Seven types of hard CISSP exam questions

Here's an interesting document from Global Knowledge:

7 Types of Hard CISSP Exam Questions and How To Approach Them

I can't compare the description to the actual CISSP exam, but from a practice questions writer point of view, I think it's a good thing to read as preparation for any IT cert exam.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

keatron

I'd have to say that's a decent description. However I'd have to argue the "unfamiliar terms" rant. Why? Basically because that's where the experience will come in. For example, I've heard a lot of people just coming into IT get confused about the term gateway. But if you're seasoned, you'll know the meaning behind it based on the context it's used in. For example, "I just bought a Cisco wireless gateway" and "what is your gateway ip address in your tcp/ip config". To a brand new person, this would be very confusing, but to an experienced person, they'd know exactly what's going on.

However, everything else on that page is pretty accurate.

JDMurray

The "unfamiliar terms" gotcha is one that has really gotten my goat on a couple of cert exams. I still bristle when I think of running across the term "illicit server" in a question on an older release of the Security+ exam I took several years ago. I had never seen this term anywhere before or since, and it was so ambiguous in its usage (like the term "gateway") that I had to guess at the answer. Grrrrr.

Thanks for the URL, Johan. I'm reading through the SSCP material right now and I'll also need this type of study prep for the exam.

Webmaster

That was the term I was referring to in my "I Passed" post in the Sec+ forums a couple of years ago when I said I picked up some new English.

But I agree that's not a strong choice for a 'hard type of CISSP question' as even an ISC2 associate has at least 1.5 years experience (since you only have 2.5 years to get required remaining experience) so I don't think that's something to really worry. Especially with the large amount of questions you can miss a couple merely for not knowing a term. I'm definitely going to keep this doc in mind when writing practice question for any exam. ...I also have the tendency to forward it to CompTIA.

JD wrote:

I'm reading through the SSCP material right now and I'll also need this type of study prep for the exam.

Great, I assume that means you've overcome the experience requirements. Will you still be going for TICSA as well?

JDMurray

Yes, I think that having the TICSA first will help qualify me for the SSCP. The TICSA is endorsed by the (ISC)2 as an "advanced beginner" security cert, so I feel good about getting it first.

I was looking over my resume and I do have a lot of experience writing Telco software that has necessary security components. I'm also currently designing and implementing software copy protection and DRM-based content management schemes too. I've just never officially worked under an InfoSec title. Us software types just have to do it all, but without much recognition.

keatron

I'm pretty convinced JD will more than meet the requirements.

JDMurray

keatron wrote:

I'm pretty convinced JD will more than meet the requirements.

Oh yeah, and I have keatron too. I can't forget that!

TURTLEGIRL

Neat PDF, it certainly gives you some good feedback, cheers.