19 Points Away - Experience of test - Guidance welcomed on retake

Hi all,

I studied for the CISSP (associates) for the past year on and off. I've taken a handful of security courses in both my undergrad and grad program. To prepare for the exam, I used the Shon Harris AIO as well as using her Practice Exam questions book. The practice exam questions book was by far the greatest exam preparation suggestion of a friend who had recently passed the CISSP. I thought the practice exam questions were of similar format/confusion to the actual exam questions.

The week of the exam I was not feeling super confident so I tried rescheduling the exam to push it back a week. I thought I had read somewhere that it could be done with at least 2 days notices, but I was wrong. When I called ISC2, they informed me their policy is 5 days notice, so if I wanted to have rescheduled, I would have had to do it on that Monday (for a Saturday exam).

I had a similar exam experience like many of the other postings for the Dulles Dec 17th exam. I went through roller coaster of emotions that day, with the first 25 questions I thought I was going to bomb the test, the next 50 questions flew by and I was back to thinking I was going to ace the test. I went through the entire booklet circling my answers and made markings in the book of the questions I was unsure. I went back a few times to change my answers, which in retrospect, I don't think I should have done. After completing the booklet 5 hours in, I thought I would have enough time to fill in the bubble sheet and review all the questions. But I soon found out while going through the bubbling process that I only had time to review the questions I was unsure of. In total, I remembered to mark a total of 34 questions I was unsure, but I knew there were far more questions I was unsure of. So after finishing the bubbling, I thought it would be a fair guess of doubling the actual unsure questions (68 ) to make it a more feasible number of the unsure questions.

Days went by, worrying, having nightmares where I got the email saying I failed. Then after reading these forums of people who went through similar experiences, those nightmares turned into dreams of emails saying I passed....

Oh it would have been nice to have passed. I wish I would have known the policy of rescheduling, because now I think that extra week(s) would have helped with the 19 points.

My score: 681
Pass score: 700

Domain performance:
Access Control (5)
Telecommunications & Network Security (10)
Information Security Governance & Risk Management (2)
Application Development Security (8 )
Cryptography (6)
Security Architecture & Design (3)
Operations Security (1)
Business Continuity & Disaster Recovery Planning (7)
Legal, Regulations, Investigations & Compliance (4)
Physical (Environmental) Security (9)

After my mild depression of not passing yesterday, I decided when you fall off a horse, you must get back on.

Reading through the forum postings of people who have also come close to passing, I've noticed a few tips.
1) study your three lowest ranked domains
2) read carefully through the exam (cover the answers even until you have read the question in it entirety)
3) narrow your answers to 2 and choose the management perspective choice (which I felt like I did on the first exam)

Does anyone have any other suggestions? I just signed up to take the re-take a month from now (Feb 12th). I really feel since the studying in fresh in mind, a month away isn't too terrible of an idea, especially feeling like I was close to passing.

I went ahead and downloaded the 11th hour CISSP: Study guide, my online subscription to a CISSP boot camp (correction to earlier posting) , and I plan studying at least 2-4 hours everyday.

Thanks for any advice and congratulations to those who passed the exam!

P.S. One thing I saw that I wish I would have known about during the exam was that many people brought in their books to study up until the last minute. I was paranoid about getting to the exam on time and didn't want to wait in my car to study if it meant possibly not getting registered in time. I had 20 or so minutes just sitting at my exam desk envious of those who brought the study materials with them. Everyone had to put away their materials at 8:30am when the rules were read to everyone.

Find more posts tagged with

Comments

pinkydapimp

letstrythis1 wrote: »

Hi all,

I studied for the CISSP (associates) for the past year on and off. I've taken a handful of security courses in both my undergrad and grad program. To prepare for the exam, I used the Shon Harris AIO as well as using her Practice Exam questions book. The practice exam questions book was by far the greatest exam preparation suggestion of a friend who had recently passed the CISSP. I thought the practice exam questions were of similar format/confusion to the actual exam questions.

