Taking CISSP, only have 50 days to prepare -- HELP!

NavyIT

Hi all, I am currently in the Navy as an IT and I have about 10 months left until I can get out. I have a voucher to use for CISSP paid by the Navy but only have 60 (now 50) days to use it. If i fail this one I am not eligible for another because I have less than 1 year left. Without spending 3k for a prep course, how can I have the best chance to pass this in the given time frame? I have the Eric Conrad book and I just took a CISSP course that was part of my degree plan at UMUC, but it was outdated. Any advice is appreciated!

joebanny

Since your time is brief, I will suggest you immerse yourself fully using the Conrad book, also start taking a lot of test to evaluate your preparation as you move along, cccure.org or Trascendar offer some nice questions, all the best. By the way what UMUC course were you referring to? I finished my M.Sc in IA from there and have no knowledge of that, is that something new?

andhow

Based on your current certifications, I'd say you have a solid background in technology. That will definitely help. As for the course that you took being outdated... I don't think that the CISSP topics change much, so you're probably fine. Somebody may chime in here and tell you otherwise.

I used the "CISSP for Dummies" book. It was fairly easy to read.

I also used the Palaestra CISSP videos ((ISC)2 CISSP Certification Series | Palaestra Training). They're quite a commitment... I watched them over the course of three days. You pretty much watch a slideshow and listen to instruction for around 20 hours. My brain still hurts when I think about it, but it really helped me understand where I was weak and needed to spend more time.

JDMurray

How outdated was the CISSP material you used? The (ISC)2 hardly removes any subject from the CISSP exam, so you may not have the absolute newest CBK information, but you don't need 100% to pass the CISSP exam either.

NavyIT

Thanks for the replies. Even though the some information was outdated (for example, we learned about DITSCAP instead if DIACAP) I think you guys are right about much of the information still being relevant. As far as the CISSP for dummies book, I thought about that one but saw the Conrad book was much more popular. I only have the 50 days so I think one book is all that I'll be able to handle, especially since its like 500 pages.

paul78

If you are planning on just using one book, you may want to consider the ISC2 Official Guide to the CISSP CBK. It's my understanding that it covers everything you will need to know for the exam.

Official (ISC)² Guide to the CISSP CBK, Third Edition - (ISC)²® Press Publications - Books & literature

There is a iTunes and Kindle version as well.

NavyIT

Thanks Paul, I'll look into that book. Does anyone know of any good audio stuff I can listen to in the car?

cdupuis

Lately I have been working on new resources for the CISSP students. See a resume of new resources being offered below.

1. I have updated my flash presentation on how to become a CISSP. It will coach you and answer any questions they may have about becoming a CISSP. It is completely updated with the latest information about the CBK and the examination process. It is a must watch for any CISSP Student. You can find it at:

https://www.cccure.org/flash/intro/player.html


2. I have also updated my list of TIPS and TRICKS on how to become a CISSP. You can find it at:

https://www.cccure.org/article1477.html

The resources mentioned at the link above are from my CCCure.Org web site. .


3. I have just produce a set of Scenario Based questions that is very complete. I am selling it on my shopping cart at:

https://www.cccure.com/cart/categories/CISSP-Scenario-Based-Questions/

Let me know if there is anything I can do to help


4. Of course our Quiz Engine is available at freepracticetest.org



Best regards

Clement

dmoore44

Since you're still in, go to https://www.fedvte-fsi.gov/ and get an account - there is a recorded CISSP lecture series there that you can watch.

NavyIT

Thanks for the info @dmoore44.

So I ended up having to schedule my exam for August 16, so that gives me only 37 days from now to prepare. My ship is going underway the following Monday, so that's where the exam date came from.

I started reading the Conrad book yesterday and I got some CISSP boot camp videos to watch on my phone or listen to in the car whenever I get the chance to. My plan is to submerge myself in CISSP study and with dedication and constant quizzing, maybe I can pull it off when test time comes. I'll use this thread as a roadmap of my journey!

uyen_nguyen

You can try this new and free CISSP full course training before you take your test. http://www.techexams.net/forums/isc-sscp-cissp/91091-free-full-cissp-course-worth-3000-5000-a.html

tpatt100

I am going to suggest study on your own with a decent book, make some flash cards for the memorization basics for crypto and such. With limited time to study and since you didn't pay for the exam itself I wouldn't spend extra money for a course and just give it your best shot with the resources you can easily obtain.

