Passed CISSP exam! My thoughts on prep and exam (LONG post!)

jimjjimjjimjjimj Member Posts: 17 ■□□□□□□□□□
Passed my CISSP today. Very happy. 90-95% of the exam is not technical but they throw in a few questions are very technical. I obviously can't disclose questions but there were some very specific items of technical chicanery on certain things. Fortunately, I knew the answers to some, but not the others. If I had memorised a few more specific technicalities from the Conrad or Sybex study guides on certain matters I would have felt better during the exam! But overall it is certainly true that most of the questions are managerial in style but there are certainly some technical ones too.

Beyond that, lots of things you'd expect so no surprises. I’ll just say that the Eric Conrad study guide pretty much covered all the content I needed. There were a small handful of questions on material I had never seen or heard about before – I presumed they were part of the 25 ‘research questions’ that don’t count. At least, that’s what I told myself to feel better(!) One of them was a certain abbreviation for something which I had never seen before. Well I’ve since searched the CBK and Sybex/Conrad and can’t find it so I’m relaxed about that and assume it’s part of the ‘25’!

The exam really was a mile wide.

Which material is the best?

Looking back, I think that the Eric Conrad books are the best. On the two days prior to my exam, I read the whole of his study guide (not the 11th hour, but the full version). It really prepared me very well. Beyond that, official Sybex was pretty good but a bit dry. Conrad explains things better and covers the same ground.

For videos, there's the outstanding free Cybrary ones of course but I really recommend the 60 hour set of videos from David Miller (which is at SafariBooksOnline - you need to buy a minimum one month subscription but really worth it. The same website also has brilliant summary videos from Sari Greene which are as good as the Cybrary ones. It also has Sybex, Eric Conrad, and a load of other CISSP books so I recommend everyone get a subscription). You can get a one week free trial BTW.

There is a brilliant Audio Book by Phil Martin called Simple CISSP. I listened to this a lot in the weeks leading up the exam. Highly recommended. Similar to the Cybrary videos for a great summary of essentials. If you don't have an Audible account then you can get one free book so do sign up (remember to cancel subscription though and you'll pay nothing). I used this a lot on the commute to work and at the gym – basically whenever I couldn’t read a book. It was invaluable. It’s a 16 hour audiobook so not as in depth as, say, David Miller, but equivalent to Cybrary. He covered the large majority of things on my exam – really worth it.

Which practice exam questions were closest to the exam?

First, I get a bit baffled by some people online who expect practice exam questions to be found on the real exam. Why would anyone think that?!!! I've read complaints on various boards from people saying that the real exam didn't have any questions found in the practice exams. But why should they? I'm really surprised people expect that! Anyway, I used a few practice exams:

Sybex - pretty close to the real exam style IMO but a bit too technical. And there are too many “easy answers” - what I mean is that of the four choices, Sybex very often have three "obviously wrong" answers. That's NOT what the exam was like for me. In my exam, there was typically one "obviously wrong" answer but often three that were plausibly correct. That makes the exam significantly harder than Sybex, even if the style of the question is right. Sometimes, the exam had FOUR very plausibly correct answers, so it was very tough to choose one. By contrast, the official Sybex questions often has 3 “obviously wrong” answers so you can find the right answer by eliminating the ones that are obviously wrong. In my real exam there were plenty of questions with four plausible answers.

The other problem with Sybex is that the question set is a bit narrow. I’ve done all of them including both 250 question mock exams. The problem with Sybex is that too many of the same topics come up again and again and you can be lulled into a false sense of security by being tested on the same thing, which causes you to gain particular knowledge. For instance, Sybex have lots on Kerberos. Well fine, but what about Sesame or other systems? After doing a few Sybex questions, and learning from the answers, I became very knowledgeable on Kerberos but soon realised I was getting all Kerberos questions right but deep down knew that I had very little knowledge of Sesame which uses difference terminology and adds extra features. There are lots of other examples of that with Sybex. By the time, I came to the final 250 practice exam, I could almost predict what topics would come up. Unsurprisingly, I passed the Sybex practice exam very easily but the real exam was far harder. Most other practice exams have a better range of questions.

Shon Harris / Jonathan Ham practice exams book, 4th edition – this is WAY, WAY too technical. The exam is not like this at all. I am not a technical person so found these questions very difficult. I was averaging about 55-60% yet I still passed the real exam today! This practice exam book needs a total rewrite because the real exam has far fewer technical questions of this type.

PocketPrep Phone App – FAR FAR too easy. Don’t waste your time with this. I was getting close to 90% and the 10% I got wrong was because the question was phrased in a weird way, as if not written by a native English speaker. These questions are far too easy. While the exam has some easy questions the PocketPrep app is almost entirely easy. It is not a good guide.

