Should I test now or wait CISSP
I'm planning on relocating in 3 weeks at the earliest just waiting on a background check to clear, but I'm basically wanting an opinion on if I should test before I move or wait till I get settled in the new location. I'm kind of worried about waiting as I might lose some momentum with all the things that come with moving. I've been studying for strictly the CISSP since Nov 25 2015 and wouldn't test till Jan 22 at the earliest. I passed the CEH in July 2015 and then went directly into OSCP then directly into CISSP so I didn't start cold with CISSP prep.
CISSP prep
Sys admin / Network Admin 10 + years
Masters in Information Technology
Completed CBT nugget videos
50 percent of the AIO Shon Harris
500 questions pocket prep
500 question CCURE
Currently listening to Shon Harris MP3's during commute
Planning to read the 11th hour a week prior to testing
Please share your opinions on if I should attempt the exam if I only have 3 more weeks to study or if it would be best to wait.
CISSP prep
Sys admin / Network Admin 10 + years
Masters in Information Technology
Completed CBT nugget videos
50 percent of the AIO Shon Harris
500 questions pocket prep
500 question CCURE
Currently listening to Shon Harris MP3's during commute
Planning to read the 11th hour a week prior to testing
Please share your opinions on if I should attempt the exam if I only have 3 more weeks to study or if it would be best to wait.
Comments
Hello Vonn,
I've reach your question carefully, and here is my analysis and feedback if it helps:
1. Having good practical networking background is great, but my question is: have you been into a Managerial position before? The reason I am asking this because CISSP certificate is a certificate to prove you are a Manager and have the talent to think like a Manager. If I had 10+ years experience in network admin job, this means my "Mindset" is more towards technical than a Manager who manages staff and making "Managerial Decisions". Although this is excellent experience in the real-life, but when it comes to sit your CISSP exam, this 10+ years can be your worst enemy. Please read this example which I explained in my post earlier in this forum:
If you have not been a Manager, then pick up the answer That Your Manager Would Pick Up
So for example, I am making up this question to explain this point:
Q/ What is the BEST approach to increase security in your organisation:
A- Install Bio-metric for physical access control.
B- Install Bio-metric for physical access control and Firewall/IDS/IPS for the logical access control.
C- Install Bio-metric for logical access control and Firewall/IDS/IPS for the physical access control.
D- Apply Defense in Depth.
Analysis:
======
(A) is one example of Physical Access Control.
(B) is one example of Physical Access Control and three examples of Logical Access Control... which looks right, innit?
(C) mmmm... this is a tricky one, because the examples in (B) are the same here BUT the the examples do NOT match the access control types. So this option (C) is trying to confuse me with the possible Right answer which is definitely (B)?? Maybe?
(D) mmmmm... this is tooooo short to be a good answer!! And what the heck is "Defense in Depth" anyway??!! Nah forget it... the right answer is absolutely (B)!! It stands as a good TECHNICAL ANSWER and MY PAST EXPERIENCE matches this way of thinking... Bio-metric physical access control is heaven for me! and Firewall/IDS/IPS is super right answer for ANY organisation, is it not!! ..... so I will go for (B)
You know what, you are WRONG!
Did you read the question? Again? And Again? Did you notice the Keyword "BEST"?
The Correct answer is the BEST answer you choose as a MANAGER... which is here (D) : Defense in Depth !
The concept of "Defense in Depth" is the answer that a Manager would choose. Because it implies all the physical & logical examples mentioned in (B) BUT not only this, it covers all the three main controls in CISSP: Physical + Logical + Administrative.
2- In the CISSP Prep list, you rely heavily on Shon Harris (RIP Shon!). The bad news is: Shon's study materials are "Out of Date" for the new exam. I am not referring only to the new 8 domains versus the old 10 domains which anyone can argue that they are the same contents, but I am strictly referring to the "Fact" that ISC2 have shifted their focus in the CISSP exams towards the New Fashion of Security which was delivered in the SYBEX 7th Edition book. The new fashion security, in addition to being managerial strategic security mindset not technical, it is more focused on concepts like "Advanced Persistent Threat (APT)", Zero-day attacks, mobile security, data security on cloud computing, configuration management for proactive defense. You will NOT find such topics fully explained in Shon's study materials (books or practice tests).
3- To pass the CISSP exam, you need to read the Sybex 7th Edition book (cover to cover) and practice all its practice questions in the end of each chapter.
4- Having practice only 500 questions from the CCCure practice tests are simply not enough. You need to do ALL questions (they are 1800+ questions). You may skip techy questions on the Orange Book because they are removed from the exam.
Finally, it is important to set a deadline for yourself to sit the exam. But without considering the above and just sitting the exam will mean a high risk of failing the exam. If -God forbid- you failed the exam, you will have to wait 30 days until you can sit your second attempt. So my advice is to prepare well and manage your revision time to cover the above and when you are ready book the exam.
Trust me, failing this exam does hurt
Hopefully this was helpful
All the best mate.
Lion is exaggerating things, there is no one book that will help you pass. Everyone has different experiences. He being too nevagtive. Just go to the exam with a positive attitude.
I was advising that this exam needs preparation. It is not a matter of being too negative or too positive. We are security experts and our "religion" is Risk Management. CISSP exam is not shopping! Either you pass or fail. If your Risk Analysis tells you it is okay to have Risk Acceptance of possible failing then go for it. Maybe you are okay seeing how the exam looks like regardless the result? Why not giving it a go.
But my approach after I failed the first attempt was a big blame to myself why didn't I prepare well before spending money on "giving it a go".. However everyone of us is free to make their own decision, we are professionals. In the end, this forum is for giving different opinions and sharing our own experience, leaving it to new comers to make their own decisions of how they want to plan their journey.
You and I dear TheFORCE have passed it already, so let's share our experience and let the candidates follow their gut-feeling
Good luck to you Vonn and I apologise if I sounded "too negative"!
I have not given the exam yet, but I like the Sybex 7th edition.
It looks like you guys have a difference of opinion in this thread, but a healthy and respective discussion does not hurt anyone.
Thank you harrym and I fully agree with you about having a healthy and respective discussion to express opinions. In the end, we all come here with good intention to help each other
I will definitely take a look at the Sybex book as well as some of the concepts lion007 mentioned are not touched in the AIO.
McGraw-Hill Education | CISSP Practice Exams
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GCWN | Linux+
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops
CWTS, then WireShark
Congrats...
Can you post your comments about Sybex 7th edition and how this book help your exam..
Was it worth taking
The Ceh beforehand