CyberCop's CISSP blog - PASSED

CyberCop123

shochan wrote: »

Maybe this will give you some motivation - https://www.youtube.com/watch?v=whEWE6WC1Ew

Haha, I've seen that before, always makes me laugh!

Is it really like that when you're CISSP certified?

shochan

I have no idea...I haven't reached that plateau.

Perhaps some CISSPers will chime in...lol

PC509

CyberCop123 wrote: »

Is it really like that when you're CISSP certified?

Yes, it is. It's the same video I showed my boss when I ascended.

I had a few false starts, but once I booked the exam, I took ~2.5 months to just study. Listened to Kelly's MP3's, read the Sybex book, did the Boson practice tests. There were times where I felt everything I was reading or hearing was just review. I moved on from my strong points and focused on my weaker points and focused on those. I think that's a good approach.

Good luck! You'll do it and you'll post about your success!

COBOL_DOS_ERA

That Video is funny like helll!!! gotta show this video to few of my colleagues.

CyberCop123

Thanks everyone.

Well there's 70 days till exam. I'm listening to mp3s and doing 60-90 minutes reading per day.

However I have also booked 8 days off between now and 20th December. I will do 3-4 hours on those days off

This includes 5 days leave in early December so that's a nice solid chunk of work on learning.

Tonight I covered Arcnet, Token Ring, FDDI, Frame Relay, X.25, MPLS and converged protocols like DNP3, FCoE and iSCSI

I'm fairly technical and decent with networking but hadn't heard of most of this. That's what is surprising. Even my strong points are exposed on this exam!

vCISO2017

There's no way stuff like Token Ring, frame relay and X.25 should be on a CISSP exam - brings me back to my CCIE days in 2001 decoding RIF tokens. You're best served coming up a level or two for this exam IMO.

CyberCop123

vCISO2017 wrote: »

There's no way stuff like Token Ring, frame relay and X.25 should be on a CISSP exam - brings me back to my CCIE days in 2001 decoding RIF tokens. You're best served coming up a level or two for this exam IMO.

Not sure what you mean...

The book goes over it, the podcasts do, and so do the test questions. I feel a bit uncomfortable ignoring content which is continually in my face

CyberCop123

TEST ONE

68 Days from Exam Date
Every Saturday Morning I am doing 100 BOSON Questions

WEEK ONE: 67%



Quite happy with that as I've only just started studying again. Annoyed with Domain 4 (Network Security) which I've been covering all week. Got 78% on that.

Domain 8 - Software Development I haven't studied at all so no surprise I failed that badly
Domain 5 - Identity and Access Management - should do better there.

I will now move from Domain 4 (networks) to Domain 5 (Identity and Access Management)

CyberCop123

67 Days to go


Annoying, thought I was all happy with Domain 4 (networks). Did 20 Sybex Questions this morning and got half of them wrong, 10/20! So frustrating.

I'm going to move on anyway as I can't re-read the exact same text at this moment in time. I need to look at fresh material and maybe in a month go back over the chapters that I'm weak on.

shochan

Yeah, I'm in the same boat with Linux+ right now...I don't expect to pass this beta exam, but I have to attempt it.

PeterHands

I'm almost through my 1st run through on the Sybex book. Domain 8 this week to complete, then the 2nd run through I suppose.

I'm understanding the concepts, but retaining the concepts is my problem.....So when I go back later, ive forgotten alot. BCP is bugging me alot tbh and the formulae for SLE etc...

CyberCop123

shochan wrote: »

Yeah, I'm in the same boat with Linux+ right now...I don't expect to pass this beta exam, but I have to attempt it.

Good Luck with that. At least with Linux+ and those kind of certs, you can go hands-on and dive right in rather than just reading about it.

PeterHands wrote: »

I'm almost through my 1st run through on the Sybex book. Domain 8 this week to complete, then the 2nd run through I suppose.


I'm understanding the concepts, but retaining the concepts is my problem.....So when I go back later, ive forgotten alot. BCP is bugging me alot tbh and the formulae for SLE etc...

Yes exactly the same as me in both respects. I can understand but quickly forget. The amount of acronyms is ridiculous, sometimes for stupid stupid things.

The issue with the Sybex Questions is it covers material and things that are not in the Eric Conrad book (which I just switched over to). So I'm not sure how critical it is to know some of the material.

vCISO2017

Hi,
Sorry for the delay in responding - the Cybersecurity company I work in has several CISSP's and they advised me as part of my ISC2 CCSP prep to not go into the weeds of specific topics rather have an overarching knowledge of the domains and keen ability to read and understand what is being asked in the questions. This worked for me hence the advice.