Eric Conrad - probably the closest questions to the exam with very well chosen questions BUT the answer choices are too easy. In the Conrad book and accompanying online practice exam, the four choices contain too many "obviously wrong" answers. This is the same complaint I had with the Sybex official answers, where you can find the correct answer by eliminating the obviously wrong ones. The real exam is not that easy. In my exam, I often found it hard to choose the correct answer because 3 or even 4 answers were plausibly correct. However, in general, the type and style of Conrad’s questions are close to the real thing. Conrad's questions are on his publisher's website which is here: (but needs flash so might not work on mobiles)

Finally, a quick tip: Do the CISM! I passed that exam several weeks ago. I wasn't planning on doing it but someone pointed out that it's very similar to CISSP but less technical. I spent about a week preparing for it because the content is so similar to CISSP. The exam is not difficult if you know the non-technical bits of CISSP. Passing the CISM really destressed me because it took the pressure off the forthcoming CISSP exam. I felt that if I failed the CISSP it would still be ok because I already got the CISM! I wrote about my CISM experience here:

Overall CISSP exam experience day was stressful. The exam is tough and I really thought I might have failed. I expect I didn't pass by much. Good luck to all who are taking this. And thanks to the many people who freely give their time to help others on this site. Your help and advice was part of the reason I passed.


  • mikey88mikey88 CISSP, CySA+, Security+, Network+ and others Member Posts: 493 ■■■■■■□□□□
    Congratulations on the pass!
    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • NavyMooseCCNANavyMooseCCNA CCNA R&S, ITIL, Security+ ZZ9ZZAMember Posts: 544 ■■■■□□□□□□

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • Adamkathy23Adamkathy23 Member Posts: 9 ■■■□□□□□□□
    Thanks for writing and sharing your experience. I failed couple weeks ago and would use your writeup as reference while i chalk out my strategy before the next attempt. Congratulations on your pass!
  • sameojsameoj Member Posts: 366 ■■■□□□□□□□
  • thaiguy314thaiguy314 Member Posts: 58 ■■■□□□□□□□
    Great write up! You're making me a little more optimistic. I'm reading Eric Conrad right now and using the Sybex test app to reinforce the knowledge. Tried the Cybrary videos but realize I zoned out too much to do videos. actually debated taking CISM but reading your write up on that, I guess I should just get the practice test from ISACA and try it out. Thanks!
    Certs: CISSP, CEH, CCNA Cyber Ops, Security+
  • SteveLavoieSteveLavoie Member Posts: 850 ■■■■■■■■□□
    Congrats and thanks to have taken some time to guide us!
  • olaHaloolaHalo Member Posts: 748 ■■■■□□□□□□
    Good post. How long did you study for it?
  • jimjjimjjimjjimj Member Posts: 17 ■□□□□□□□□□
    olaHalo wrote: »
    Good post. How long did you study for it?

    I started around early to mid August ish but I've been able to be very full on. I could devote a lot of time because my employer let me have quite a bit of time off to study and I used up some annual vacation as well.
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□

    Just a regular observation on technical/non-technical, it is believed that different exam sitters get different shares from different domains which makes sense, you probably got a lot from risk mgmt part, but some day someone may get tons of network & comm security or crypto. Sometimes they whine here about being told that exam wasn't that technical but they failed because it was too technical for them.
  • mritorto2mritorto2 Member Posts: 61 ■■■□□□□□□□
    what did you get on the practice sybex exams
  • jimjjimjjimjjimj Member Posts: 17 ■□□□□□□□□□
    mritorto2 wrote: »
    what did you get on the practice sybex exams

    For the two final 250 question practice exams, 78 and 80%. I didn't really keep track on the other sybex questions but they were probably in the same ballpark
  • mritorto2mritorto2 Member Posts: 61 ■■■□□□□□□□
    do you think one could study for ceh and cissp at same time
  • GeekyChickGeekyChick CISSP, CEH, CCNA, Sec+, Splunk Member Posts: 317 ■■■■□□□□□□
    Congratulations on your pass! Thanks for posting. I just bought 2 books to start studying for it and the books are so big I don't even know where to start. Did you do practice exams before studying to get a baseline on where you were so you know where to start studying?
  • IntrusionNewbIntrusionNewb Registered Users Posts: 21 ■■□□□□□□□□
    Congrats on the pass. Thanks for the details.
  • jimjjimjjimjjimj Member Posts: 17 ■□□□□□□□□□
    GeekyChick wrote: »
    Congratulations on your pass! Thanks for posting. I just bought 2 books to start studying for it and the books are so big I don't even know where to start. Did you do practice exams before studying to get a baseline on where you were so you know where to start studying?

    Yes because that's how the official sybex book starts - by giving a bunch of questions. But I didn't do very well and felt a bit deflated so i didn't even track score (i knew it wasn't good). I felt like such a beginner that I just sent straight into videos.

    I also bought a big book to start (Sybex) but soon decided to watch the cybrary videos instead. I also listened the dated but still excellent mp3 talks from shon harris.
    A short while later, someone told me about safaribooksonline and the simple cissp audiobook and I wish I had known earlier.
    And I should have used Conrad much earlier too because he's so much easier to read and understand. And he covers all the necessary ground.

    Looking back, with the benefit of hindsight, I would have done this instead

    - watch cybrary (free)
    - watch David miller and Sari Greene on safaribooksonline (just pay for a one month subscription, although you can get a one week free trial)
    - read Conrad study guide
    - listen to Simple CISSP audiobook on commute to work.

    ... And then just repeat. I don't think I needed anything else. Perhaps the Sybex official app to do tests was fairly useful but I'm not sure I could recommend any other resources behind the ones above.
  • MIMEMIME Member Posts: 36 ■■□□□□□□□□
    This is great information. Thank you so so much for all of this detailed information and reasoning behind why you suggest which methods.
Sign In or Register to comment.