Sybex 7th Edition - Dry For Anyone Else? Losing My Confidence!

Hello,

I plan to tackle the CISSP with a total of 1 month (or less if possible) of study. I did the Cybrary videos last week. After the video series my confidence was through the roof as I thought "Hey, this exam doesn't seem that bad at all!" Granted I took the CEH in September 2015 so that covers over half of the domains so it is kind of like review.

I started reading the Sybex 7th Edition this past Saturday night. Since I have read that the first domain should be a higher focus for the exam and it is an area I do not know much about I took my time and really focused on it.

However, now I am on Chapter 8 which covers Security Models. My brain is simply overwhelmed here! No way can I fully memorize all of these various models and know there principles/key words. I have the general conceptual ideas of Clark-Wilson, Biba and Bell-LaPadula and what environments they are typically used. Should I really spend the time memorizing all of it?

Also, math is one of my biggest weaknesses. Chapter 7 that covers some of the algorithms of the encryption and formulas was overwhelming for me. I understand how the encryption work clearly and do plan to memorize the block size hash length/key size etc.

Is it me, or is this Sybex book pretty dry? I really have to fully focus and use all my will power to get through it especially Chapter 7 and 8. The first 5 chapters I flew through it seemed. Anyways, regardless my goal is finish this book by Sunday night if possible. Then I will go over the summaries/exam essentials for each chapter and start practice exams using Sybex, McGraw Hill and CCCure. Studying the parts for questions I got wrong on to help reinforce my weak areas.

Just had to make a rant. Appreciate any feedback.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

ZzBloopzZ

Did a 250 question Pro level exam with CCCure and scored 73%. I tried my best, and treated it like a real exam. Disappointed in my score. There were quite a few terms I have never even heard about before. It took me 3.5 hours to get through it as I acted as if it were a "real" exam and only took 2 breaks for bathroom/pee.

My brain is dead but after dinner I plan to look at all the flagged questions and wrong questions and read the summary. I plan to take a "250" question exam everyday until this Sunday. Tomorrow I will do Sybex Exam #2, then Wednesday will be another CCCure 250 and just keep rotating. At night I may squeeze in mini 25-50 question CCCure's.

Progress Notes:

The things that I am proud about today is that I fully memorized the following: Various Security Models (ie: Biba, Bell–LaPadula)... if you recall this is the chapter I wanted to give up on the book as I did not understand any of it. I spent several hours today reading it all and making my own notes for each model. This helped me really truly understand them. Also, memorized the most common port numbers, PDU's of OSI layer, the various logic functions like XOR, AND, OR and SW-CMM/IDEAL and what happens in every step.

Edit: I just remember Kelly from Cybrary mentioning not to use Pro mode for CCCure since it is too technical compared to real exam. She suggests to use one level below which is "Hard" mode. I think I may start doing this since there were lots of technical questions and not enough on concepts.

Edit: Just took Sybex Exam #2. I felt much more confident/comfortable on this one compared to Exam 1 that I took few days ago. However, only 1% increase in score to 79.60% LOL! Def still areas I need to focus on... more on the exact steps for certain policies. Will go through results after dinner and study tonight what I am lacking. Then tomorrow will be 250 CCCure question test.

mark007

The whole CISSP books are dry and i got lost in some chapters after few hours. some of the books are over 1000 pages.....gosh! afraid of skipping any page as that could be where the question will be from! just finished the CBK 7th Ed. now on Shon Harris All in one...........next, Cybrary videos, next , 11th Hour, next online free practice .., Next visit a clairvoyant to ask if am ready for the exam.....hehehehh

Seab

mark007 wrote: »

Next visit a clairvoyant to ask if am ready for the exam.....hehehehh

That's probably the only way to know for sure

- Really, I think if you score consistently 85% at different kind of exams, you are good to go. Well this is what I try to achieve at the moment. I am doing 75% and want to close the gap asap. I realised that I am reading and doing the exam, taking notes, but I didn't really reviewed my notes to remember theory properly, that's probably my biggest issue.

ZzBloopzZ, about the CCCure question, try to keep it PRO if you can. I think it is better to score 75% at pro than 85% at Hard. I can be wrong, but I would not practice only Hard questions before the exam. Just my opinion.. And doing one full exam per day, are you crazy!? Let your brain breathe as well

Don't lose the scope of the forest, not only the trees. :P

Good luck mate!

ilikeshells

What is the website for the CCCure testing database everyone is using? What I found looked...questionable...so I want to make sure I'm looking at the right site.

