CISSP Passing tips...
Worldstoughest
Registered Users Posts: 2 ■□□□□□□□□□
in SSCP
Managed to pass the CISSP on first attempt today.
Thought I'd share a few thoughts for others to consider:
• It's not as difficult as it could be. I expected a lot more technically challenging questions, there were few.
• Comments to it being an "inch deep, mile wide" exam are very true.
• Often the questions have two answers you can eliminate immediately. i.e. They are obviously out of context.
• I found myself stumped by about 10 questions in total. A further 40 or so I was not confident about, but remainder were pretty clear cut.
• A higher volume of questions on BCP/DR, Cloud and web security than I was expecting.
• Few questions on encryption.
Ultimately, it was not the complex monster I was fearing. Suffice to say, I over studied.
Key recommendations would be to utilise Eric Conrad's CISSP study guide - by far the best text I used. The official ISC2 book and Shon Harris's publication are too detailed.
Also, leverage the excellent practice tests at www.freepracticetests.org - well worth the small investment for access.
I do have the good fortune of working 18 years in IT. This allowed me a familiarity with most concepts the exam covered. I studied intensely (6-8 hours per week) for about 5 weeks prior. But in retrospect, I over did it.
To anyone reading this concerned if they are ready to sit:
• Read the glossary of your preferred text and if MOST terms are familiar to you you're in good standing
• I averaged about 70-80% on practice exams I sat, occasionally bombing badly (50-60%). If you're doing similar you're likely ready.
And finally, remember it is a management exam - the focus is breadth not depth.
Good luck!
Thought I'd share a few thoughts for others to consider:
• It's not as difficult as it could be. I expected a lot more technically challenging questions, there were few.
• Comments to it being an "inch deep, mile wide" exam are very true.
• Often the questions have two answers you can eliminate immediately. i.e. They are obviously out of context.
• I found myself stumped by about 10 questions in total. A further 40 or so I was not confident about, but remainder were pretty clear cut.
• A higher volume of questions on BCP/DR, Cloud and web security than I was expecting.
• Few questions on encryption.
Ultimately, it was not the complex monster I was fearing. Suffice to say, I over studied.
Key recommendations would be to utilise Eric Conrad's CISSP study guide - by far the best text I used. The official ISC2 book and Shon Harris's publication are too detailed.
Also, leverage the excellent practice tests at www.freepracticetests.org - well worth the small investment for access.
I do have the good fortune of working 18 years in IT. This allowed me a familiarity with most concepts the exam covered. I studied intensely (6-8 hours per week) for about 5 weeks prior. But in retrospect, I over did it.
To anyone reading this concerned if they are ready to sit:
• Read the glossary of your preferred text and if MOST terms are familiar to you you're in good standing
• I averaged about 70-80% on practice exams I sat, occasionally bombing badly (50-60%). If you're doing similar you're likely ready.
And finally, remember it is a management exam - the focus is breadth not depth.
Good luck!
Comments
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
I used the CISSP Study Guide 2nd edition.
I had concerns about the new CBK and the fact this book wouldn't cover the new content.
As far as I could tell - the only new CBK content on the exam, not covered in the book, was related to Cloud Service Providers. There were maybe 2-3 questions in this regard.
Good luck all
On another note, can anyone tell me which one of the three - CISSP, CRISC, or the CISM I should take first. I'd like to take them all, but in a manner that builds on one another reducing the amount of time I have to study for each.
Really depends on your experience and goals... The CISSP 1st in my opinion it is a holistic certification vs the specialization of the CRISC and CISM. I took CISSP 1st then CRISC, may do CGEIT and a couple of others before doing the CISM. With the CISM you have to have 5 years of InfoSec Management experience.