CyberCop123

vCISO2017 wrote: »

Hi,
Sorry for the delay in responding - the Cybersecurity company I work in has several CISSP's and they advised me as part of my ISC2 CCSP prep to not go into the weeds of specific topics rather have an overarching knowledge of the domains and keen ability to read and understand what is being asked in the questions. This worked for me hence the advice.

Thanks for explaining that, interesting to have your take on things. I can see your point, the more questions I do, and the more I get wrong I am starting to understand more about reading it in a different way.

CyberCop123

UPDATE

Confidence Rating: 42.74%
Days until Exam: 65

I have completely finished Domain 4 (networks and security) (NOTE: I am not studying domains in order). Some of the concepts are much clearer in my head, and I'm finding that listening to the MP3s repeatedly is helping. For example, I listen to the MP3s, read the book, listen again in the car ... do questions... find weak areas, listen again. It is helping to gradually learn the material.

I've nearly finished Domain 5 (Identity Management) and will then start Domain 6.

I just did 30 questions on Domain 5 and got 20/30 correct (not great...). I am finding the Eric Conrad book misses a fair amount out compared to the sybex book. I'm not sure if I'm missing key information or if it's good that I am not looking at unnecessary things... I think th

I am struggling with the sheer amount of acronyms still, and all the continual different technologies they are throwing at me.

My head is a mess thinking about:

• PAP
• CHAP
• RADIUS
• TACACS and TACACS+
• DIAMETER
• SEASAME
• KERBEROS
• LDAP
• PPP
• EAP, LEAP, PEAP
• SLIP
• PPTP
• L2TP
• IPSEC

Etc.... the list goes on. I find it easy to get confused by which are VPN protocols, which is authentication, and just remembering where each of them sits. Also do they use TCP/UDP... are they good or bad... do they encrypt it all, or just some... it's messing completely with my head.

The test questions are helping though as I remember quite well what I get wrong in a question, so I'm doing between 20-40 questions per night. Usually 20 from a previous chapter, and 20 from the new one.

I am off work on Thursday - that is my first "study day". Hoping to do 4 solid hours. Saturday I will do another 100 BOSON questions.

kurtkobaindt

I was failed in CISSP exam in Mar 14, 2018. Exam tips : maintain your time, if the exam didn't stop after 100 questions, you must try harder to finish the 50 questions left. The new exam will test you on specific domain until it moves forward to another domain. I was weak in SDLC, Asset Security and Communication & Network Security.

Henry.net

Great to find this thread, our situations are extremly similar, just found myself nodding along as I was reading your updates.

I'm also from the UK, doing about 3 hours a day on weekdays (reading on my commute to and from work and a little when I get home)

Today Ive felt a bit burnt out not had much motivation to pick up my kindle but I am slowly getting there, also planning to sit in December either the 1st or the 15th.

I'm doing Sybex and the practice questions, planning yo start with Cybrary tonight now Im about half way through the book. Will serve as a reminder and a mental break.

MickyDee

Cybercop and Henry.net, I am right there with you. I have a good grasp on the bulk of the domains, but Domain 3, 4 and 8 are just not my cup of tea and I have to trudge along to try to grasp them. I have the CASP, so a lot of the info is familiar, but it's still a different beast.

G11

hi all,

i am new to this forum and came across this awesome thread.
its just what i was looking for guidance on studying CISSP.

i started studying for this exam in Sept and had my exam scheduled for Nov 17th.
but yesterday i rescheduled my exam to Dec 26th.

i need to read the books multiple times to retain this stuff.
understanding is easy but retaining the terms etc makes it daunting.

Currently i am studying from Sybex 8th ed & Conrad 3rd ed and watching Kelly's videos.
I am also doing CCCure quiz engine.

Would like to know if is it worth investing time on CCCure quizzes ?
has anyone used CCCure or is BOSON better than CCCure?

Thanks

CyberCop123

Will reply to you all properly later, or tomorrow morning. Very tired today from work. I have tomorrow off as a leave day to try to do 4+ hours of studying.

I did 40 minutes tonight just finishing off Domain 5. I did 30 Sybex Questions and got 50% right. So frustrating. But the issue I think is that I am reading the Conrad book, but doing the Sybex questions which cover a different, more comprehensive set of information.

I won't change my approach, but will just spend more time reading the answers I got wrong. It's just very demoralising to read and study hard and then mark my answers at the end as "WRONG.... WRONG.... WRONG.... WRONG..." etc...

Thanks again, will respond tomorrow properly when I'm more energetic and upbeat.

Visionary

Hi mate.
I am also in the same boat. Been going thru videos, books notes, etc.
Just finished final read of the Sybex. Have to move onto to focus on weak areas. How do you find the Boson questions ?

I am now looking into going thru a lot of practice questions to iron out my concepts.

Does booking an exam in advance help ?