ZzBloopzZ

ilikeshells wrote: »

What is the website for the CCCure testing database everyone is using? What I found looked...questionable...so I want to make sure I'm looking at the right site.

https://www.freepracticetests.org/

I finished reviewing my first 250 question test during lunch today. I must say I really like the test engine now. It has CLEAR summary of why the answer is correct aka why you got the answer wrong. It is like a study companion. I have already found several things that Sybex book did not cover such as more details on IPSec, Different Types of Testing for Software like unit testing, methods of AV software like Immunizing, Crime Prevention Through Environmental Design etc. Coolest thing is, that they quickly summarize those concepts so you don't need to refer to a book. Best of all the website works great on my ipad so I can be more relaxed when reviewing questions. I do take the test on computer to get used to sitting at a desk for such extended periods of time which is hard for me because few years back I was slowly developing carpal tunnel so I have a habit to leave my desk every 60-90 minutes since then.

They should change the T-Pain song lyrics from "I'm N luv with a stripper" to "I'm N luv with CCCure" Yep, as you can see I am loving CCCure. Now I see why it is recommended so much! I don't have the time like others to use all these different test engines. Sybex and CCCure is enough for me. I doubt I will be able to even finish all 1857 CISSP 2015 questions from CCCure. My goal is to at least do half of them. The point of practice exams is to identify your weaknesses anyways and to build your endurance for a 6 hour 250 question exam. I am doing one 250 question exam a day while pretending it's the real thing.

Today Accomplishments so far:

I realized how weak my knowledge is about the different types of evidence used in law thanks to the CCCure exam last night. I spent an entire solid hour memorizing and finding examples of the different types such as Real Evidence, Testimony, What 3 things requirements for evidence to be admissible. Then I found this tip on reddit.. I spoke out loud as if I am teaching someone all of this. This helped me remember/understand it even better. So, now I am going to be even more crazy by talking loudly to myself. Just need 16 cats and at the very least I could be remembered as the crazy neighbor.

I also took notes on the small tidbits that I got wrong from last night's exam and then researched slightly more into them. Even though it is clearly stated in the Sybex book... I missed that TCSEC is also known as the orange book. Interestingly, on CCCure exam it said not to bother memorizing all the steps. It is hardly ever on the exams anymore since TCSEC is replaced by CC for many years now. That makes sense since I have read a few posts where they said there were not detailed questions or even any questions at all about TCSEC. I rather use my limited memory, time on other topics such as SDLC.

ZzBloopzZ

Progress Report:

I had a great conversation last night with my cousin whom is a CISO. Long story short, he helped me realize that I need to re-adjust my strategy. I have done enough practice exams for the time being (over 1000 questions across Sybex and CCCure). My weakest domain are: Software Development Security, Security and Risk Management, and then Identity and Access Management. Of course, according to CCCure, Kelly @ Cybrary and my cousin those are definitely in the top 4 most testable/likely to be on test domains.

Turns out my local library has a electronic book renting service, for free. I was able to load the latest Conrad 3E book, and also got access to the 11th Hour Study Guide (I will read this one day before exam). Thus today I started reading the Conrad 3E book. I finished the Security and Risk Management domain chapter and WOW... I have a MUCH better understanding especially about Policies, Standards, Guidelines, Procedures, Baselines. I know what each item should contain with real world examples. Also, much better understanding of different access controls, certain definitions. I "thought" I knew these things but after reading that chapter now I feel MUCH MORE confident. This book explains concepts in 100% plain english that anyone can understand. Of course, much details are missing so it is more of a supplement source. Also read the Identity and Access Management chapter. Tomorrow morning when I am fresh I will read the Software Development Security and try to squeeze in Security Engineering. I felt the Sybex book explain the other domains very well... plus I have more direct experience in those other domains. Then I will go back to practice exams for Friday and reviewing notes. Saturday and Sunday will be Cybrary.

I was too caught up on the details, especially technical details last few days with CCCure. Don't get me wrong, they were really helpful but I keep forgetting this is a exam about CONCEPTS, not fully memorization of every technical detail.

Seab

Interesting, and totally agree with that.
Many people recently reported that cccure questions, and all the exams was not exactly the most useful source, but reading more, watching video, getting a global understanding is actually worth more the time spent. We probably need to have both, in my opinion, and for anybody that have time, doing plenty of questions doesn't hurt for sure, at least for the confidence. But going back to the essential with 11th hour is probably one of the best thing to do! Keep in mind that one day may be short for reading 200 pages of mostly definitions, models, and graph, to remember everything.

ZzBloopzZ

Progress Report:

Finished the Security Operations chapter today on Conrad 3E. I skimmed the parts I was familiar with but really took my time once I got to the second half about BCP/DRP. I have a MUCH better understanding about it and now can explain what the different plans are and what they entail. I feel that this book has been more helpful then the practice tests in terms of increasing my knowledge. Then again, because of all those practice tests I know what concepts/terms I am weak on and thus why I am focusing on those.

