Preparation for CISSP exam

t17hhat17hha Member Posts: 52 ■■□□□□□□□□
Hi guys,

I am getting closer and closer to my cissp exam with a few weeks to go now!

I am doing fine on CCCure website in that am averaging between 75-80% at the moment, and looking to work on weaker areas. I noticed that sometimes I do well and at other times not so well, and this is mainly down to getting some of the questions wrong which are referenced to books/sources around 2001.

I know the actual exam is no comparison, but I feel like I know the current material fairly well but not sure if I should try and learn things that, well, may have been in the exam previously? Also, would it be worth buying the Studiscope questions to get an idea of what the exam questions maybe like? Even though they are a little expensive! Unless someone is willing to split the cost icon_wink.gif

I seem to find a number of situations where I seem to be undecided between 2 questions and go for the wrong answer more than the write answer. I guess with more practice I'll get used to it.

I'm using the Shon Harris 5th Edition and 6th Edition. I have access to book24x7 and have been going through some modules within the CISSP for Dummies book and at times the ISC2 CBK, and mixing this with the Eric Conrad Study Guide and probably finish with the 11th Hour book also.

Congrats to all the guys that have passed recently and everyone else that has been providing valuable information! It's been inspirational and very helpful! Apologies for all the questions!!


  • HumbeHumbe Member Posts: 202
    Hello t17hha

    A week before the exam I was averaging 85-90% on the CCCure test bank. I spotted the weaker areas and re-read the whole chapter of the Shon Harris and Eric Conrad book and it did the trick for me.

    I wish you the best of luck passing your exam!
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    Check to see if your weak areas match up to the more heavily weighted domains, and if the do, focus on those. There is a great sans webcast that talks about test tacking strategy that was very helpful to me as well.

    How big are the question pools you are working with on CCCure? Try for 250 questions at a time to help get you ready for the full test. I was taking about an hour and a bit for 250 on CCCure, and ended up taking a bit over two hours on the actual test.
  • t17hhat17hha Member Posts: 52 ■■□□□□□□□□
    Thanks Humbe, did that include some modules which you probably scored less in than others? I'm attempting to re-read the chapters a couple more times before the exam and also looking to do a lot more questions.

    Wes Allen, thank for the info, I did see that webcast by Dr Eric Cole I believe and found it very useful but will probably try and see it again.
    I am doubling up the modules at the moment and doing 25 questions for each module.
    I have sat an exam of 150 questions and scored 73% a couple weeks ago and then resat another 241 question (missed some questions as internet was slow and they didn't load) exam last week and scored 79-80%. I like you seem to not take that much time, it took me about 90mins to do 241 questions.
    I am trying to focus more on domains which I probably was not scoring so well in and others where I may have scraped 70% which includes Cryptography and Security Architecture and Design.

    Did the 5th Edition of Shon Harris help enough? I'm wondering whether to focus on that than on the 6th edition that I have recently begun working on.

    I guess my real concern is how different the exam questions will be....

    By the way, well done again for passing the CISSP, I can see how much of a monster it is and got to congratulate anyone that manages to pass the exam!
  • ThistlebackThistleback Member Posts: 151

    When you get down to the two possible answers, ask yourself this: is one more a technical answer, as opposed to a management answer? For example, putting a technical control in place versus addressing the issue in policy?

    I passed the CISSP on my first try after studying Shon Harris 5th edition for about 2.5 months, plus attending a week long boot camp with the exam at the end. Much of the value of boot camp was in the discussion of how to dissect the questions to get down to what they are REALLY asking. First, try to determine which domain the question is addressing. That perspective alone sometimes gives you a clue as to which of those two good answers is the correct one.

    Think about having support from the top down in a business model - You have to have the support of senior management, and good solid policy and procedure next, then the appropriate technical controls. Add audit and reporting, and you have come full circle. So where, in that model, do the two good answers apply? If you can place them, choose one highest in the heirarchy. I hope that helps. Oftentimes, when you are a techie, it is hard not to lean to the technical answer . . . maybe that's what is happening with your choices. Just a thought . . .
    Feel the fear, and do it anyway!
  • t17hhat17hha Member Posts: 52 ■■□□□□□□□□
    Hi Thistleback, can I just say that is probably one of the most valuable piece of information I have seen in terms of how to address those types of questions. I will definitely take that on board and try and identify the domain and then look for the business based or highest hierarchical based question in those situations.
    Thank you for the suggestions, next time I will try and tackle it from that approach!
  • Psyco32Psyco32 Member Posts: 104 ■■■□□□□□□□
    Take Thistleback's advice!! The cccure questions are your foundational knowledge about the subjects/domains. The majority of the CISSP questions will test you on the application of the knowledge from a mid-level mangerial POV (IMHO). There are a few gimmies that are straight up "What type of firewall is used here?, .etc, .etc".
    2014 GOALS
    > GMOB [MAR_2014] OSCP [MAY_2014] GREM [OCT_2014]
  • t17hhat17hha Member Posts: 52 ■■□□□□□□□□
    Thanks Psycho32, I understood from the cognitive element it would test the appliance of knowledge obtained. I'll just keep practicing in the mean time and apply the new found knowledge :)
  • HumbeHumbe Member Posts: 202
    t17hha wrote: »
    Thanks Humbe, did that include some modules which you probably scored less in than others? I'm attempting to re-read the chapters a couple more times before the exam and also looking to do a lot more questions.

    I was averaging 70-75% on those domains I was having issues with.

    I hope that helps!
  • t17hhat17hha Member Posts: 52 ■■□□□□□□□□
    Humbe wrote: »
    I was averaging 70-75% on those domains I was having issues with.

    I hope that helps!

    Thanks, that sure does, I think I may have a couple modules with a similar average.
  • moyondizvomoyondizvo Member Posts: 155
    Great advice from Thistleback, I would definitely take that on board. At this stage it's about brushing up on the domains that you feel confident on and belting the weaker domains. As already mentioned, you have to know how to apply the concepts, very very important. All the best :)
  • ThistlebackThistleback Member Posts: 151
    Keep us posted on your prep - glad to help!
    Feel the fear, and do it anyway!
  • t17hhat17hha Member Posts: 52 ■■□□□□□□□□
    Of course, will do :)

    I just need to strengthen on a few domains.

    Can someone confirm something for me as I seem to be seeing contradictory definitions in places.

    Within Access Control, does non-discretionary apply to role-based (RBAC) and not MAC? From reading the 6th edition of Shon Harris she mentions MAC as a non-discretionary model.

    Also, there was a question on CCURE which mentioned that the MAC model is implemented from the Lattice approach and not rule-based. I'm guessing Lattice would help set the structure and then rules would be setup based off this? Question below:

    Which of the following would be used to implement Mandatory Access Control (MAC)? Lattice and Rule based were the options that stood out.
Sign In or Register to comment.