My Road to CISSP (Take 2)

Agent LithiumAgent Lithium Registered Users Posts: 3 ■□□□□□□□□□
Not sure how my previous thread got stuffed up, but here's my second go at posting my experience. Thank goodness I don't have to take a second go too at the exam.

My exam was on 31 March at Sydney, and I received the passed result on 9th May.

I have 6 years of experience in security in software development, security assessment and hardening, and security product implementation.

My study plan over 3 months was:
  1. Read AIO v4 at about 1 week per chapter, going to Google for anything I wanted to learn a bit further. I did not try to memorise anything, but just focused on understanding the material. I spent on average 2 hours per day.
  2. Then I worked through the AIO practice exams, for each chapter I'd score anywhere from 60% to 90%, then I'd go back to the chapter to pick up the stuff I'd missed. This took about 2 weeks.
  3. Before the exam I took a few days off work, and concentrated on memorising stuff like all the definitions, numbers and facts. This turned out to be much wasted effort as I did not see many of these in the exam. I did as many free practice questions as I could, many from I also did the AIO practice exams again, this time getting around 95%.
  4. There was also a CISSP summary sheet I downloaded off the net that basically puts all the CISSP topics into 10 pages. I used it to refresh my memory while commuting to work.

The day before the exam I got sick of studying and went off to have a great meal, played games, and went to bed early to have a great night sleep (very important).

On the day of the exam I bought plenty of high sugar food and had a big shot of coffee right before the exam. I found this useful to put my brain on overdrive for the next 6 hours. I took a 10 min break every 2 hours during the exam.

I worked through the questions in order, filling in the answer sheet as I go, marking the ones I wasn't sure. This took about 4.5 hours and I had about 40 questions unsure. Then I went back to review all of the questions, using up the last 1.5 hours. I would suggest reviewing the questions - even if you're tired - this saved me at least 3 stupid mistakes and it could mean passing at 705 or failing at 695.

The questions were very different to the practice ones like everyone's been saying. One question can cover multiple domains, have a scenario and ask you things that you will only know if you understood the topic inside out. This doesn't mean you need to know the exact definition per se, but you need to how things work. As an example (completely made up), you are expected to know how to conduct a buffer overflow attack down to the point how return pointers work in a function stack, but you do not need to memorise the trivia fact that this is one of the earlist exploits discovered in 1972 (yes I've seen this in practice question).

Also many of the questions I got were not hard technical stuff but more on the soft business side. I had never seen them in any study material and had to rely on my work experience to get through.

I hope this helps a bit, especially if you are like me getting frustrated with the differences in definitions from different sources.

Good luck!


Sign In or Register to comment.