How I passed and failed the CISSP!

So, Finally I passed the CISSP exam. As everyone has said “It’s not an easy Exam”! But worthwhile endeavors are rare!

Well, it was my second try and with god’s grace I have passed it this time. But mostly with my 99% hard work and 1% gods grace! (Or may be the other way around

who knows

)

Now to those who are about to sit for this exam – Don’t assume that it’s an easy exam! And its not a technical exam either. What they are going to ask you is about your Judgement, Now the tricky part is they don’t want you to judge how we deal in our real lives or at job. They want you to judge according to the so called CBK , You will need a good insight on how to understand what they are asking. Its barely going to be simple as 1+1=2 or anything that a computer or a calculator can do! They want us to use the Human insight of brain.

Now the tips for exam – As I have said it’s not a technical exam, but it needs you to understand the basic of techniques and how to apply them at managerial level. This doesn’t mean that you can omit the under laying technologies, but as far as your concepts are clear you don’t need to learn them by heart. Trust me I can’t Learn by heart a single page in my life, But I can understand and have a good insight of 1000+ page CBK. My point is Know the material as everyone has suggested.

Lastly What I have seen is the exam is more focused on the international standard now, so Questions are more likely to seek what you have understood from those laws/standards rather than asking specific question referring to specific US law/standards. The weightage of domains goes by Infosec and risk management, BCP/DRP, Legal, Access Control, Crypto, Networks, software development security and the others.

Now my story

The first time I gave the exam, I failed with a score of 604. What came to my surprise was not the difficulty of exam but rather the time required to have an insight of what exactly they are asking. Simply it took me more time to understand what they were asking and I ran out of time. On the first attempt I was only able to finish 150 questions by 4.5 Hrs and then just clicked the other remaining question. Now this could be because English is my 3^rd/4^th language, but this saying this will not help. What I have reconciled is that they don’t use hard words to jeopardize your understanding or to put the blame on language; instead they use abstruse/puzzling words to confuse you. There will be Double/triple negatives in one sentence, 2 answers will weigh the same for the asked question, and none of the given options will answer the asked question. In those situations the best way to select the answer is to find the closely related domain to which the question is asked and just select the option that makes sense to the said domain. Or else you may just run out of time while solving the said puzzle.

Now my study method and tools

First of all Shon is a great writer, I love her style and indeed it’s a very good book for your foundational concept. Her questions also resemble the skill required to pass the exam. And I 101% recommend 5^th/6^th edition. It makes barely a difference if you buy either of them. I have both but 5^th edition was my favorite, and I haven’t read 200+ pages from 6^th edition yet.

Eric Conrad’s book is good as a secondary guide, His 11^th hour is quite good for the last day. Besides he keeps things short and sweet. So if you are already a seasoned professional with decades of experience you can/cannot skip the shon’s book.

Dupuis’s paid version is good for practice.

OIG is useful sometimes, the book is dry but has good resource. If Shon’s book is overkill then may be you can try OIG or CISSP guide from Sybex.

CISSP guide from sybex is good and worth investing, they also keep things short and sweet. They have their own question bank of 750 questions and flash cards which is available online for free. Questions are good but they lack the abstruse/puzzling needed. Overall to gauge your technical / understanding of topics they are a good resource. I am not sure if the questions available are for free or not, but just by registering to their website you can get them. I guess it’s a lack of access control for the said resource. You can download them by registering here. The responsibility is yours

I think I did somewhere around 3500+ Questions and my own notes have been a great resource for the last day revision.

Links to the resource –
www.mhprofessional.com/sites/CISSPExams/exam.php?id=EnterpriseSecurity
Sybex: CISSP: Certified Information Systems Security Professional Study Guide, 6th Edition - James M. Stewart, Mike Chapple, Darril Gibson
CISSP Practice Exams, Second Edition: Shon Harris: 9780071792349: Amazon.com: Books
CISSP All-in-One Exam Guide, 6th Edition: Shon Harris: 9780071781749: Amazon.com: Books
https://www.freepracticetests.org
CISSP Study Guide, Second Edition: Eric Conrad, Seth Misenar, Joshua Feldman: 9781597499613: Amazon.com: Books
Eleventh Hour CISSP: Study Guide: Eric Conrad, Seth Misenar, Joshua Feldman: 9781597495660: Amazon.com: Books

Now what to do on the night before your exam

Get enough rest and sleep tight. Don’t change any of your usual habit. I did something on my first attempt and the result was ……….

Besides I almost forgot to mention, don’t panic at exam. On my first attempt my first 20 or so questions were freaking me out, they were not just hard but seemed like aliens wrote them for us mere human mortals! And By the first hour I got panicked and thought to Give up the exam and to never sit again. With those first 20 questions I Thought it was impossible to even get 200 Point!

