A Message to All Who Endured the PBT CISSP, and to those who will now take CBT...

kalkan999

To those who took the PBT and passed...I hope that you will remain online here and continue to help and inspire those who plan to take the CISSP CBT in the near future. Some of them took the PBT and did not pass, so they will try their hand at the CBT. Wish them well. CBT takers will also need support prior to, and possibly after if they don't make the first or second, or more attempts, as it is at least as difficult as the PBT, and they are fortunate for not having to await the results and age ten years over 5-6 weeks.

It matters not that they don't have to await the results. And we can hope that the rogue testing centers will be limited in number, and that ISC2 will continue to monitor for those who **** themselves. To be honest, I am glad that it is going CBT because I believe that making CISSP, SSCP, etc, CBT will provide the kick-start to InfoSec credibility, and maybe help start a grass-roots campaign to properly beef-up security around the globe.

TO those who will take the CBT...I was among the first to take it, as most of you who followed me know. I wish you the best, and want to add that though there will be those few CISSP peers who will remind you that THEY took the PBT, and that the CBT 'cheapens' the certification, remember why ISC2 is doing this in the first place: To increase the number of InfoSec professionals in the hopes of staving off any future cyber-war/s, and to prepare and protect the assets of the world.

I plan to remain here as long as necessary to prepare and inspire those of you who will take the plunge. I hope that those of us who are now CISSP's will all stay here and guide the rest.

I have a thought: when we are all rich and famous because we saved the world, we should meet up somewhere and 'party like It's Windows 98 SE.'

dmoore44

kalkan999 wrote: »

I have a thought: when we are all rich and famous because we saved the world, we should meet up somewhere and 'party like It's Windows ME.'

Fixed it for you

smashedpumpkins

Other than the test being on the computer vs paper, is there any difference? Are they still the same type of multiple choice questions? I'm an SSCP and plan to take the CISSP in a few months. The SSCP was a PBT and it sounds like it's very similar to the CISSP test.

Iristheangel

Yes, the difference is that you don't have to study and wait 6 weeks to find out if you passed.

kalkan999

Hey Smashed,

The questions on the CBT are the same types asked on PBT. My personal experience was that I noticed a definite increase in Scenario based questions, and Vin who took the tet yesterday took the CBT CISSP and scored a 608 also noticed that there were more scenario based than he was expecting. However, this was the first time Vin took the CISSP, so everyone is usually in shock and disbelief about the difficulty of the test. Also, now that the test is CBT, ISC2 can offer more randomized questions versus CBT. That means that what was true for me may not be the same for you.

smashedpumpkins

kalkan999 wrote: »

Hey Smashed,

The questions on the CBT are the same types asked on PBT. My personal experience was that I noticed a definite increase in Scenario based questions, and Vin who took the tet yesterday took the CBT CISSP and scored a 608 also noticed that there were more scenario based than he was expecting. However, this was the first time Vin took the CISSP, so everyone is usually in shock and disbelief about the difficulty of the test. Also, now that the test is CBT, ISC2 can offer more randomized questions versus CBT. That means that what was true for me may not be the same for you.

Sounds good, thanks for the quick response.

Akther

Hi Kalkan

Thanks for the usefull information. I just loved the CISSP exam. The way it's presenting and the hard work, topic etc...I would like to know that still ISC2 required the infosec experiance to register CBT exam?

Thanks

kalkan999

Hell Akther,
While you don't need to present your InfoSec experience to take the test in the hopes of getting your CISSP, ISC2 ethics and--hopefully your own--dictates that you be honest about your experience. ISC2 has hinted around that an increase of random audits is possible, so everyone needs to make sure that they have the required years. Also, as my endorser shared with me, that ISC2 changed endorser input, as he found himself in a position where he spent even more time verifying my experience before he faxed his endorsement and my paperwork over.

spicy ahi

To piggyback on what Kalkan said, they are indeed scrutinizing audits as well. I got an email from my endorser a week or so ago because she had received a request from ISC to get a good point of contact for one of my cited jobs because the one I listed was not valid (my boss had moved on to another job) Not sure why they didn't ask me, but I went ahead and called my old job to get the contact info. of the security manager and passed it along to her to give back to them. Maybe they wanted to test to see if I indeed kept in touch and had a fairly close (close enough to get the information requested anyway) relationship with my endorser. Anyhow, unlike her experience (she earned her CISSP in '07) where ISC didn't contact her unless it was time to collect her annual dues, she's been contact twice already for my endorsement. So definitely keep contact information about your jobs current and be on good terms with your endorser.