Henry.net

I'm on page 555 of 1000 in the official CISSP study guide and still on domain 3 >_>

I find it particularly boring, the whole of chapter 9 about engineering models I just couldn't wait until it was over.

CyberCop123

kurtkobaindt wrote: »

I was failed in CISSP exam in Mar 14, 2018. Exam tips : maintain your time, if the exam didn't stop after 100 questions, you must try harder to finish the 50 questions left. The new exam will test you on specific domain until it moves forward to another domain. I was weak in SDLC, Asset Security and Communication & Network Security.

Thanks for the tips kurtkobaindt, appreciate that.

Henry.net wrote: »

Great to find this thread, our situations are extremly similar, just found myself nodding along as I was reading your updates.


I'm also from the UK, doing about 3 hours a day on weekdays (reading on my commute to and from work and a little when I get home)


Today Ive felt a bit burnt out not had much motivation to pick up my kindle but I am slowly getting there, also planning to sit in December either the 1st or the 15th.


I'm doing Sybex and the practice questions, planning yo start with Cybrary tonight now Im about half way through the book. Will serve as a reminder and a mental break.

Yes very similar situations! That's a lot of studying you're doing. I've taken today off work and honestly struggled to complete 3 hours worth. There are some chapters within the Sybex and Conrad books that just waffle on about nothing. For example, "Change Management" where for about 3 paragraphs it goes on about what change is. Also the Incident Response section in the Conrad book was really poor.

Either way, it's a real slog, I've got 63 days left until my exam. When I'm reading my book I feel like I'm not far off being ready, but then I do some test questions and get about half of them wrong!

MickyDee wrote: »

Cybercop and Henry.net, I am right there with you. I have a good grasp on the bulk of the domains, but Domain 3, 4 and 8 are just not my cup of tea and I have to trudge along to try to grasp them. I have the CASP, so a lot of the info is familiar, but it's still a different beast.

Good that you know your weak areas though! I've found YouTube to be good for weak areas, as you can watch 2-3 videos on one thing and really get a good grasp of it.

G11 wrote: »

understanding is easy but retaining the terms etc makes it daunting.

has anyone used CCCure or is BOSON better than CCCure?

Agree entirely. I understand 99% of it, but retaining it is so difficult. The test questions I really think are key in terms of getting into the mindset of what they want.

I've done about 150 of them now and I've started to recognise which answer is right when I haven't known for sure. I've just known from the context and due to the way the questions work.

I've only used BOSON. I have heard they are the hardest but when you get 80% you are ready for exam. I can't say about CCCure.

Visionary wrote: »

Hi mate.
I am also in the same boat. Been going thru videos, books notes, etc.
Just finished final read of the Sybex. Have to move onto to focus on weak areas. How do you find the Boson questions ?


I am now looking into going thru a lot of practice questions to iron out my concepts.


Does booking an exam in advance help ?

In my own view, yes booking exam does help. I had to do it, or else I would just drift through the next few months whilst mumbling "I will do the exam at some point". Get it booked in, and give yourself a real target to aim for is my view.

BOSON - I've only done 100 of the questions so far. I've scheduled in to do 100 random questions every Saturday. Hopefully so that I can see my scores gradually creep up.

The great thing about BOSON is that you get a full breakdown of your weak areas. It gives you a graph of where you are weak and poor. The explanations are fairly good too.

Henry.net wrote: »

I'm on page 555 of 1000 in the official CISSP study guide and still on domain 3 >_>


I find it particularly boring, the whole of chapter 9 about engineering models I just couldn't wait until it was over.

Good luck Henry - I know what you mean about it being boring. Try jumping to another domain later in the book maybe? You don't have to go in order necessarily.

CyberCop123

Been a difficult week as I've not been sleeping much and been really really busy with normal work which resulted in me working late two nights. I don't have much free time today but tomorrow I should be able to fully finish Domain 7 (Security Operations).

That means I will have finished Domains 4, 5, 6 and 7.

I just finished 100 random BOSON questions and got 63% - this did not include any questions from Domain 2 or Domain 6... I think because I've got lots of them right before and they've been filtered out.

However, in Domain 3 I got 44% right and in Domain 8 I got 50% right. So two really weak areas there. I will probably go over them two in the next two weeks.

I'm tempted to bring my exam date forward a bit, maybe to early December. I've got some studying to do for a work thing that needs a lot of attention and the way things are going I think I may burn out if I do this for 60 days more!

Confidence Rating: 46.711%
Days until Exam: 61

---

WEEK 1 Boson Test Results: 67%
WEEK 2 Boson Test Results: 63%

---

cshkuru

I am going to make a suggestion here that may seem counter intuitive but dial back the studying a bit. Lot's of studies show that deep learning takes place when your mind is engaged in less stress activities and when sleeping. Don't skimp on sleep for studying. I would say take at least one day per week where you dont do any studying at all and just relax give your mind a chance to process all the information you are taking in.

