CISSP Exam Woes - scored 692

Two areas that tripped me I should have nailed.

In the InfoSec domain they have gotten very into asking long questions about Single Loss Expectancy of an asset. Unfortunately I've not come across many of these types of test questions so I can practice. Does anyone know where I can find some and some rationale about what I should be doing when presented with such a question? It's not as simple a calculation as Asset Value x Exposure Factor = SLE, they are making it more complex.

The other one was Physical Security. I guess I'm looking at this topic the wrong way. I remember one of the questions vaguely, which I assume I got wrong. When discussing the concerns of a company who have two offices connected by an unprotected single line of communication in an urban environment, is the company more greatly concerned with eavesdropping or both sites being affected by the same disaster? I put the former and now see that the latter answer may be the greater issue. I can't remember the other 2 options.

Any help and thoughts appreciated.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

LarryDaMan

692! You just missed it, now you know what to expect and what to brush up on. Go for a retake soon!

I take the exam in 6 1/2 days. After 2 1/2 months of reading 3 complete books (skimmed others) and some NIST docs, watching 35+ hours of CBT, taking 3200 different practice questions, googling and wikiing about 50 topics, and scouring a few different forums... I still don't feel fully confident, but I have hit a wall. I just want to take it and be done with it, I am not even worried about passing or failing... I'm numb

JDMurray

Ugh, I am very sorry to hear that. I now know so many people that have failed with a 690 or higher. The conventional wisdom is to take the test again ASAP after studying your weak areas. Can you sign up for a November or December exam session?

With regards to to ARO/SLE, have you searched through every posting on www.cccure.org and read all of their discussions? This is definitely one thing I'll be doing a few days before the exam. They also have good postings on physical security that emphasize details like, "Preservation of human life is the primary goal," and how budget and operations concerns affect security. And avoid any CISSP prep material that is more than three years old.

I am finding that it is as important to develop tactics for tackling the exam questions as it is to understand the exam question's content. I'm developing a "meet-in-the-middle attack" where I attempt to first deduce the correct answer and then attempt to eliminate the incorrect answers. You may not full understand the material covered by a question, but you can certainly narrow your chances to 50/50.

For you own sanity, it's also important to remember that 25 of the exam questions are for research and do not count towards the final score. It's likely that research questions will cover material that you didn't think to study or study well. If I get a detailed question on CoBIT, ITIL, or quantum crypto I'll try to keep this in mind and not freak out.

LarryDaMan wrote:

I still don't feel fully confident, but I have hit a wall. I just want to take it and be done with it, I am not even worried about passing or failing... I'm numb

I'm still in panic mode (I find this very motivating), but I do expect by the time my exam comes around next month I'll feel exactly the same way. Sort of like a woman who is sick of being pregnant and just wants to get the birth over with. Nature is interesting in that way.

cashew

JDMurray wrote:

And avoid any CISSP prep material that is more than three years old.

I've used the AIO 4th edition (2007). I like it alot, especially if you are new to InfoSec. Clement from CCCure.org mentioned in the forums he was proof reading the 5th edition for Shon, which is due out 1st quarter of 2009. I also read the most recent official book from amazon (Tipon and Henry 2006). Typical study recommendations I've heard is to read the official book and reference the AIO for a more detailed explaination when needed.

One thing that has helped me alot is making flash cards for each domain as I read. Any info that I feel is relevant, or might understand for that second but may forget in a few weeks (ie your SLE question). When doing my MCSE and Sec+, I was able to just read the book and make it through. However, there is so much more material to this one that you really need to go that extra mile to make sure you're ready.

I know it's extra work, but I would rather study my butt off for 3 months than study for a half assed 3 months then have to retake it. One Question though, did you feel like you passed it when you were done? Rumor has it, you think you failed you pass, you think you passed you fail.

Good luck on round two, keep us posted!

LarryDaMan

Great you had to bump the "CISSP Exam Woes - scored 692" thread to the front page when I could see it.

You could have waited until I went to bed.

Waiting for these results is killer, but I think getting a 690-699 would be especially painful. Frankly if I have to fail, I'd rather take a 600 and go back to the drawing board, but I have my fingers crossed for a pass.

cashew

I timed it perfectly just for you. Get some sleep and make sure to consume carbs for breakfast. Gotta utiliza that brain power 100%!!!

LarryDaMan

cashew wrote:

I timed it perfectly just for you. Get some sleep and make sure to consume carbs for breakfast. Gotta utiliza that brain power 100%!!!

Nah, I took the test 2 days ago.... no brain power left.

JDMurray

cashew wrote:

Typical study recommendations I've heard is to read the official book and reference the AIO for a more detailed explaination when needed.

I recommend just the opposite. AIO gives you a good conceptual background on the information in the CBK domains and it is very readable. Using the far less readable OIG as your primary CISSP study book is more difficult. I read AIO first and now I'm skimming through OIG to find the extra stuff it has that AIO doesn't cover. The practice exams in the back of both books are good study exercise too.

And Larry, go back to bed!

cashew

JDMurray wrote:

cashew wrote:

Typical study recommendations I've heard is to read the official book and reference the AIO for a more detailed explaination when needed.

I recommend just the opposite. AIO gives you a good conceptual background on the information in the CBK domains and it is very readable. Using the far less readable OIG as your primary CISSP study book is more difficult. I read AIO first and now I'm skimming through OIG to find the extra stuff it has that AIO doesn't cover. The practice exams in the back of both books are good study exercise too.

And Larry, go back to bed!

Don't listen Larry, get liquored up and you'll remember all 10 domains ten fold!

down77

Keep your chin up! You did a great job on the exam even though you did not achieve a passing score this go around. I would tend to agree that the AIO is a great conceptual guide with the OIG filling in the gaps... I have even read parts of the Sybex 3rd edition to clarify certain sections. I will be using the Shon Harris 2007 CBTs for a "boot camp" style attack the last week before the exam as part of an exhaustive review (which includes daily quizzes starting 21 days out).

Immerse yourself in the material once again and especially review the domains that you received the lowest score on. The plan of attack I have been using so far is to not only read the theory but to also present the material to various groups (parts of all 10 domains) to help in the mastery of topics.

Once again a 692 is a respectible score... to me it shows you have what it takes especially being so close.

cashew

I'm excited for you.....how did it go????