Passed CISSP Aug 9th [long post]

tphan3tphan3 Member Posts: 39 ■■□□□□□□□□
[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]First off, I just want to thank this community for helping me so much with the exam preparation process from selecting exam materials to your shared stories and experiences while taking this exam. I passed this CISSP with my first try just two days ago, and I realized that I should give back to this community my secret formula, a comprehensive list of what I used that may help some of you in the future.[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Because English is not my first language, there may be some confusions I may cause you while reading this. Please let me know and I will try my best explaining my thoughts.[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Man, this test was tough as hell especially for someone with no work experience like me (got my bachelor's degree last year). I only had a couple internships doing not so much in networking, load balancing stuff and IT audit. However, I took my own time, a lot actually, to pass network+, [/COLOR]sec+[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] and linux+, so I basically got some fundamental concepts. I got my first full-time job thanks to those certs, but I have not started it yet due to my decision of taking my master's degree first. I was afraid I would not have time for the master's degree while I work. Hence, for the past two months this summer (studying only, it may take you more than that while working full time or not), I decided to take on a new challenge of tackling this monster exam after seeing my intern job's boss and every single manager level job need this. I just wanted to be one step closer to his level. I think that you do not need to be a superman to pass this exam. If I, a normal person, can pass this exam, you can also pass this exam. What you need to pass is your time, your dedication, your patience and a bit of luck. No boot camp presented, but if I had a financial resource I would try it out. Anyway, I felt confident with my methods, and I had absolutely no worries while stepping in the testing center.[/COLOR]

:D:D:D

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]The Sybex book: Read this once at first then listen to Kelly's videos then skimmed it the second time. Frequently used to look up terms and explanations because the authors explained the concepts concisely.[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Eric Conrad's 2nd edition book: Read this book first, did not remember much. Concepts and explanations were ok I guess. The 3rd edition I used to clarify some [/COLOR]stuffs[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] about [/COLOR]bcp[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]/[/COLOR]drp[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif].[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]AIO: great book, did not read the whole book, just a couple domains. Used mostly after taking the Total tester practice tests and domain tests she gave away. Computer architecture was explained in great detail here along with other materials.[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Official CBK: Only used for some concepts like TCSEC categories. Did try to read it but tough to swallow, man this piece was hard and dry for my taste.[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]I noticed some discrepancies between those four books. Like in the [/COLOR]aio[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif], [/COLOR]sdlc[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] concept was divided into software and system development cycle, [/COLOR]direct[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] address was also called absolute address, etc. The way [/COLOR]cccure[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] explained the answer was sometimes different from those books. New terms such as [/COLOR]metamorphic[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] virus in [/COLOR]cccure[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] were not mentioned in any of those books. Specific details about each category in TCSEC were best mentioned in the official CBK book. Details about the types of evidence and alarm types were best addressed in [/COLOR]aio[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] in my opinion. My point is read as much as you can, take as many practice questions as you can, when you see a new term so something you don't know, look it up in those four books and take notes. Some practice tests were more technical than others, but it never hurt you to know more at least for me. I did read or look same contents over and over because my brain sucks, but I learned the most that way. I have no special talent, so I took the hard way to drill the knowledge [/COLOR]to[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] my brain. You will get bored of studying, but please remember why you started studying in the first place. A couple of gaming sessions got me back on the studying track.[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Videos:[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Cybrary: great videos from Kelly, helped me a lot with the concept of IPSec and Kerberos. Watch this the first time after reading [/COLOR]sybex[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif], then the second time as most of you recommended the week before the exam. The third video, the 19 mins one was most helpful before taking the exam.[/COLOR]
[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Link here: [/COLOR]https://www.cybrary.it/course/cissp/

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Pearson IT: Sari Greene's videos were on point but can be dry. I only watched once[/COLOR]
[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Link here: [/COLOR]CISSP Complete Video Course | Pearson IT Certification

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Test engine:[/COLOR]

Cccure[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]: great engine to brush up your knowledge and train your mind to be ready for the test. All questions were reviewed carefully so no grammar error or not fully satisfied answers. I used it three weeks before the test. Took all 1k8 questions scoring around 85% (250 questions each). I wished there [/COLOR]were[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] a feature to reset the quiz history (well just my opinion lol)[/COLOR]
[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Link here: [/COLOR]https://www.freepracticetests.org/

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Sybex: Decent, asking some seriously ridiculous questions lol. For [/COLOR]question[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] such as where would I find reference to see earthquake history of an area, my mind was like WTF is this? Lol. Some questions had errors and I can point them out exactly. That's why it is awesome to have such an engine like [/COLOR]cccure[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] with amazing customers to provide feedbacks to improve the questions. Did all 4 practice test (around 82% on 1k questions) + chapter questions (400 ish). Great to use the week before the test. Chapter questions could be used right after you finish a chapter.[/COLOR]
[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Link here: [/COLOR]https://sybextestbanks.wiley.com/index/login?page=register