If you pass then "great" if you don't then you will at least have exposure to what the test is like and if you decide to take it again on your own cost at least you will be better prepared.

NavyIT

Thanks guys. Good advice @tpatt

I have made it through the first chapter of the Conrad book. At this rate I hope to read it twice by exam time. I am really liking it. It is very to the point.

This is what (subject) is, this is how it works and here is an example. It makes the topics easy to understand.

I'll keep updating as I move on.

Paperlantern

In your situation I think my tactic would be to hit several practice tests first. CCCURE or the like, focus on taking a few good sized practice tests of all domains, say two with 100 or even 200 questions each. Pay attention to the WORST domains and then focus on those domains ONLY, dont waste time reading domains you are already relatively strong in. Use at least two resources, and hit the weakest 3 to 5 domains (depending on time). Then retest again in the last week, and then hit on the the weakest single domain before test.

In your situation that is how I would approach it.

da_vato

NavyIT I noticed in another thread you asked about how much management time they had... That's a pretty good question and I was wondering the same for you? What is your rank?

I was a staff sergeant promotable in the army and the "thinking like a manager" was just a part of me as it is for most NCOs. That aspect did help me out a lot and it really showed during class reviews. Even if you're not an NCO I'm sure this aspect will come easily to you as leadership skills are beat into everyone in the military one way or another.

Something I found useful in my prep was a CISSP app I found for my android phone. When ever I had a minute I would review a question or two or if I had nothing to do, all the questions I could. I would review domains I just read or was in the middle of reading.

everyone here stresses multiple sources and they couldn't be more right... Engulf yourself.

NavyIT

@da_vato, I do not have too much management experience, but I do have some. I am only an E5 but have worked as the Information Assurance Officer under direct supervision of the IAM for about 2 years and have been the Work Center Supervisor over the LAN guys for about 1 year. I have also found a CISSP application for my phone so I can go through a few questions when I'm waiting around for things.

@Paperlantern, that is very good advice. I already find myself skipping some of the sections in the Conrad book such as much of the second chapter that talks about the OSI model and some of the more well-known protocols such as DNS and DHCP.

McGintyDM

I feel you brother.

I am Staff Sergeant in the Marine Corps and currently the Cyber Security Manager for my unit. Surprisingly, most of the schooling and hands on experience I have learned up to this point has brought me most of the way to the test. I am currently on board the USS Kearsarge, and will be getting out of the military at the end of the year, so I am also cramming for the test. The best resource I have found so far is cccure.org. I watched the ~ 3 hour video and am going through the practice tests they have. It really has reinforced what I already know and taught me the things I needed to learn.

Good Luck on your exam!

NavyIT

Thanks @McGinty! Good luck on your studies also. I am also using cccure.org and using the practice questions, ISC2 also has an official application for your iphone that has about 25 questions per domain. I am also finding that useful while I have 5-10 minutes of downtime here or there. My only complaint about that is some of the questions, if you get them wrong, just say "Sorry, that is incorrect" with no explanation or telling you which answer was right... bogus, right? I think much of what I have done in the military has prepared me for much of the exam but I am feeling very weak on the Software Development Security domain in particular, so that is one I will be looking at extensively.

da_vato

I think you might find the CISSP flash cards from BH inc. better as far as amount of questions. There is a 100+ per a domain but they don't tell you why an answer is right or wrong that's why I recommend you do the same questions as the domain you are reading.

As far as the software development domain make sure you really understand the software development life cycle (SDLC), what is apart of which phase and what not.

Sounds like you guys are doing good on studying my advice from here is multiple sources and repetition.

NavyIT

Thanks for the info @da_vato.

So I need some advice from you infosec masters..

I am almost done reading through the Conrad book.. at this point should I be:

A) Reading the Conrad book for a second time.
Reading the Harris Book
C) Reading 11th Hour
D) Quizzing

I know I need to quiz, but maybe I'll do better and get more out of quizzing if I read some more stuff first?

Thanks guys!

da_vato

I forgot to mention that you need to read the ISC2 code of ethics, I would probably do that like the day before the test if I were you.