But luckily as everything else in life is….Its just a matter of time!

It’s an honor and privilege to pass this exam and I look forward to other worthwhile endeavors. Please do suggest on something worthwhile like this.

Now to keep you guys motivated – just remember this lines “I thank whatever gods may be for my unconquerable soul. I am the master of my fate, I am the captain of my soul.” + Whatever perks you may get after passing this exam

Lastly a long time lurker can’t thank enough for the resource and knowledge gained from this site. Thank you all!

Find more posts tagged with

Comments

j.petrov

Congrats on the pass, I'm hoping for the same results this wed the 18th.

acomo

that was great, congratulations. great tips provided, surely i am going to use what you suggested. how similar were the questions of the exam with the questions in the cd of shon harris book, and how similar were the freepracticetest questions?

thanks and congratulations once again.

Schpoon

Congratulations!! Bet you feel like a

I passed two weeks ago and I'm still reeling

Great post and I'm sure it will be really helpful. I'm thinking about e-mailing a link out to my study group it's so good.

Ra's al Ghul

@j.petrov

I wish you luck and I hope you bring the charm this Wednesday. All the best and take extra care of yourself for the last 2 days.

@acomo

The questions of shon harris/ freepracticetest are not similar to exam, but in a way they gauge your readiness to the exam. I would say wordings that make up the question from shon’s CD are abstruse /puzzling enough to help you prepare the exam. But that being said you can expect the unexpected in the exam. The original questions on exam can be quite puzzling than what you would have expected. Don’t spent enough time on 1 question if you can’t be sure of answer and have been scratching your head for 10 minutes. It’s better to Leave and come back again.

Shon’s questions are good to for understanding the abstruse /puzzling needed for the examination while freepracticetest are good for gauging your technical readiness. In My words if you are around 80% on both, you are good to go.

Don’t worry if you have to mark a lots of question in real exam, from my both attempts what I have seen is at first may be till the first 80-90 questions, you have to mark a lot of questions, May be its just my psychic that can’t be sure at first, But as we go along we become more confident. You will get the idea of how the questions are framed and what is asked as you go along and this will built your confidence, and will help you to review the marked questions at last.

@Schpoon

Man I feel like….…..But Time flies, I miss the efforts put on this exam and yet relieved from all the stress! Truly Worthwhile endeavors are rare!

I would be more than willing to help the group.

teancum144

Congrats on the pass! Thanks for the detailed feedback!

Ra's al Ghul wrote: »

... I 101% recommend 5^th/6^th edition. It makes barely a difference if you buy either of them. I have both but 5^th edition was my favorite, and I haven’t read 200+ pages from 6^th edition yet.

Just curious why you liked the 5th edition better than the 6th?

Ra's al Ghul wrote: »

[Shon Harris'] questions also resemble the skill required to pass the exam. ... Dupuis’s paid version is good for practice.

Interesting. I've heard conflicting reviews on this topic. I was thinking about buying Shon's practice exams book (CISSP Practice Exams, Second Edition: Shon Harris: 9780071792349: Amazon.com: Books) but some don't think the questions are very good, while others say they really helped. Do you like the SH practice questions better than Dupuis? Any other thoughts on practice tests?

Ra's al Ghul

@teancum144

I think 5^th Ed is good enough to understand the technologies covered in the CBK. I would say the 6^th edition has just some more paper weight. Apart from that anything that could click your mind is in both 5^th and 6^th edition. So far (300 pages) the only non overlapping technology I have seen in 6^th Ed is SCADA.

The CISSP Practice Exam, is 50/50. I don’t think we have more than 600 Questions in that book, and many of them resemble to the CD and online Practice exam. The priority for Practicing Questions should be followed by Dupuis’s cccure.org.

Technically or in terms of explaining the underlying technologies, no other practice test can gauge your understanding as Dupuis site does. But in a way Shons writing resemble the abstruse/puzzling required. As far as the CISSP Practice Exam by shon is concerned, it’s required only if you are not doing so well. If you are scoring around 80% on McGraw-Hill website and at Paid Dupuis’ website then you don’t need the CISSP Practice Exam.

I can’t compare between them because they both stand still at their work. But yet to have no room for doubt, you can definitely go for CISSP Practice Exam.

sunriser

Hi Ras' al, Congrats for your success...!!! could you please answer following questions: 1) Are their any similar questions you found in exam related to any of the practice material like total tester, studiscope, cccure or transender ? 2) which domain of question you struggled a lot in exam ? 3) Are the questions one liner or paragraph ? 4) would you like to advise on the method/strategy you choose to answer the questions in exam.