Options
4th try and passed new CISSP CAT exam!
agreenwood
Registered Users Posts: 4 ■□□□□□□□□□
in CISSP
LOOOONG time lurker here. try 2 years lurker. 
I wanted to share my experience with everyone and offer my insights into this beast of an exam. I also wanted to thank everyone here for their invaluable feedback regarding best ways to prepare for this exam. you don't know how much you've helped prepare me for today.
I have been in IT for 10 years. started out as a network admin, moved up into an IT director role, and then into my current role as senior information security analyst. the only cert I had up to this point was the CCNA security and an expired CCNA. For starters, yes, I failed this exam 3 times before passing. first time I got a 637. second time a 692, and third time 696. the 696 was painful. I was discouraged for a few weeks after that fail. this was the original 250 question, 6 hour grind.
Here's where I went wrong. I studied max, 2-3 weeks each time. I simply did not commit the time necessary to learn concepts and really digest everything properly. I was always the type of test taker who who wait until day before and study or weekend before when in college. this approach did not work favorably in to my approach to tackling the CISSP.
first time using only SYBEX, that's it. 2nd and third time was SYBEX with Kelly Handerhahn's videos and taking only the end of chapter quiz's in SYBEX. again, SYBEX was my only resource.
the 4th time around was quite different. I started studying SYBEX 7th edition again, read it twice, did several of the included exams, and then BAM! CAT exam was introduced. I freaked out a bit but figured hey maybe CAT would be easier (spoiler alert: it wasn't). shortly after CAT was put into motion, they updated the content to include IoT, ABAC, audit doc stuff like SSAE16 / SOC1/SOC2/SOC3, and coding security (XSS, XSRF, SQLi, etc). So I had to buy the SYBEX 8th edition. It's amazing btw.
next I bought the LearnZapp Cissp ISC2 app for my IPhone ($9.99). It was instrumental in helping me gauge how well prepared I was or wasn't for each domain. the CISSP practice app by laurie hocking was very helpful too. another resource I used was Luke Ahmed's studynotesandtheory.com. I paid for 2 months membership to get the most of the content offered on his site. I studied for 3 months total using all these resources, primarily. I also watched various youtube videos on kerberos, saml, everything federation, etc.
ok, now on to the good stuff that you guys really want to know. what was the exam like? my exam was scheduled for 5pm. odd I know. I got there 1 hour early and they let me sit for it shortly after I arrived which was nice. With CAT, you cannot go back to review your answers. that was....an adjustment. sometimes I could find answers to later questions using this method in the old exam
first impressions: this is gonna be a tough test.
I got questions on Crypto, Vulnerability and Pentesting, Security Audits, SDLC, BCP/DRP, RBAC/MAC/DAC/ABAC and Incident Response. There were almost always 2 answers I could immediately rule out. I would literally draw 4 circles on my laminated sheet and check off those I knew were incorrect. this helped me out a lot since you can't exactly do that on the computer screen
make it to question 100, then 101. exam does not stop. I start to wonder if I am still on track for passing or what this means.
I proceed to answer each question and the exam stops at 150. it hangs for a while and I go to get my printout. I notice it's only one sheet. I don't get excited just yet and wait until the proctor hands me the sheet. I glance at it and notice "Congratulations!" I absolutely couldn't believe it. I had finally done it.
So how was the exam you might ask? the CAT was harder for me personally. I only felt like maybe 15-30 questions I could answer from SYBEX, and the rest you went with your gut as a manager and I pulled from experience. It was dang hard but if you study SYBEX and get some supplemental testing/quizzing resources you'll nail this thing.
I hope this helps someone out there. until next time, best of luck everyone on your journey to the CISSP!
~ a. greenwood
I wanted to share my experience with everyone and offer my insights into this beast of an exam. I also wanted to thank everyone here for their invaluable feedback regarding best ways to prepare for this exam. you don't know how much you've helped prepare me for today.I have been in IT for 10 years. started out as a network admin, moved up into an IT director role, and then into my current role as senior information security analyst. the only cert I had up to this point was the CCNA security and an expired CCNA. For starters, yes, I failed this exam 3 times before passing. first time I got a 637. second time a 692, and third time 696. the 696 was painful. I was discouraged for a few weeks after that fail. this was the original 250 question, 6 hour grind.
Here's where I went wrong. I studied max, 2-3 weeks each time. I simply did not commit the time necessary to learn concepts and really digest everything properly. I was always the type of test taker who who wait until day before and study or weekend before when in college. this approach did not work favorably in to my approach to tackling the CISSP.
first time using only SYBEX, that's it. 2nd and third time was SYBEX with Kelly Handerhahn's videos and taking only the end of chapter quiz's in SYBEX. again, SYBEX was my only resource.
the 4th time around was quite different. I started studying SYBEX 7th edition again, read it twice, did several of the included exams, and then BAM! CAT exam was introduced. I freaked out a bit but figured hey maybe CAT would be easier (spoiler alert: it wasn't). shortly after CAT was put into motion, they updated the content to include IoT, ABAC, audit doc stuff like SSAE16 / SOC1/SOC2/SOC3, and coding security (XSS, XSRF, SQLi, etc). So I had to buy the SYBEX 8th edition. It's amazing btw.
