CISSP Exam - Passed :: My study plan and comments inside

AtomicfrogAtomicfrog Registered Users Posts: 6 ■□□□□□□□□□
I originally posted this to another message board but never got a response. Most of the discussions there consist of people complaining so I'm reposting here in hopes of a more intelligent discussion.

So I received my notification today and passed the exam portion. My endorsement and experience documents are already completed and will be submitted next week.

Exam taken on Oct 28th.
Notification of passing email received on Nov 22.
Documentation Submitted on Nov 28.
Confirmation of documents received on Nov 29.
Still waiting the results as of Dec 13.

I wanted to offer my study plan, thoughts, and advice on preparing for the exam. Like most folks, I used the Shonn Harris AIO book and the associated Practice Exam book. I also used the Official Guide, the CCCure paid quiz, and most importantly, the SANS Institute OnDemand Boot Camp. In hindsight, I probably could have gotten by with the Official Guide, the CCCure Quizes, and the boot camp as a review.

I've noticed that there is much discussion about the accuracy of the practice questions, and this is what I really want to address. Do the practice quizzes here and elsewhere represent the actual exam? No, nor should they. In the real world, as a Security Professional, the decisions you will need to make will not match the exam questions either. It's easy to get caught up in the drama that surrounds the CISSP and forget that the intention of the test is to have a standardized way of showing competence, not the ability to memorize data.

The exam is broken down into ten separate domains. This makes it easy to teach, and easy to write practice questions for. The thing you have to remember is that actual problems in real situations will rarely present themselves in a nice neat format with a domain label. ISC(2) tries to simulate this by mixing the domains together into questions that test your ability to apply your understanding of the theory of all the domains combined.

By all means, you should know the terms and be able to recite them. The CISSP assumes that you have memorized those terms. What they want to see is how you apply them and how you sift through the selection of correct answers to find the little detail that sets one apart from the others.

So I'll just say this in closing, by all means study, and read the books, and make flash cards, and come here and ask questions and actually listen to what the security professionals that post here have to say. And thank them for taking the time to come here anyway because I can promise you that they are busier now that they are done with the exam than they were before, but when it comes time to go to take this test, forget about domains, the test doesnt carve up the questions into nice neat chunks from one domain. This test is hard, be glad it's hard, if it was easy it wouldn't mean anything when you pass it.


Sign In or Register to comment.