, O sluggard?
When will you rise from your sleep? A little sleep, a little slumber, A little folding of the hands to sleep, So shall your poverty come on you like a prowler And your need like an armed man. -
Jebjeb Member Posts: 83 ■■■□□□□□□□Thank you all. I received the Endorsement approval today. Sent the paperwork in on a Friday, received the receipt acknowledgment on Monday, and 12 days later I just received the Congratulations letter. So just under 2 weeks turn around.