CISSP 1st Attempt - 691

mhyrulemhyrule Member Posts: 21 ■□□□□□□□□□
Hello everyone,

Was recently referred to this forums by an ISC2 representative when I was looking for consultation.

I took my first attempt on September 6th of this year and ended with a score of 691.

So close it hurts. I plan to start up studying again this January and hope to pass the test this coming time.

As far as studies (before I took the first attempt):
-Eric Conrad - 3 times read (took notes of the whole book 2 times)
I also made flash cards (600+), but I stopped using them after taking notes twice and felt I learned better that way.
-CISSP Practice the online site for practicing questions.
-Cybrary CISSP one time watch over.

For the first attempt, I felt I was doing pretty well until I finished the last question.

It was then I was allowed to review answers... Honestly, I felt I second guessed myself so many times when rereading the questions I had flagged.

Some questions on the test also put mention on areas that as far as my studies go, have never covered extensively.

I am trying to gain a better understanding on how to approach the CISSP.
When I originally took on the test, my mindset was to approach it as a manager, but on the reviewing questions, I felt that I let the "IT" side get the better of me which made me change a lot of my answers.

I only have 1 year in the industry field (I started working in January 2016).
I passed the Security+ in June 2016.
I hope to pass the CISSP to become an associates.

My supervisors... were actually surprised I got the score I did, but it was a gut punch to the stomach since I missed it so close, and I believe one of the biggest reasons were due to my 2nd guessing...

As far as the 8 domains went, my weakest was on the 8th domain itself about software development.

I read through Eric's book quite a bit, but trying to put it conceptually is rather difficult (most likely due to lack of experience?).

I hope to re-take the test around late Jan or early Feb. My study methods... I feel I can retain a lot of information when I take notes (explanation as to why I rewrote a 2nd set of notes). I have a hard time rereading through my old notes so I guess I will have to go over Eric's book a 4th time and retake a 3rd set of notes.

The CISSP Exam Practice I do feel its great to have for test taking, but the questions themselves.. whatever question I get wrong I attempt to read the reason as to why it is wrong. However, I can't exactly tell if I am just memorizing the answer the next time it ever appears or why it is considered "right" conceptually.

What would be the best way to approach studies as far as exam practicing?

The ISC2 representative recommended getting the ISC2 exam practice book which I am considering, and possibly looking into CISSP for dummies.

Is there any recommendations anyone can provide?
I understand I lack experience, but I am prepared to study hard to make up for that experience.

Thank you in advance!


  • mhyrulemhyrule Member Posts: 21 ■□□□□□□□□□
    I forgot to mention...
    I ended up taking a break after the 1st attempt taking the advise of my supervisors. Unfortunately, that left me in a lack of motivational state.

    I am not sure what to do. Even though I stated that I want to take the test at so and so, I have a hard to focusing myself to commit again.

    Sometimes I wonder if I shouldn't have taken the break..
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    mhyrule wrote: »
    I understand I lack experience, but I am prepared to study hard to make up for that experience.

    You need to do more to make up for that lack of experience than just reading Eric Conrad, watching Cybrary and doing more questions. Eric Conrad is great for practitioners with years of experience; you may want to check out the official book and test kit Do more research on your weak areas until you understand the concepts and are able to apply them.

    Also check out
  • mhyrulemhyrule Member Posts: 21 ■□□□□□□□□□
    Mike7 wrote: »
    You need to do more to make up for that lack of experience than just reading Eric Conrad, watching Cybrary and doing more questions. Eric Conrad is great for practitioners with years of experience; you may want to check out the official book and test kit Do more research on your weak areas until you understand the concepts and are able to apply them.

    Also check out

    Thank you for the information. I was lookin at getting the practice exam book of that test kit. My supervisor lent me the book for Sybex and its been rather difficult to study under that book and get myself hooked to the book as it is for Eric's book. Maybe it's due to how Eric portrays the information as compared to Sybex's CISSP. It feels... bland?

    I will have to give it a try again...

    I just checked out the thread for why most of them fail CISSP exam, and I will admit yes I am at a disadvantage. Understanding concepts at my level of experience appears to be difficult and when compared to my colleagues, they all have some sort of managerial experience which they stated helped them on deciding answers for test.

    I have yet to work in a managerial position, but after failing the test the first time I began focusing my work to put myself in my supervisor's position. I believe it has helped, but yes I do need more refining.

    I have considered two different approaches to studying as of current. To take practice exams without reading the book and going over the wrong questions to see why they were wrong followed by reading the book after, or read the book/take notes before taking practice exams.

    Starting January, I plan to implement reading through the answers first then doing my best to understand what the question asks for based on how the thread from why most failed CISSP. I hope to gain a better understanding on concepts. Is there any suggestions on how to approach concepts is what I keep asking myself.