The week of the exam I was not feeling super confident so I tried rescheduling the exam to push it back a week. I thought I had read somewhere that it could be done with at least 2 days notices, but I was wrong. When I called ISC2, they informed me their policy is 5 days notice, so if I wanted to have rescheduled, I would have had to do it on that Monday (for a Saturday exam).

I had a similar exam experience like many of the other postings for the Dulles Dec 17th exam. I went through roller coaster of emotions that day, with the first 25 questions I thought I was going to bomb the test, the next 50 questions flew by and I was back to thinking I was going to ace the test. I went through the entire booklet circling my answers and made markings in the book of the questions I was unsure. I went back a few times to change my answers, which in retrospect, I don't think I should have done. After completing the booklet 5 hours in, I thought I would have enough time to fill in the bubble sheet and review all the questions. But I soon found out while going through the bubbling process that I only had time to review the questions I was unsure of. In total, I remembered to mark a total of 34 questions I was unsure, but I knew there were far more questions I was unsure of. So after finishing the bubbling, I thought it would be a fair guess of doubling the actual unsure questions (68 ) to make it a more feasible number of the unsure questions.

Days went by, worrying, having nightmares where I got the email saying I failed. Then after reading these forums of people who went through similar experiences, those nightmares turned into dreams of emails saying I passed....

Oh it would have been nice to have passed. I wish I would have known the policy of rescheduling, because now I think that extra week(s) would have helped with the 19 points.

My score: 681
Pass score: 700

Domain performance:
Access Control (5)
Telecommunications & Network Security (10)
Information Security Governance & Risk Management (2)
Application Development Security (8 )
Cryptography (6)
Security Architecture & Design (3)
Operations Security (1)
Business Continuity & Disaster Recovery Planning (7)
Legal, Regulations, Investigations & Compliance (4)
Physical (Environmental) Security (9)

After my mild depression of not passing yesterday, I decided when you fall off a horse, you must get back on.

Reading through the forum postings of people who have also come close to passing, I've noticed a few tips.
1) study your three lowest ranked domains
2) read carefully through the exam (cover the answers even until you have read the question in it entirety)
3) narrow your answers to 2 and choose the management perspective choice (which I felt like I did on the first exam)

Does anyone have any other suggestions? I just signed up to take the re-take a month from now (Feb 12th). I really feel since the studying in fresh in mind, a month away isn't too terrible of an idea, especially feeling like I was close to passing.

I went ahead and downloaded the 11th hour CISSP: Study guide, I have access to my friend's online subscription to a CISSP bootcamp, and I plan studying at least 2-4 hours everyday.

Thanks for any advice and congratulations to those who passed the exam!

P.S. One thing I saw that I wish I would have known about during the exam was that many people brought in their books to study up until the last minute. I was paranoid about getting to the exam on time and didn't want to wait in my car to study if it meant possibly not getting registered in time. I had 20 or so minutes just sitting at my exam desk envious of those who brought the study materials with them. Everyone had to put away their materials at 8:30am when the rules were read to everyone.

Sorry that you didnt pass. You were very close. My suggestion would be continue digging into the domains. you want to understand the concepts thoroughly and do less memorization. Though there will be stuff you need to memorize. ALso, check out https://www.freepracticetests.org. I found this site to be very helpful. I would suggest shelling out of the entire quiz bank.

Also, for the record, the book i used was the Official (ISC)2 guide to the CISSP CBK. i thought it was a very helpful book. Its long(900 pages), however, you could download it and just read the chapters that you scored the lowest on.

You will pass it next time im sure! Good luck!

jmritenour

I took my test on Sunday, Dec. 4th. I stopped studying/reading on Friday, Dec. 2nd. I did not read, look at, or even THINK of anything related to the CISSP on December 3rd. The way I saw it, I had been studying for the CISSP for the better part of 4 months that that point - one more day was not going to do nothing for me, other than make me paranoid that I didn't know a subject well enough. I didn't take books or notes with me - though to be fair, I wasn't aware that I could have them up until the exam started. Even if I had been, I don't think I would have. It was nice to see everyone else frantically scrambling for information in those final minutes, while I was relaxed, and mentally decompressing.

