Options
CISSP Passed Aug 13, 2018
Passed this exam on 08/13/2018. This was one of the hardest exam I've taken. I gave myself a 50/50 pass rate at the end. This is what you should expect. Anything less means their test engine didn't do it's job.
A little history: I have over 20 years experience. Started out with PC Repair, moved to Novell Netware, Windows NT 4.0, and then Cisco where I've been for the past 15 or so years. Started learning 1s and 0s long before risk/threat/vulnerability. So I was a techie at heart and enjoy doing it. Decided not to limit myself and take on this beast. Started by listening to Kelly Handerhan and Larry Greenblatt getting into the CISSP mind set. Their advice was golden. This was perhaps one of the best thing I could of done.
The material I used should not shock anyone. It's the usual suspect.
Kelly Handerhan Cybrary CISSP (One of the best resource available)
Larry Greenblatt (his explanation and incite were very helpful)
Sybex 8th Edition (Read cover to cover and my primary study material)
Sybex Offical Practice 2nd Edition (Went though it a few times to see my weak areas)
Shon Harris AIO 7th Edition (Used it as reference, glance through the week before exam)
Shon Harris 4th Edition Practice Test (Found it helpful narrowing down the concepts)
IT Dojo CISSP Practice Questions by Colin Weaver (His explanation was very helpful)
11th Hour CISSP by Eric Conrad (Put everything nicely the weekend before the test)
About the exam. This is an adapted (CAT) exam. You have between 100 - 150 questions and 3 hours to complete. ISC2's CISSP outline shows Software Engineering to only count as 10% (yeah right). I knew about half in details so I figure the other 5% I can take a hit on and/or guess and still do fine. Not how it turned out, not for me anyways.
The test engine did its job perfectly. It knew my weak areas and hit me on that (Software Engineering). I thought it counted for much more than just 10%. So I would NOT take the CISSP exam outline at face value. I didn't get any questions like what is the definition of <<insert item here>>. None of it. All my questions were who/what/when/how/why to apply it and under what condition is BEST/MOST/LEAST with multiple correct answers. Didn’t see any question on which is NOT.
There is usually 2 correct answer and you need to decide which one answers the question. ISC2 lives in a perfect world where everyone gets along. You need to look at each question in terms of the CIA Triad, Defense in depth, separation of duties, least privilege, due care/due diligence, C&A, management acceptance, maintenance, Change Management, securely disposal and so on. And how they relate to one another. And it has to be ethically, support the business, protect human safety, maximize corporate profits, cost justified, senior management approval, and so on. Not what's in the real world or your experience. I had to keep telling myself this is a psychological exam so know what exam you're taking (CISSP). This isn't the Cisco CCNA or the MCSE I'm used to taking. It's a security manager exam. Think of it as an Interview Question for a new CISSP job if you need to. Anything to get into that mind set. They are interviewing you as a potential candidate for CISSP.
You need to know what your weak areas are and focus on that. The test engine will pick up on it and drill you. None of the practice questions were anywhere close to the real exam. It’s useful as reinforcement. Don’t pay too much attention to these score. None of that matter in the real exam. Just focus on the concept.
My final advise to anyone attempting to take this exam:
. Listened to Kelly's Top 10 for passing and Larry Greenblatt advice on taking the CISSP exam on the day of the exam. Several times if possible.
. Get a good night sleep, do not try to cram everything at the last minute. You're need to be at your best on test day.
. Don't lose focus on what's important. It's easy to get caught up. I took my wife and kids to watch Teen Titans the week before the exam and Chuck E. Cheese's on the weekend of the exam (08/11).
. Regardless of the test score, you already passed one way or another.
Good Luck.
A little history: I have over 20 years experience. Started out with PC Repair, moved to Novell Netware, Windows NT 4.0, and then Cisco where I've been for the past 15 or so years. Started learning 1s and 0s long before risk/threat/vulnerability. So I was a techie at heart and enjoy doing it. Decided not to limit myself and take on this beast. Started by listening to Kelly Handerhan and Larry Greenblatt getting into the CISSP mind set. Their advice was golden. This was perhaps one of the best thing I could of done.