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]AIO: There were errors in these sets of questions, that's all I can say. Questions were challenging, very technical. I got frustrated the first time I did those questions because I was so sure I was good. These tests helped me build and improved my core knowledge. Great for studying after reading [/COLOR]sybex[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif], eric [/COLOR]conrad's[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] books and maybe [/COLOR]aio[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]. Complemented well with [/COLOR]aio[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif], all concepts were explained further in [/COLOR]aio[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]. The test environment that simulated the real exam was the best of all. Best I could do here were around 77% for each domain for a total of 2k questions[/COLOR]
[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Link here: [/COLOR]
https://www.totalsem.com/cissp-all-in-one-exam-guide-sixth-edition/
https://www.mhprofessional.com/sites/CISSPExams/

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Eric [/COLOR]conrad's[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] engine: I did not like the test environment here much. 500 questions were ok, some questions like who was prosecuted by the criminal law were too crazy. Good to use two weeks before the test. I can only score around 80% here.[/COLOR]
[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Link here: [/COLOR]Elsevier: conrad: CISSP Study Guide Practice Exams

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]The total number of practice questions can be up to 5k. Nevertheless, no test engine questions came close to the real exam.[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Summary note: I got the CISSP note from here. However, I found an error regarding substitution in encryption to cause diffusion. Guys, be mindful about what you read and remember, please keep checking [/COLOR]stuffs[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] out if you have any doubt. I did not use it much, so I have no further comment. I still think it is a good summary, and I want to thank whoever created this.[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Now let's get to my experience taking the exam. After taking nearly 5000 practice questions from multiple sources of questions (I have not had the chance to try out the official practice questions that just came out recently), I thought I was ready, but when I looked at the first couple of questions, I was quite nervous. I knew before hand that the [/COLOR]pratice[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] questions would not be the same or anywhere near the real exam questions. Still, I was overwhelmed. All of the real questions were scenario-based that required me to think so carefully, especially while deciding between two choices which happened quite frequently. All practice test questions were too technical to my thought at this point. Normally, I took about 3 hours to complete a practice exam, but I took 5 hours and a half for the real one (I could not concentrate for the last 30 mins). I made quite a few educated guesses. There were questions about the audit process or cloud technology which I did not know much of, but as Kelly said, put on your managerial hat and think like a risk advisor in which auditors are all about checking, testing controls, etc...I took three breaks every 75 questions just to clear my head. I got tired and sleepy sometimes, and because of the low temperature in the testing room, I did not feel that comfortable. Guys, bring a [/COLOR]sweat shirt[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] and wear shoes while taking your exam. Also, you can take as many breaks as you like, so make sure you use that to your advantage to bring your best self to answer the questions ( I wished there was a couch so I can take a nap or something lol). I was provided with a noise canceling headphone (over the ear type of thing), but it was quite tight. I would recommend bringing some noise canceling earplugs you can find easily anywhere. Finally, after being done with answering all the questions after 4h30 mins, I went back and changed about 5 answers of my marked questions. I did not bother to look and review others. It is best that you keep them as they are because when you are tired, looking at them would not help you that much and may even trigger the inner stupidity in each of us to change an educated guess to a wrong answer.[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]After I finished the exam, I did not have the courage to see the results. I had to wash my face, drink some cold water before receiving the [/COLOR]result[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif] paper. Man, the feeling of holding the paper that said "Congratulations!" was the best (well except for...you know what I meant). My hard work actually paid off haha.[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]That is all I can say about this exam. I hope this post is "informative for you and I just want to thank you for viewing." (Keith Barker's legendary ending). I know I am just an inexperienced associate, for those of you who already have so many years of working, please excuse my lack of skills and poor writing. What I wrote purely came from my experience and opinion.[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]One last thing I want to say is good luck to you all. You guys are the best.[/COLOR]

[COLOR=rgba(0, 0, 0, 0.87058icon_cool.gif]Next stop: CISA. I planned to tackle major certs before working full time, so I have more time studying.
[/COLOR]icon_cheers.gificon_cheers.gificon_cheers.gif

Comments

  • tphan3tphan3 Member Posts: 39 ■■□□□□□□□□
    Sorry guys, I had no idea my post was like this, and I could not find the edit button anywhere. Is there anyway I can fix this?
  • protacticusprotacticus Member Posts: 91 ■■□□□□□□□□
    [FONT=verdana, arial, helvetica, sans-serif]Awsome man, thank you for sharing this [/FONT]extraordinary experience. Do not worry about formatting, just repeat your link for notes, please.
  • yanziyangyanziyang Registered Users Posts: 2 ■□□□□□□□□□
    thanks. Very good content, and really helpful. But hard to read. So I reformat as below.


