Failed CISSP the other day.

destroy8383

I failed the CISSP the other day but here are some of my notes and takeaway's, hopefully it helps others preparing for the exam. Its a fast kind of sloppy write up, I will clear more details later...

My experience, 11 years in IT/IA security from assurance to cyber incident response. CEH, CASP, Sec+, ITIL, Server+

How I prepared, I started studying in OCT last year. Started with Skillport, I got sybrex 7th edition when it came out. Got through most of it by DEC, watching some cybrary videos. Work got really busy, I didn't keep up with a strong study effort. I picked back up in Jan and finished Sybrex. I got Conrads 3rd edition. I did many CCCUre questions, Sybrex online questions, reviewed 11th edition and the sunflower pdf the last few days before the test. I was averaging 75-80% on CCure.

I wasn't too confident in many answers on the test, I read the questions thoroughly and tried to pick them apart by the words it used and answer from that if I didn't know the answer. I thought like a manager, applied the CIA concepts to every questions. I flagged about 40 questions reviewed those and decided to go through the questions again I got to about question 200 and ended the test with 15 minutes left, I changed about 60 answers I think. I got a 640 with Sec Ops and Sec engineering being the top two domains.

My take away on why I failed is not understanding the concepts more, meaning not being able to just define a topic but being able to talk about it and explain in good detail to someone who might not know, like a CEO.

Tips I would say learned more about Cloud computing not just the definitions of Iaas,Paas,IDaas and Saas. I am frustrated how the test is written out with misspelling, incomplete sentences very vague gray area, open for a lot of interpretation. No excuses though I should of waited more time and studied more. English is definitely always been a weak academic subject of mine as you can tell by my writing lol. I will go for it again. I used this forum a lot to try and get a grasp and I knew to expect the un-expectable but it still wasn't what I thought.....

destroy8383

I didn't read my post, sorry for the all the spelling mistakes. I should of read it before posting.

TechGuru80

I didn't see any misspellings or incomplete sentences...actually that's the first time I've even heard that for this exam.

Changing 60 answers is definitely too many. Personally I didn't go back through anything not flagged because your first guess is usually better than second guessing.

It sounds like you might just need to do more practice questions and work on analyzing the answers.

Danielm7

Agree with TechGuru, if you're changing 60 answers that's way too much overthinking or you aren't comfortable enough with the material. I passed it a few weeks ago and don't remember any misspellings or incomplete sentences at all.

The downside is that you could have easily went against your first instinct on 60 questions, the plus side is that you're very close. Don't beat yourself up, study hard and you can do it.

No_Nerd

Go grab a scotch chug it down and attack CISSP again. If you changed 60 answers could it be that you were more nervous than anything ? I take mine next week. If I fail eh no big thing at least I felt confident enough to take the test, and the same goes for you. Run a few more practice tests and go at it again.

gespenstern

Didn't have any misspellings that I could have noticed on my exams. Good luck on your next attempt.

Mike7

destroy8383 wrote: »

I am frustrated how the test is written out with misspelling, incomplete sentences very vague gray area, open for a lot of interpretation.

I did not recall any misspelling when I took my CISSP exam. You probably find the questions vague because all the answers are correct and you need to select the BEST answer.

destroy8383 wrote: »

My take away on why I failed is not understanding the concepts more, meaning not being able to just define a topic but being able to talk about it and explain in good detail to someone who might not know, like a CEO.

This is the key takeaway. Understand the concepts well enough to be able to apply it and explain it to someone else.

You may also want to check http://www.techexams.net/forums/isc-sscp-cissp/117111-why-most-them-fail-cissp-exam.html

User2097

Do not wait too long. Pay the fees and pick a test date again. Passed CISSP the first time, but failed PMP the first time. Basically for PMP, scheduled a test date 30 days after and passed. What I mean is, don't give up and don't let too much time pass.

derocheb

Like everyone else I would say changing 60 answers is way to much. Also the fact that you caught misspellings is disturbing. Focus on the content not the spelling or misspellings. I reviewed all my questions prior to submitting, but I had plenty of time. I was reviewing them to ensure I answered every question not to decide whether or not to change my answer.

ecuison

How would you compare the CISSP to the CASP? Seeing that you said you are CASP, A Friend of main said the CASP is a very difficult exam.

bpenn

ecuison wrote: »

How would you compare the CISSP to the CASP? Seeing that you said you are CASP, A Friend of main said the CASP is a very difficult exam.

My boss failed the CASP twice. It is really difficult, or so I hear. Check out the CASP subsection as there is some good feedback there.

E Double U

destroy8383 wrote: »

I changed about 60 answers I think.

This probably sealed your fate. Your first mind is usually right. Better luck next time!

clarkincnet

Keep trying. When I took my exam there was several people there taking it for their second and third time. Don't give up.

Terminator X

When I took my CISSP, i had about 20 flagged but decided to just leave them alone. I found myself over thinking the first question I reviewed so decided to just let it ride. I agree with everyone when saying that the 60 flagged questions is were you probably went wrong. Good luck the next go round.

Dan-in-MD

"I wasn't too confident in many answers on the test, I read the questions thoroughly and tried to pick them apart by the words it used and answer from that if I didn't know the answer. I thought like a manager, applied the CIA concepts to every questions. I flagged about 40 questions reviewed those and decided to go through the questions again I got to about question 200 and ended the test with 15 minutes left, I changed about 60 answers I think. I got a 640 with Sec Ops and Sec engineering being the top two domains."

The CISSP is 250 questions. I assume ending the test at 200 is an error.

I think changing your answers did you in. I think I changed a couple and then said to myself--forget it--and ended it.

Katiusha

Sorry to hear about your exam. Definitely don't give up and take exam again once you feel you're ready.
I have not experienced any issues with actual questions on the exam (like grammar, incomplete questions, etc. that you mentioned in your post). In fact, I doubt that this can really be the case since the entire CISSP community contributes to the question pool, questions get reviewed thoroughly, and then they appear on the exams (but don't get graded; that's the reason we get 250 questions and only 225 get graded) until enough statistics are collected, and only then the decision is made of whether to keep these questions for the actual graded exam or not. My point is that misspellings and incomplete questions are highly unlikely to appear on the exam due to the high number of reviews before any question reaches the exam.

With this being said, I always suggest approaching CISSP exam from the critical-thinking standpoint. This exam is geared towards making right or "best" decisions in challenging situations. Sometimes, what seems to be the right decision may not even be one of the answer options, so it's the matter of using critical thinking to find the best option out of 4 (maybe not so good) options available.
Having good knowledge of the main security concepts is important, but I think that approaching the exam from critical thinking standpoint is critical. Sometimes, you may find using deductive reasoning helpful.

Also, in my experience with CISSP, some words in the questions (or answer choices) were red flags.. For example, if the answer choice includes words like "all" or "everything" that may indicate that the answer implies absolute values (and these are often impossible to achieve or unreasonable; again, depends on the question of course).

With all this, my point is that CISSP exam is about making decisions, and often, decisions have to be made based on critical thinking and not only overall knowledge of security. Hope this helps.

Katiusha

As for the practice tests, I personally didn't find any practice exams that closely reflect the actual CISSP exam experience (including CCCUre). Some of the practice exams are helpful for testing your technical and concept knowledge, but they hardly contain any situational questions that CISSP contains.
Plus, after taking practice exams over and over, you may simply "learn" the answers or get used to the ways the questions are asked, and therefore, get high scores. And this may be misleading. I found CCCUre practice exams be useful to refresh some networking concepts, for example, but it was quite far from preparing for CISSP exam.