    More resources are better which has been noticeable amongst most forum-posters, but sometimes I feel I have conflicting resources on certain topics. It has been a few months so I would have to reread and find them again.
  • mhyrulemhyrule Member Posts: 21 ■□□□□□□□□□
    I was able to read the thread for why most of them fail. Understanding concepts something I wish to achieve with new implementations of study methods on how to approach the material.

    I have tried to read the Sybex book (supervisor lent it to me at some point), but as far as getting hooked to the book, it didn't go so well. Eric seemed to portray the information better than Sybex... I will have to give it another go.

    I do plan for sure to get the exam practice tests from Sybex. However, I want to do my best to understand conceptually why so-and-so answer is correct as to just memorizing the answer (like how I felt with the CISSP Practice Exam questions).

    Is there any particular methods to approach studying? My current method was reading the book/taking notes then going through the practice exams.

    Before when I took Security+, I went through practice exams then read through the book.
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    You need another book to study from and i'm not talking about the dummies book.
  • mhyrulemhyrule Member Posts: 21 ■□□□□□□□□□
    Hmm, I will give the Sybex book another try.

    My current plans were to re-read Eric's book to refresh my knowledge, then move into Sybex, followed by the test practice questions from Sybex's CISSP Practice Exam Book.

    Unless do you think I should just dive right into Sybex's?

    Most likely I will be taking notes along the way in the books.
  • lucky0977lucky0977 Member Posts: 218 ■■■■□□□□□□
    For most of the questions on the test, they were situational and you can easily be tricked into picking an answer the way a security practitioner would answer rather than what a security manager would be answering. The questions will sometimes put you in one of those roles to answer the question (i.e You are the Data Owner .... or You are the Auditor).

    You've read one of the books three times already so it would be pointless to keep doing that. Instead, maybe do the practice exams and find out what domains show up as low scores and just go back to read that portion of the book. Your score is not that bad considering most of the passing threads you see here on the site. A lot of people with years of experience will say they were unsure if they passed the exam or not before receiving the printout from the proctor.

    What is your role in your organization that makes you seek this certification and is Security + the only security related certification you have?
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • mhyrulemhyrule Member Posts: 21 ■□□□□□□□□□
    I can see what you mean by how the questions could deceive easily, and I experienced that feeling of doubt quite often when I was taking the test that time. If I had a chance to go back I would make the change but no point being wishy about it haha.

    I currently work as a scan technician for a PCI Compliance/ASV company. My goals are to move over to the pentesting section where internships are possible.

    Security+ was implemented as a requirement to become a scan technician (before I was regular tech support for assisting customers with completing their questionnaire).

    As far as certifications... Yes, Security+ is the only certification I have as of current. I graduated university with a major in language, so it's not exactly a good mix I suppose...
    I did dabble a bit in Computer Science during the school years, but I wouldn't say its enough to be considered adequate.

    Recently, the CCENT was just approved by the company so I can start looking to become certified for it (they will assist in paying for it so long as I can pass the in-house test), but since I already attempted CISSP (also approved by the company) before the approval for CCENT, I would like to finish it up.

    It makes me really regret taking a break. Regaining motivation has been the toughest part for me.
  • lucky0977lucky0977 Member Posts: 218 ■■■■□□□□□□
    Yeah you might as well since you were so close to passing.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • mhyrulemhyrule Member Posts: 21 ■□□□□□□□□□
    Hmm.. So I should consider practice exams first.

    It has been a few months so I feel a good amount of the material has been forgotten somewhat. Just trying to assess other options of study methods.
  • OfftopicOfftopic Member Posts: 37 ■■□□□□□□□□
    I think you already know one thing v well - this TEST depends a lot on luck.
    I suggest you take a week off from work and wife! Study sybex book then revise yr notes then skim thru 11th hour.
    Then read official cbk book but only the parts that are different or missing in other 2 books. This will bring you upto speed.
    Then start stacking questions after your week off is done
    Rinse n repeat before exam
    Hope for the best
  • mhyrulemhyrule Member Posts: 21 ■□□□□□□□□□
    Hmm, I just unlocked PTO for my work so I would have to acculmulate the time which would probably be around 4 months to get a full week.

    I do get enough time to study at work when it isn't too busy. The 11th hour is something I have been looking to get and use as a last week resource after going through Eric's and Sybex, as well as the practice exam booklet from Sybex.

    Plan of attack is most likely practice test first then going through the two books to refresh knowledge, then more testing, following 11th hour. e
  • dhay13dhay13 Member Posts: 580 ■■■■□□□□□□
    I suggest LOTS of practice questions. I probably did about 2000 total. It gets you thinking like ISC2 wants you to think when taking the test.

    I am actually surprised you scored that well with such little experience. I don't think I could have done that well after only 1 year. As close as you are I think lots of practice tests and seeing which domains are your weakest and focus on that. As close as you are I think that will put you over. One free resource I used was McGraw Hill ( This site is still based on the old exam but the questions are still relevant and will tell you what areas are your weakest.