    First off, I just want to thank this community for helping me so much with the exam preparation process from selecting exam materials to your shared stories and experiences while taking this exam. I passed this CISSP with my first try just two days ago, and I realized that I should give back to this community my secret formula, a comprehensive list of what I used that may help some of you in the future.


    Because English is not my first language, there may be some confusions I may cause you while reading this. Please let me know and I will try my best explaining my thoughts.


    Man, this test was tough as hell especially for someone with no work experience like me (got my bachelor's degree last year). I only had a couple internships doing not so much in networking, load balancing stuff and IT audit. However, I took my own time, a lot actually, to pass network+, sec+ and linux+, so I basically got some fundamental concepts. I got my first full-time job thanks to those certs, but I have not started it yet due to my decision of taking my master's degree first. I was afraid I would not have time for the master's degree while I work. Hence, for the past two months this summer (studying only, it may take you more than that while working full time or not), I decided to take on a new challenge of tackling this monster exam after seeing my intern job's boss and every single manager level job need this. I just wanted to be one step closer to his level. I think that you do not need to be a superman to pass this exam. If I, a normal person, can pass this exam, you can also pass this exam. What you need to pass is your time, your dedication, your patience and a bit of luck. No boot camp presented, but if I had a financial resource I would try it out. Anyway, I felt confident with my methods, and I had absolutely no worries while stepping in the testing center.






    The Sybex book: Read this once at first then listen to Kelly's videos then skimmed it the second time. Frequently used to look up terms and explanations because the authors explained the concepts concisely.


    Eric Conrad's 2nd edition book: Read this book first, did not remember much. Concepts and explanations were ok I guess. The 3rd edition I used to clarify some stuffs about bcp/drp.


    AIO: great book, did not read the whole book, just a couple domains. Used mostly after taking the Total tester practice tests and domain tests she gave away. Computer architecture was explained in great detail here along with other materials.


    Official CBK: Only used for some concepts like TCSEC categories. Did try to read it but tough to swallow, man this piece was hard and dry for my taste.


    I noticed some discrepancies between those four books. Like in the aio, sdlc concept was divided into software and system development cycle, direct address was also called absolute address, etc. The way cccure explained the answer was sometimes different from those books. New terms such as metamorphic virus in cccure were not mentioned in any of those books. Specific details about each category in TCSEC were best mentioned in the official CBK book. Details about the types of evidence and alarm types were best addressed in aio in my opinion. My point is read as much as you can, take as many practice questions as you can, when you see a new term so something you don't know, look it up in those four books and take notes. Some practice tests were more technical than others, but it never hurt you to know more at least for me. I did read or look same contents over and over because my brain sucks, but I learned the most that way. I have no special talent, so I took the hard way to drill the knowledge to my brain. You will get bored of studying, but please remember why you started studying in the first place. A couple of gaming sessions got me back on the studying track.


    Videos:


    Cybrary: great videos from Kelly, helped me a lot with the concept of IPSec and Kerberos. Watch this the first time after reading sybex, then the second time as most of you recommended the week before the exam. The third video, the 19 mins one was most helpful before taking the exam.
    Link here: https://www.cybrary.it/course/cissp/


    Pearson IT: Sari Greene's videos were on point but can be dry. I only watched once
    Link here: CISSP Complete Video Course | Pearson IT Certification


    Test engine:


    Cccure: great engine to brush up your knowledge and train your mind to be ready for the test. All questions were reviewed carefully so no grammar error or not fully satisfied answers. I used it three weeks before the test. Took all 1k8 questions scoring around 85% (250 questions each). I wished there were a feature to reset the quiz history (well just my opinion lol)
    Link here: https://www.freepracticetests.org/


    Sybex: Decent, asking some seriously ridiculous questions lol. For question such as where would I find reference to see earthquake history of an area, my mind was like WTF is this? Lol. Some questions had errors and I can point them out exactly. That's why it is awesome to have such an engine like cccure with amazing customers to provide feedbacks to improve the questions. Did all 4 practice test (around 82% on 1k questions) + chapter questions (400 ish). Great to use the week before the test. Chapter questions could be used right after you finish a chapter.
    Link here: https://sybextestbanks.wiley.com/ind...?page=register


    AIO: There were errors in these sets of questions, that's all I can say. Questions were challenging, very technical. I got frustrated the first time I did those questions because I was so sure I was good. These tests helped me build and improved my core knowledge. Great for studying after reading sybex, eric conrad's books and maybe aio. Complemented well with aio, all concepts were explained further in aio. The test environment that simulated the real exam was the best of all. Best I could do here were around 77% for each domain for a total of 2k questions
    Link here:
    https://www.totalsem.com/cissp-all-i...sixth-edition/
    https://www.mhprofessional.com/sites/CISSPExams/


    Eric conrad's engine: I did not like the test environment here much. 500 questions were ok, some questions like who was prosecuted by the criminal law were too crazy. Good to use two weeks before the test. I can only score around 80% here.
    Link here: Elsevier: conrad: CISSP Study Guide Practice Exams


    The total number of practice questions can be up to 5k. Nevertheless, no test engine questions came close to the real exam.