YMMV, of course. But I think I probably would've "iced" myself if I was still in study mode right up until the moment the exam started.

11th hour was a good resource for re-enforcing key concepts. I'd also recommend Eric Conrad's study guide. I also used Shon Harris's AIO, but to be quite honest, I absolutely hate her writing style, and I don't think I got as much out of it as I could have.

swild

The one thing that prepared me the best was cccure.org's quiz engine:https://www.freepracticetests.org/quiz/index.php?page=register

It also has some decent forums as well for a few certs.

You can try out the practice tests for free. I wound up purchasing the entire set and don't regret it at all. Those questions are harder than the actual exam. I was averaging a 70% on all the questions, doing 100 at a time. I would then go and Google EVERY single question that I missed.

Before I started on practice tests, I read Conrad's CISSP Study Guide and used the AIO as a reference only.

cyberguypr

letstrythis1 wrote: »

One thing I saw that I wish I would have known about during the exam was that many people brought in their books to study up until the last minute. I was paranoid about getting to the exam on time and didn't want to wait in my car to study if it meant possibly not getting registered in time. I had 20 or so minutes just sitting at my exam desk envious of those who brought the study materials with them. Everyone had to put away their materials at 8:30am when the rules were read to everyone.

Very good advice from jmritenour. Most of the time this doesn't work as cramming never replaces good study habits. If you haven't learned or memorized something in months, I doubt you will be able to do it at the last minute. Just focus on really understanding the material.

I think another mistake you made was sticking to one resource. The AIO goes into a lot of detail and can be overwhelming at times. Switching to another resource such as the Conrad book will present a fresh view. Also, it wouldn't hurt going through the OIG. Best of luck next time.

bigdogz

The other posters have some great comments. Reading other resources such as the OIG, and NIST will give you some assistance as well.

You have to understand that the more you know those domains the less it seems you will flip a coin or have that same feeling of guessing those answers to the questions.

Good Luck!

DazeByGone

Hi there,
Sorry you didn't get the result you were hoping for, but you were very close!

As for the tip on thinking like a manager when you take the test, I think the point there is really to select the high-level, generic, seemingly obvious answer on those tricky "MOST" or "BEST" questions.

For example, from the ISC(s) website you can see the Candidate Info. Bulletin with a few sample questions here: http://www.itcareerfinder.com/pdf/isc2/CISSP-Candidate-Information-Bulletin.pdf

The first question on pg. 28 is an excellent example: Which one of the following is the MOST important security consideration when selecting a new computer facility?
A - Local law enforcement response times
B - Adjacent buildings
C - Aircraft flight paths
D - Utility infrastructure

********

Answer = D.

My first thought was, well of course a new facility will have power and running water, so that's not the right answer. But, without those two, your physical security (badge readers, etc.) and fire prevention won't work. Heck the employees won't work if there's no power. So, that is the basic requirement then of a facility and the correct answer.

rollenation

I had similar experience as you but I ended up with a lower score. Is 648 good enough to really consider retaking it immediately? (I took the Toronto exam on Dec 17, and there's another exam that's taking place February 4th). Or should I go back to the drawing board and schedule it for the May 4th one?

SCALED SCORE
Your Score: 648
Passing Score: 700

DOMAIN PERFORMANCE
Access Control (4)
Telecommunications & Network Security (4)
Information Security Governance & Risk Management (2)
Application Development Security (7)
Cryptography (8 )
Security Architecture & Design (3)
Operations Security (1)
Business Continuity & Disaster Recovery Planning (9)
Legal, Regulations, Investigations & Compliance (6)
Physical (Environmental) Security (10)

What upsets me the most about the rankings is that I really thought I would be OK with the Physical and BC/DRP domains so I didn't put a high emphasis on it when I was studying. I ended up pumping my studying time on cryptography and Application Development (which I knew going in would be my worst two).

Any thoughts? Should I study hard the next 3 weeks and go for it this February or just lay low for a while and consider retaking in May?