Tomorrow I plan quickly go through the Security Engineering section. Skimming just parts I don't fully understand, do need to brush up on more of the physical security type stuff. Then want to try to get at least one Sybex exam before midnight tomorrow. Sunday will be my ALL DAY Cybrary "bootcamp". I think it will wrap up everything nicely then Monday I plan to quickly go through my notes and do the 11th Hour Conrad book. Goal is to finish by 9PM, then watch a movie or two (Creed or In the Heart of the Sea 3D?) Also, I have one sheet of legal paper where I have condensed the things I really need to "memorize" for the exam. The OSI layers, PDU, related protocols/devices and brief description of what happens on each layer per CISSP's definitions. RFC 1918 and some of my other weaknesses. I already have it all memorized but it is the only thing I will look at on the day of the exam. Exam is @ 2PM so I will get to center early and quickly glance at this ONE sheet of paper and then give it my best, because that's all I can really do right?

It is supposed to rain like crazy next 3 days... the Universe is helping me out because it will make me stay more focused and not look outside at the sun. I did go for a nice 1 hour hike today deep in the woods. Saw a family of 5 turtles resting on a log. My ninja skills failed as I tried to take sneak up to take a nice picture but then they all jumped into the water and swam away. Saw a cool lizard too. Highlight was the waterfall and a gorgeous Great blue heron. It really made my day extra special. I was literally the only one on the trail. I forgot how beautiful nature is and I thank god/the universe for giving me the gift of vision and being able to easily hike through tough terrain. Unfortunately, many people can't do that. CISSP is great for future job security, but it's still just a small part/aspect of life. Don't stress out too much about it guys/gals!

ZzBloopzZ

Finished the Conrad 3E book on Saturday. Read the domains that were my weaknesses in it's entirety and then skimmed the rest. Then started Cybrary videos Saturday night as I went into panic mode. Did not know it is 15.5 hours long for some reason thought it was 10. Glad I did as I was just able to finish the videos about 20 minutes ago (before 1AM).

Have crazy headache but really glad I did. Fixed a few misconceptions and wrapped up everything beautifully.

Tomorrow will be Eleventh Hour which I plan to read in under 5 hours. Then go over 40+ of my hand written notes. Sadly, won't have time to squeeze in anymore test exams but IMHO it is better to study more at this point. Have already done over 1100 practice questions. With 3 250 question simulation exams. Plan to finish up everything by 9-10PM at the latest tomorow. Then will relax and watch one episode of Top Gear UK (havn't gotten around to this last season) and Office Space (figured it would be perfect night before a security exam!).

Tuesday I will sleep in. Then go for a nice speed walk, shower, have a nice late big breakfast/lunch. Then get out of the house by noon with some nice EDM tunes. Will spend no more then 10-15 minutes reviewing in parking lot before exam (made 1 page **** sheet for things I am struggling to memorize so will just be looking at that).

This will probably be my last post until few days after exam as I am behind on work. I have a good feeling about this!! I will be celebrating regardless of the results, because at the end of the day... I have NEVER worked SO hard at something before... and hard work ALWAYS pays off, right?

Seab

AM
Hey ZzBloopzZ

I wish you all the 'luck' for the exam. Well, there is no such thing as luck for a cissp exam I guess

You seem totally ready and it was great and motivating following you!

My exam is in 11days now, I will follow a very similar path!!!

Looking forward your exam feedback!!

!nf0s3cure

I used the Sybex but an older edition and found it quiet OK. But that was me, so I guess it is an individual preference. Good luck with the exam.

CyberCop123

Good thread - nice to hear detailed experiences of others doing the CISSP.

My OSCP exam is on Thursday... if and when I pass (hopefully 1st time) I hope to immediately start on CISSP study with a view to doing exam after 12 weeks hard studying.

I'm listening to Kelly Handerhan podcasts in the car which are brilliant even though I don't remember much - just nice to try to get into the mindset and learn some terms.

i started reading chapter 1 of Sybex. I found it difficult to really understand what any of it means. Like in real life. theres also some bits where it defines words like "prevention" and "avoidance".

I did find it helpful to read the summary first and the exam objectives as it actually does make sense.

At times in the chapter i was just phasing out thinking "get to the point" and "is this relevant".

I'm probably thinking this as I'm not a manager or a business person. So it's completely alien to me.

I hope to read the book, make notes and highligjt
podcasts
repeat again

my proper study won't start until I pass OSCP but just having some glance as the content as I want to have the next few days off before OSCP exam.