    Summary note: I got the CISSP note from here. However, I found an error regarding substitution in encryption to cause diffusion. Guys, be mindful about what you read and remember, please keep checking stuffs out if you have any doubt. I did not use it much, so I have no further comment. I still think it is a good summary, and I want to thank whoever created this.


    Now let's get to my experience taking the exam. After taking nearly 5000 practice questions from multiple sources of questions (I have not had the chance to try out the official practice questions that just came out recently), I thought I was ready, but when I looked at the first couple of questions, I was quite nervous. I knew before hand that the pratice questions would not be the same or anywhere near the real exam questions. Still, I was overwhelmed. All of the real questions were scenario-based that required me to think so carefully, especially while deciding between two choices which happened quite frequently. All practice test questions were too technical to my thought at this point. Normally, I took about 3 hours to complete a practice exam, but I took 5 hours and a half for the real one (I could not concentrate for the last 30 mins). I made quite a few educated guesses. There were questions about the audit process or cloud technology which I did not know much of, but as Kelly said, put on your managerial hat and think like a risk advisor in which auditors are all about checking, testing controls, etc...I took three breaks every 75 questions just to clear my head. I got tired and sleepy sometimes, and because of the low temperature in the testing room, I did not feel that comfortable. Guys, bring a sweat shirt and wear shoes while taking your exam. Also, you can take as many breaks as you like, so make sure you use that to your advantage to bring your best self to answer the questions ( I wished there was a couch so I can take a nap or something lol). I was provided with a noise canceling headphone (over the ear type of thing), but it was quite tight. I would recommend bringing some noise canceling earplugs you can find easily anywhere. Finally, after being done with answering all the questions after 4h30 mins, I went back and changed about 5 answers of my marked questions. I did not bother to look and review others. It is best that you keep them as they are because when you are tired, looking at them would not help you that much and may even trigger the inner stupidity in each of us to change an educated guess to a wrong answer.


    After I finished the exam, I did not have the courage to see the results. I had to wash my face, drink some cold water before receiving the result paper. Man, the feeling of holding the paper that said "Congratulations!" was the best (well except for...you know what I meant). My hard work actually paid off haha.


    That is all I can say about this exam. I hope this post is "informative for you and I just want to thank you for viewing." (Keith Barker's legendary ending). I know I am just an inexperienced associate, for those of you who already have so many years of working, please excuse my lack of skills and poor writing. What I wrote purely came from my experience and opinion.


    One last thing I want to say is good luck to you all. You guys are the best.


    Next stop: CISA. I planned to tackle major certs before working full time, so I have more time studying.
  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    Thank you for the detailed post and Congrats! Good luck on the CISA!
    I am a Jack of all trades, Master of None
  • KyrakKyrak CISSP, PMP, MCSE CP&I, VCP5/6, CCNA R&S/Sec/Cyber Ops, ITIL, A+/N+/Sec+ Member Posts: 143 ■■■□□□□□□□
    Congrats! Thanks for the links and advice!
    Up next: On Break, but then maybe CCNA DC, CCNP DC, CISM, AWS SysOps Administrator
  • sameojsameoj Member Posts: 366 ■■■□□□□□□□
  • tphan3tphan3 Member Posts: 39 ■■□□□□□□□□
    I reuploaded the summary notes I found on this forum here
    https://www.dropbox.com/s/fk3zlbzkyww6f0m/CISSP%20Combined%20Notes.pdf?dl=0
    https://www.dropbox.com/s/7b2aooesvw2mbkh/CISSP_Summary_V1.1.pdf?dl=0

    Thanks yanziyang for reformatting my post, I was going to do it, but I thought I would wait for someone to help me out with the edit button thing.
  • cavijayancavijayan Member Posts: 14 ■□□□□□□□□□
    Congrats on your CISSP. Advance wishes for your CISA try ! Good Luck
  • DAVIS NGUYENDAVIS NGUYEN Member Posts: 1,472 ■■■□□□□□□□
  • ruzaj36ruzaj36 Member Posts: 13 ■□□□□□□□□□
    Congrats mate and thanks for info
Sign In or Register to comment.