next I bought the LearnZapp Cissp ISC2 app for my IPhone ($9.99). It was instrumental in helping me gauge how well prepared I was or wasn't for each domain. the CISSP practice app by laurie hocking was very helpful too. another resource I used was Luke Ahmed's studynotesandtheory.com. I paid for 2 months membership to get the most of the content offered on his site. I studied for 3 months total using all these resources, primarily. I also watched various youtube videos on kerberos, saml, everything federation, etc.
ok, now on to the good stuff that you guys really want to know. what was the exam like? my exam was scheduled for 5pm. odd I know. I got there 1 hour early and they let me sit for it shortly after I arrived which was nice. With CAT, you cannot go back to review your answers. that was....an adjustment. sometimes I could find answers to later questions using this method in the old exam
first impressions: this is gonna be a tough test.I got questions on Crypto, Vulnerability and Pentesting, Security Audits, SDLC, BCP/DRP, RBAC/MAC/DAC/ABAC and Incident Response. There were almost always 2 answers I could immediately rule out. I would literally draw 4 circles on my laminated sheet and check off those I knew were incorrect. this helped me out a lot since you can't exactly do that on the computer screen
make it to question 100, then 101. exam does not stop. I start to wonder if I am still on track for passing or what this means.
I proceed to answer each question and the exam stops at 150. it hangs for a while and I go to get my printout. I notice it's only one sheet. I don't get excited just yet and wait until the proctor hands me the sheet. I glance at it and notice "Congratulations!" I absolutely couldn't believe it. I had finally done it.
So how was the exam you might ask? the CAT was harder for me personally. I only felt like maybe 15-30 questions I could answer from SYBEX, and the rest you went with your gut as a manager and I pulled from experience. It was dang hard but if you study SYBEX and get some supplemental testing/quizzing resources you'll nail this thing.
I hope this helps someone out there. until next time, best of luck everyone on your journey to the CISSP!
~ a. greenwood
Comments
-
Optionsjosephandre
Member Posts: 315 ■■■■□□□□□□
congratulations man!
That's some real persistence and it's impressive. Especially because as it seems, you've progressed very nicely in your career already so it doesn't seem like it was a NEED. Just persistence and determination. Good job -
Options
anthonx
Member Posts: 109 ■■■□□□□□□□
Congratulations!
Another inspiring story, especially from someone who persisted after 3 previous failed attempts. So Sybex 8th edition covers all the topics you mentioned? Crypto, Vulnerability and Pentesting, Security Audits, SDLC, BCP/DRP, RBAC/MAC/DAC/ABAC and Incident Response. Thanks again for your insights.AnthonX -
Optionssmcmahan309
Registered Users Posts: 4 ■□□□□□□□□□
Congratulations! Good to see your persistence pay off.
-
Optionsagreenwood
Registered Users Posts: 4 ■□□□□□□□□□
thanks guys. @anthonx I would say yes, Sybex 8th edition covers all these topics quite well. there are others I remember now that my head is more clear. some questions on OSI, change and config management, and WIFI (WEP, WPA, TKIP, 802.11x). All of these were well addressed in both 7th and Sybex 8th edition. you could honestly get by with the 7th edition I think, but it's good to have the additional content to review in the 8th. I just bought mine from google play and read the digital version.
I'll be honest, nothing was clear cut. the questions were largely scenario driven. I also received 4 drag and drop questions. If you know the concepts, regardless of how weird they word the questions, you should be able to weed out the incorrect answers. -
Options
Info_Sec_Wannabe
Member Posts: 428 ■■■■□□□□□□
Congrats on the pass and most definitely on not giving up!
X year plan: (20XX) OSCP [ ], CCSP [ ] -
Options
E Double U
Member Posts: 2,229 ■■■■■■■■■■
Way to stick in there. Congratulations!Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
Optionsagreenwood
Registered Users Posts: 4 ■□□□□□□□□□
thanks for the kind words everyone! I tried posting a quick reply yesterday and it never came through. I'm going to try again now and see if this cooperates. could be the mod hasn't approved it yet
-
Optionsagreenwood
Registered Users Posts: 4 ■□□□□□□□□□
nm, I see the post came through. probably needed to refresh my browser. anywho, I'm happy to answer any questions if you guys have anything specific you'd like to know more about. just let me know
-
Optionsmattster79
Member Posts: 135 ■■□□□□□□□□
Fair play for sticking at it.
I know a fair few people who crumbled and gave up after failing once!!
Massive congratulations!CISSP
CISM -
Optionsaliasilyas
Member Posts: 11 ■■□□□□□□□□
Well done!!
You inspire me not to give up and try to beat the beast -
Options
averageguy72
Member Posts: 323 ■■■■□□□□□□
Congrats! Way to stick with it!CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner -
Optionsgchild00
Member Posts: 17 ■■■□□□□□□□
Thank you so much for posting your experience. I've been grinding through it and some times I feel like giving up and asking myself if it's even worth it. You're post has given me motivation to keep trucking! I need to find a way to change my motivation into a drive!!! Thanks again for the post and congratulations!