CyberCop123

cshkuru wrote: »

I am going to make a suggestion here that may seem counter intuitive but dial back the studying a bit. Lot's of studies show that deep learning takes place when your mind is engaged in less stress activities and when sleeping. Don't skimp on sleep for studying. I would say take at least one day per week where you dont do any studying at all and just relax give your mind a chance to process all the information you are taking in.

I think that's a good point. I think cramming is a bad idea and trying to squeeze too much in is a bad idea. I'm not doing any CISSP studies Monday/Tuesday (other than MP3s on the way to work) as I am busy those days.

I've gone through Domain 4, 5, and 6 in about two weeks but they were quite short and I was very familiar with the material

Domain 7 has taken about 5 days.

The other domains will probably get about one week each until I fully understand it.

I will then re-do some parts of them where I feel I need to understand more about the topic

Visionary

I am having a hard time getting D3 concepts, mostly because i am fairly new to cryptography. So many algos and methods to keep track of and remember. Did you find an easy way to read D3 from another book than Sybex ?

CyberCop123

Visionary wrote: »

I am having a hard time getting D3 concepts, mostly because i am fairly new to cryptography. So many algos and methods to keep track of and remember. Did you find an easy way to read D3 from another book than Sybex ?

Hi Visionary,

The first time round I stuck to Sybex. This time round I am reading the Eric Conrad book so I will see how the two compare.

If you're having a hard time then I would maybe try a smaller book which focuses on the main/more testable algorithms and concepts. I say this with caution though, and I'm not saying you just ignore parts of domains you struggle with.

However, I do think if you're struggling and struggling to get a certain subject then it can sometimes be justified to concentrate on the key areas, and then focus on other domains as well.

Also, I found some videos on YouTube helped, a search for "Assymettric vs Symmetric", or "PKI explained", etc... can bring up some helpful videos.

Good Luck!

CyberCop123

UPDATE

As planned, I didn't do any work on CISSP on Monday or Tuesday due to work. But I also didn't do any last night, was just too tired.

Today (Thursday) I booked off work for a Study Day. I'm quickly finding that the idea of this is way better than the reality. For example, I have visions of me studying for 6 hours. In actual fact, I find it very difficult to concentrate, and I get easily distracted. I think studying in the evenings after work I am more productive. I may have to re-evaluate my approach.

I've read through and made notes on Domain 8. It's a technical domain all about Software Development and Testing. Despite being a technical person, with some decent programming/Database experience, I still struggled with so many terms and definitions. Either way, I have finished that chapter.

I will go over the same concepts on Friday, Saturday and Sunday.

Next week is a big week as I will start on Cryptography. I am looking forward to this as I spent lots of time on it earlier in the year, so I'm hoping I can learn it quickly and deeply. I would like to get a solid understanding of it to get some guaranteed marks.

....

I spent some parts of the week considering whether to bring my exam forward or not. I'm still contemplating it. I will see how my Boson questions go. I am doing 100 of them each week. So if they get better, and up to about 80% I will do the exam in early December.


Confidence Rating: 53.92%
Days until Exam: 56 days (8 Weeks)

CyberCop123

UPDATE

Been a bit of an unproductive work and not done nearly as much studying as I wanted. I've still been listening to MP3s in the car but I feel I've wasted this week as I've only done a total of about 5 hours study. Nowhere near as much as I wanted to do.

Yesterday, I did my weekly 100 BOSON questions and got a poor 62%.

One really great thing about Boson is the breakdown it gives you, saying how many questions on each domain you got right/wrong.

My poor areas are:

Domain 1 - Security and Risk Management - 16 questions, 50% right (not too worried as I haven't gone over this domain yet)
Domain 5 - Identity and Access Management - 11 Questions - 55% right (worrying as I have covered this domain!!!!)
Domain 7 - Security Operations - 16 Questions - 62% right (also worrying as I have covered this domain as well!!)

My Plans for the week

Today (Sunday), I'm going to try to do 2-3 hours work. I'm going to re-read Domain 5, possibly using another CISSP book which goes into more detail and will be fresh content for me.

Will also go over Domain 7 too

Will do some flash cards for both Domains, maybe some posters for the wall so I see them regularly and learn the content.

May check out the CISSP videos by Larry (forgot his surname)

Next week I will start with Domain 1 (Security and Risk Management). I'm Working from Home on Tuesday, but I'm hoping to squeeze in 1-2 hours CISSP and maybe some after I finish working.


Confidence Rating: 55.2%
Days until Exam: 53 days (7.5 Weeks)