The material I used should not shock anyone. It's the usual suspect.
Kelly Handerhan Cybrary CISSP (One of the best resource available)
Larry Greenblatt (his explanation and incite were very helpful)
Sybex 8th Edition (Read cover to cover and my primary study material)
Sybex Offical Practice 2nd Edition (Went though it a few times to see my weak areas)
Shon Harris AIO 7th Edition (Used it as reference, glance through the week before exam)
Shon Harris 4th Edition Practice Test (Found it helpful narrowing down the concepts)
IT Dojo CISSP Practice Questions by Colin Weaver (His explanation was very helpful)
11th Hour CISSP by Eric Conrad (Put everything nicely the weekend before the test)
About the exam. This is an adapted (CAT) exam. You have between 100 - 150 questions and 3 hours to complete. ISC2's CISSP outline shows Software Engineering to only count as 10% (yeah right). I knew about half in details so I figure the other 5% I can take a hit on and/or guess and still do fine. Not how it turned out, not for me anyways.
The test engine did its job perfectly. It knew my weak areas and hit me on that (Software Engineering). I thought it counted for much more than just 10%. So I would NOT take the CISSP exam outline at face value. I didn't get any questions like what is the definition of <<insert item here>>. None of it. All my questions were who/what/when/how/why to apply it and under what condition is BEST/MOST/LEAST with multiple correct answers. Didn’t see any question on which is NOT.There is usually 2 correct answer and you need to decide which one answers the question. ISC2 lives in a perfect world where everyone gets along. You need to look at each question in terms of the CIA Triad, Defense in depth, separation of duties, least privilege, due care/due diligence, C&A, management acceptance, maintenance, Change Management, securely disposal and so on. And how they relate to one another. And it has to be ethically, support the business, protect human safety, maximize corporate profits, cost justified, senior management approval, and so on. Not what's in the real world or your experience. I had to keep telling myself this is a psychological exam so know what exam you're taking (CISSP). This isn't the Cisco CCNA or the MCSE I'm used to taking. It's a security manager exam. Think of it as an Interview Question for a new CISSP job if you need to. Anything to get into that mind set. They are interviewing you as a potential candidate for CISSP.
You need to know what your weak areas are and focus on that. The test engine will pick up on it and drill you. None of the practice questions were anywhere close to the real exam. It’s useful as reinforcement. Don’t pay too much attention to these score. None of that matter in the real exam. Just focus on the concept.
My final advise to anyone attempting to take this exam:
. Listened to Kelly's Top 10 for passing and Larry Greenblatt advice on taking the CISSP exam on the day of the exam. Several times if possible.
. Get a good night sleep, do not try to cram everything at the last minute. You're need to be at your best on test day.
. Don't lose focus on what's important. It's easy to get caught up. I took my wife and kids to watch Teen Titans the week before the exam and Chuck E. Cheese's on the weekend of the exam (08/11).
. Regardless of the test score, you already passed one way or another.
Good Luck.
Comments
-
Options
greeneon
Member Posts: 40 ■■■□□□□□□□
Congratulations and thanks for the great write up! I find it useful. -
Options
Info_Sec_Wannabe
Member Posts: 428 ■■■■□□□□□□
Congrats on the pass!
And I couldn't agree more on the below:There is usually 2 correct answer and you need to decide which one answers the question. ISC2 lives in a perfect world where everyone gets along. You need to look at each question in terms of the CIA Triad, Defense in depth, separation of duties, least privilege, due care/due diligence, C&A, management acceptance, maintenance, Change Management, securely disposal and so on. And how they relate to one another. And it has to be ethically, support the business, protect human safety, maximize corporate profits, cost justified, senior management approval, and so on. Not what's in the real world or your experience.You need to know what your weak areas are and focus on that. The test engine will pick up on it and drill you. None of the practice questions were anywhere close to the real exam. It’s useful as reinforcement. Don’t pay too much attention to these score. None of that matter in the real exam. Just focus on the concept.. Get a good night sleep, do not try to cram everything at the last minute. You're need to be at your best on test day.X year plan: (20XX) OSCP [ ], CCSP [ ]