dmoore44

@spicyahi - wow, that's really interesting. When I submitted my endorsement to ISC2, I wrote a little paragraph about my military experience - I basically told them that I had no contact information for my military supervisors (they were civilians) because the base I was stationed at was BRAC'd and the all the people I knew (mil and civ) had moved on to other things...

spicy ahi

dmoore44 wrote: »

@spicyahi - wow, that's really interesting. When I submitted my endorsement to ISC2, I wrote a little paragraph about my military experience - I basically told them that I had no contact information for my military supervisors (they were civilians) because the base I was stationed at was BRAC'd and the all the people I knew (mil and civ) had moved on to other things...

Yeah, it was interesting to me too because my first reference would be similar. Everyone there is long gone, PCS'd for sure if not retired. Luckily it was for a civilian position although all the folks I know were all long gone. I just referenced the security manager who is still there so I'm assuming if they did ask them anything, that he was able to respond accordingly. The first email my endorser received was just asking what security function(s) I performed when we worked together. So maybe I was mini audited? Who knows.

kalkan999

Do Like I did: find them on LinkedIn or Facebook. Or Google them, like I had to do for one guy who chooses to remain 'off grid.'

Hairyhorse

kalkan999 wrote: »

Hey Smashed,

The questions on the CBT are the same types asked on PBT. My personal experience was that I noticed a definite increase in Scenario based questions, and Vin who took the tet yesterday took the CBT CISSP and scored a 608 also noticed that there were more scenario based than he was expecting. However, this was the first time Vin took the CISSP, so everyone is usually in shock and disbelief about the difficulty of the test. Also, now that the test is CBT, ISC2 can offer more randomized questions versus CBT. That means that what was true for me may not be the same for you.

I'd think that scenario-based questions would be easier to answer, since they'd have to give you a scenario, and therefore more information and hints as to what the correct answer is. Or am I mistaken?

kalkan999 wrote: »

Do Like I did: find them on LinkedIn or Facebook. Or Google them, like I had to do for one guy who chooses to remain 'off grid.'

Remaining "off grid" is the recreational part of this line of work.

emerald_octane

Hairyhorse wrote: »

I'd think that scenario-based questions would be easier to answer, since they'd have to give you a scenario, and therefore more information and hints as to what the correct answer is. Or am I mistaken?

Yes, but can you remember EVERYTHING about EVERYTHING? That's why this exam is so hard core. You will be tested on how much you really know about XYZ topics and must focus on the minutiae of everything (well, not everything, but knowing the minutiae will make a difference).

For instance you will get questions where at the surface of the question ALL or 3/4 answers will seem right. You have to be focused and diligent enough to extract that critical detail which will put you on the right path: BEFORE, AFTER, LEAST, MOST, if COST is a factor, if TIME is a factor, BEST given X, BEST given Y, BEST given XY, BEST given XZ but DEFINITELY excluding Y, stuff like this. The smoking gun won't always be readily apparent. A question may have a set of elements that EXCLUDES all but one answer but if it's the last question on the test and you're already at the 5:50 mark, you might not be able to remember which one doesn't exactly fit the mold.

spicy ahi

@Kalkan - In my case, my leaders are old school electrical technicians who retired. So they're crotchety old dudes who want nothing to do with the internet unless it's to check on sports scores. But whatever information I passed along was sufficient so I'm not sweating it.

Hairyhorse wrote: »

I'd think that scenario-based questions would be easier to answer, since they'd have to give you a scenario, and therefore more information and hints as to what the correct answer is. Or am I mistaken?

I'm not sure if you took the test but those scenario-based questions are THE WORST. Misdirection is the one word that comes to mind when I think back on the handful of scenario questions I had on my test. And that was the paper test. Kalkan took the CBT and said it was tougher so I can only imagine what kind of insanity the put in the new versions of the scenario questions. In fact, I recall one scenario question where I underlined a part of the scenario that covered each provided answer. Guess what? I had all four answers covered by some bit of information in the scenario. So to answer your question, yes you would be mistaken.

afcyung

the scenario based questions get you with information overload. so many of the of the answers seem right that its mind numbing.

beads

PBT is still better because I could cross out the misdirects in pencil! Try that with "White-out" on a screen. Hmmm!