    Good luck!
  • mhyrulemhyrule Member Posts: 21 ■□□□□□□□□□
    Thank you.

    I currently use for my practicing, but I will definitely try out that McGraw resource. Unfortunately... I think I only did around 900-1100 questions as far as practice goes. This time though I will aim for 2000-3000 questions.

    I probably will do a quick skim of Eric's and rush straight into practice tests. Seeing how I have nothing to do for the rest of this year... and everyone here has helped me liven up. This demotivated feeling is just annoying, but its like I sit at work and could be studying during the downtimes, but I just stare at the screen hoping to do something... It's strange how it works.

    Well, hopefully I can force out of it and start soon!
  • mhyrulemhyrule Member Posts: 21 ■□□□□□□□□□
    Yeah, I think I only did around 900-1100 questions.

    I do mine at the CISSPexampractice site. Not sure if you guys recommend it or not. I will take a look into that resource though!

    I think I will do a quick re-read of Eric's book to refresh my memory and just do practice tests until I can get my hands on the Sybex practice exam book. Any questions I run into that I don't understand I could try referencing to Sybex's book.

    I need to get over this demotivated state and into motion. I have so much downtime at work but I just stare at the screen looking for something to do. Not sure why I do this...
  • PureCoffeePureCoffee Member Posts: 5 ■□□□□□□□□□
    I posted this on another thread. It is advice. Hope you give it thoughtful consideration.
    Here is what I did to prepare. It took me just under two months.
    1) ISC2 Official Study Guide 7th Edition
    2) Eric Conrad's 3rd Edition CISSP Study Guide
    3) Shon Harris All In One Study Guide 7th Edition
    4) Kelly Handerhand video course

    1) I read the Sybex (ISC)2 Study guide twice. Cover to cover. Answered ALL chapter quizzes and used the online practice tests. ALL of them. You do not have to do the full blown tests in one sitting but before the exam one should do a few to know what it feels like to sit through 250 questions 4 inches deep and a mile long.

    2) Eric Conrad's Book - I read that book cover to cover and did the practice tests in the book and the ones online. Easy read, cuts out all the fluff and added value to my over all experience.

    3) Shon Harris All In One - I read some of the book, used the CD that came with it and it really helps gauge what Domains are your weaker ones. You cannot go wrong with this book. I also reviewed ALL chapter/Domain review pages at the end of each Domain.

    4) - GREAT source and whilst I did not listen to ALL of it, I did a lot of listening while I was commuting, cooking, etc. Just having Kelly in the background going through the material is good. Remember our brains are actually picking up and storing information even if we think we are not listening. I remind my wife all the timeicon_lol.gif.

    5) OTHER
    a. I made flash cards of concepts, theories, terms. Even the basic ones. I used almost two complete decks of heavy Duty Index Cards.
    b. I spent a minimum of two hours (many times more hours) in the library. Somewhere quiet is ideal. For me, the Library was great. Starbucks or other run of the mill coffee shops have too much noise (for me).
    c. I came up with a study plan and committed to meeting it. Regardless of how tired I was, what else was going on, work schedule etc. I did a minimum of 50 practice questions per day. I was careful not to memorize the questions but the why, how, concepts etc. I built in some fluff days into the schedule so I knew I would be through 5 days before the exam. Note: it doesn't mean you stop reviewing or studying 5 days before. I was actually studying the day of the exam in a cafeteria (quiet one) where the testing center was. Right up until test time.

    6) Remember
    a. You CAN do this. It is a road block not a death sentence that you didn't make it the first time.
    b. Never, never give up. (Read Winston Churchill's speech regarding this)
    c. It will not be handed to you on a silver platter. Figure out your weak points and tackle those.
    d. Do NOT waste your money looking for Brain ****. They either don't exist or are outdated and you would be better off spending your money on Monster Energy Drink or another recommended book to read.

    7) As a life time learner and a Certified Technical Trainer +, reach out to Subject Matter Experts in the Domains if you know any. Reach out to me if you would like. If it is in my power to help I will. If not, I will tell you I do not know the answer.

    Best Wishes on the Retake. You can do it!!
    Steve a.k.a PureCoffee
  • mhyrulemhyrule Member Posts: 21 ■□□□□□□□□□
    Thanks Steve!

    My plans are to read Conrad's book to refresh, then go through Sybex's while taking the practice tests during my downtime at work. I have been through cybrary's video course once, but I probably will go through it again.

    As far as flash cards, I just bought a pack of 400 so hope to make use of them.

    I do not plan to give up after how much time I have invested in studies, and it will just look that much better for the overall profile to have CISSP under my belt (associate or not)!

    I am hoping to take the test late Jan/Early Feb 2017.

    I want to thank everyone for the tips and cheer ups. I am definitely feeling better.
Sign In or Register to comment.