I ran into someone recently that failed with a 696 and he said there were a couple of questions from the code of ethics but he didn't read it... I know the books don't cover it and I haven't really seen anyone mention it around here either.

https://www.isc2.org/uploadedFiles/(ISC)2_Public_Content/Code_of_ethics/ISC2-Code-of-Ethics.pdf

wes allen

I found the cccure quizzes in learning mode to be pretty helpful - take them with 250 questions each time, and try to stay under an hour or so to finish. Also, dig up the thread that talks about which domains are more important to do well in to pass, and make sure you are solid on them before spending too much time in legal.

Jake007

NavyIT,

Im here at NAS JAX, email me ([EMAIL="[email protected])"][email protected])[/EMAIL] i will give you the guidance i used to pass.

NavyIT

Well, at this point I am feeling discouraged. I have read through the Conrad book and then I bought the CCCURE questions and started on those. I have been scoring in the 60's and 70's. I feel like many of the CCCURE questions I have seen were not even talked about in the Conrad book. I know my weakest domains and will be covering those in the Harris book, but 60's? I just feel like if I'm doing this bad on practice tests I'll have no chance at the real thing in 3 weeks. UGH!

da_vato

Don't get discouraged yet, like you said you still have three weeks till D-day. What are your weakest domains?

NavyIT

Software security and crypto. I mean, I understand the crypto I just get confused on which algorithms use what block size and key length and blah blah. I made some flash cards so hopefully I can get that down. And I usually miss any questions that ask anything about a database. Also, questions on the Orange Book and Common Criteria such as: at what level does the Orange Book address (____)? C1, B1, B2, ...

da_vato

Lots of people are weak at crypto so don't feel to bad about that one, I'll look through all my stuff tomorrow and see what I have that might help you out and PM you.

Orange book has been replaced by common criteria the reason that it is still mentioned is because it gave birth to current accreditation models so don't stress this one too much either, it is testable but you most likely will not get very many questions about it.

I'll have to look it over again but I believe I have a way of simplifying the common criteria info.

chaand

NavyIT wrote: »

I have read through the Conrad book and then I bought the CCCURE questions and started on those. I have been scoring in the 60's and 70's. I feel like many of the CCCURE questions I have seen were not even talked about in the Conrad book.

I felt the same when i read conrad's quesions after scoring decently in cccure... Referring to the eleventh hour guide

cdupuis

Good day to all,

You must remember the Conrad book is like an Exam Cram for last minute study and not to be used a a primary study book. It is condensed and it will not cover as much as a full blown study book.

We use the Holistic approach within the CCCure quizzes, it never hurts to learn a bit more than needed. However, using the minimalistic approach may put you too close to a failure score. Study in depth and this is how you will be able to apply your knowledge and make sense of the questions on the real exam.

Best regards

Clement
Maintaining of the CCCure Quizzes

JDMurray

cdupuis wrote: »

You must remember the Conrad book is like an Exam Cram for last minute study and not to be used a a primary study book.

Ah, this is a good explanation. I've never seen the Conrad book, but through experience I know that anything labeled as a "study guide" will not be a comprehensive review of all of the objectives on a certification exam. Always use multiple study resources for any cert exam, and multiple references for every cert objective covered by the exam.

RanMic

NavyIT wrote: »

Well, at this point I am feeling discouraged. I have read through the Conrad book and then I bought the CCCURE questions and started on those. I have been scoring in the 60's and 70's. I feel like many of the CCCURE questions I have seen were not even talked about in the Conrad book. I know my weakest domains and will be covering those in the Harris book, but 60's? I just feel like if I'm doing this bad on practice tests I'll have no chance at the real thing in 3 weeks. UGH!

As weird as this may sound, I think that is a good thing. You are not overly confident or cocky enough to think "oh, this is gonna be a breeze'! It will be a challenging test and you need to stay on top of your studying until the last minute. If you start feeling like you are the master it will bite you in the butt. Stay humble, assume you don’t know it and keep reviewing over and over and over. I felt good on my first one and blew it. On the Second one, I was VERY humble and passed. My attitude was keep studying because I may have missed something. I used a couple of videos and the Official ISC book only. Remeber this, they are looking for the BEST answer (because you may have a couple of more that are correct) and think like a Manager. Good luck to you and I wish you the best.