Seriously, outside of the long wait I'd still prefer a PBT if nothing else, I just feel as though I have more personal control than on a screen. I don't care if you think its more progressive, modern, up to date or fun to read a screen instead of paper. Its the same exam and I just feel more exam relaxed with the paper based version. Ironic, I know, as this is a technical exam in the first place so I probably sound like a technophobe, while I'm not at all. LOL

Long live the PBT! (*Humor*)

- beads

technogal

For all those who are worried about the CBT, I have a reminder for you. Some of us are just getting to the point in our careers where a CISSP matters. I wouldn't take it, except I now have to prove I know what I know.

So, I take my happy self to Washington, DC last week and attend the SANS MGT414 class. Fantastic class, conference and teacher. I couldn't ask for better. However, what he says will be be on the test bothers me. ISC2 has, supposedly, updated their domains. Ok, why is there still info about FDDI, 10BaseT, etc still listed as testable?! Really frustrating.

But I dust off the memories and read the study guide. Sitting the exam on Aug 13th. CBT, because that's all that's offered now....just saying

dmoore44

technogal wrote: »

Ok, why is there still info about FDDI, 10BaseT, etc still listed as testable?! Really frustrating.

Because that technology is still in use. You'd be surprised what some government agencies still use...

Iristheangel

^^^^ What he said. I was doing some contract work for a certain department for the city of Los Angeles. W-O-W. I thought I was in a museum. They still had old school mainframes from the early 90's mixed in there. A lot of local governments still use these old technologies due to budget constraints or lack of need to upgrade. It's just good info to understand.

!nf0s3cure

Just about CBK and domains........I also think that when I have to get an Encryption Device in operation, I just use an EPL to select it, I do not have to know then principles or the details about it, I just use its existing credentials. Does anyone else feel that all the basic and historical Crypto info is a bit of overload that 'Practically' you will never use?

technogal

Yea, I thought the historical aspect was a bit overkill, but somewhat fascinating at the same time. I had read Neal Stephenson's "Cryptonomicon", so knew some of the background already. What really helped me was learning the difference between symmetric and asymmetric and their application. It had been confusing before. Still have to write/draw out the Kerberos flow to remember it properly, but at least I can remember it now!

!nf0s3cure

Just took the exam today! I am not sure at all about how I did, time will tell. But there is definately more I can do now having sat through a PBT and can see that it is much easy than CBT. The reason for me is that with PBT you just go through all the pages and can cross refer to any question with ease, cannot do that with CBT. I remembered to look at a few questions that seemed related, just flicked through a few pages and there it was! So I still prefer PBT but unfortunately they are getting very rare now. The long wait begins. I am already starting to read again. Want to re-sit ASAP if it does fall through.

beads

I think !in0s3cure is describing my point about feeling more in control with a paper based test, as I mentioned above.

Thank-you,

- beads

!nf0s3cure

I was, sorry I did not read the full listing

beads

Just a comfort level thing. Some folks prefer the CBT others PBT. As I said above I just feel more physical control with a PBT. Not being locked in a room on the 17th floor of a high rise office building and ease of being able to grab a snack and/or coffee without having to check-out through multiple security access points likewise helps as well - at least that's how its done here in downtown Chicago.

I found the PBT to be much more relaxed having proctored by (now) peers rather than the folks Prometric hires to stare at my every move.

- beads

pravin883

TO those who will take the CBT...I was among the first to take it, as most of you who followed me know.

@kalkan999: Can I mark a question if in doubt and come back to it or I need to make a choice to move on to the next question when I give my CISSP through CBT. I took my first CISSP as PBT on June 30th and got the results that I dd not make it by 40 points...so I booked myself a CBT on 27th August making sure that I do not leak out all my 5 months of prep work did before the first attempt...it will be helpful to get all CBT related info before I take it.

beads

Yes, you can mark those you skip. Remember its less about the technology then it is how to use the technology (management).

- beads

kalkan999

@Pravin. ASk away, and I will answer as much as I can without crossing that NDA line.

btadams

Took the test and passed on August 9 (CBT). I have to say that having taken the CBT vs PBT is frustrating. The people I know that have taken the PBT have the viewpoint that the test must have been made easier because.people pass in less time. Nobody of course can compare questions though. It's almost like having an asterisk next to the certifications saying "Individual passed via CBT."

TBRAYS

btadams wrote: »

Took the test and passed on August 9 (CBT). I have to say that having taken the CBT vs PBT is frustrating. The people I know that have taken the PBT have the viewpoint that the test must have been made easier because.people pass in less time. Nobody of course can compare questions though. It's almost like having an asterisk next to the certifications saying "Individual passed via CBT."

What was so frustrating about it?