I also read the CIB, while there are some changes, I don't think it's significant enough for me to consider waiting til later to just get more up-to-date study materials to cover them. Thanks all and congrats to all that passed! I hope one day to be part of this elite group!

letstrythis1

DazeByGone wrote: »

How slippery is this slope?
If you by a book and your friend buys a book and you swap books so you can both take advantage of the different materials, then the author of those books doesn't make the money they would have if you both bought both books. (Disclosure: In my case I had a study buddy who bought the same book I did as well as another one and we did take her book's domain quizzes together.) Having said that, I will note that if you buy the book at a second-hand bookstore, the author gets no additional money from that sell...only the second-hand bookstore owner does, so this is a somewhat muddy point.
At issue above is a person who paid for a bootcamp and then potentially sharing that info with someone else, free-of-charge I guessing?
Which is still much better than pirating info and posting on some website for hundreds of people to freely use.
Which clearly violates the code of ethics those people are about to swear to if they pass.
Anyone have any thoughts on that?

Hi Daze, I guess I didn't want to fess up to saying I had already bought this boot camp for myself for the first exam, but I didn't get the chance to use before taking the exam (something I am kicking myself for now). So the content I am using is paid for in full by me. I guess I didn't want to go into details of having paid for the boot camp but not having the chance to use it before the exam. I see your point and appreciate your concern, I apologize for not just being forthright in my first posting.

letstrythis1

Thank you everyone for all your feedback. It helps tremendously to hear your opinions on the retake!

Congrats again to those who passed the first time! And good luck to those taking it again:)

DazeByGone

letstrythis1 wrote: »

Hi Daze, I guess I didn't want to fess up ...

Sorry LetsTry, I removed that comment. I Wasn't trying to spotlight you, since even if my misconception had been true, that would have been a drop in the bucket. The real thing I'm wondering about is the sites that exist out there where people post the study info and stuff for anyone located anywhere in the world to grab free-of-charge. That seems so ironic to me.

ZekeCISSP

First, I'll admit that I am one that studies almost to the last minute. I left my house on Friday afternoon and went to Charlotte, NC (two hours from home) to sequester myself to a room, alone, for the night. My goal was to wrap it up by 10:30 p.m. and go to bed, but it didn't work out. I think I had a book in my hand till about midnight and then tossed and turned for another hour or so. I really slept like crap that night so part two of my plan wasn't hard. That would be the part where I wake up at 6:00 a.m. and study my last minute topics I deemed worthwhile. I had a list. In the end, my list was longer than the time I allowed, but I didn't take any books to the room where the test was given.

However, my real advice to you would probably be a different test strategy. This may not be news to you, but one of the resources I studied suggested this and I found it greatly helpful. Basically, the plan is to go through the test on the first pass allowing one minute per question - average. I exercised this by making sure at 60 minutes, I was on approximately question #60. At two hours, #120, etc. I didn't obsess about this, and some questions took me 30 seconds while others took 90 seconds, but I did say to myself I would not spend more than two minutes on any single question on the first pass. The goal of the first pass was, if I could not answer the question with 90% certainty, I would at least eliminate one or two of the answers and make a indicating mark to what I would answer if I had to answer right now.

So, basically at about four hours, you're done with your first pass. Take a few breaths knowing you could wrap this up quickly if need be. This leaves two hours for stage two...for me this was rereading each question and ensuring I read it correctly, recalling how I felt about it, and filling in the bubble. This time through, I did come up with my best answer for each question and committed to it.

There were a couple of questions that I relooked at and it caused me to reconsider an answer I eliminated in the first pass. I didn't get wrapped up in not changing my answers if it made sense. Sometimes later questions can shake cobwebs loose and it makes sense to reconsider some questions.

I did all this and I left the room with five minutes to spare. A lot of people left before me, but it didn't bother me. I was pretty sure my strategy increased my opportunity to pass and not spend another couple of weeks studying, another sleepless night in a hotel alone, and another six hours in a room with this test.

Good luck.

afcyung

@ OP

What other security certs do you have? It might be worth while to start at the bottom and work your way up. If you don't have say Sec + or another security cert you might find their study material an important bridge in helping you understand and thus retain the CISSP CBK.