Missed breakfast, got a pass.

SkeyeLlamaSkeyeLlama Member Posts: 11 ■□□□□□□□□□
I've had CISSP on my professional to-do list for about 18 months, but college and other certs has delayed it until now.

After finishing out the fall term in December at a local college, I set out to get the CISSP done before my transfer to WGU was complete (4 days ago).

My background is 12 years in Point of Sale IT as a jack-of-all-trades handling all aspects of IT systems.

My original resource was just the Shon Harris book, then I nabbed that $1 Eric Conrad CISSP Study Guide 2nd Ed. deal from Elsevier a few months back. I also subscribed to the CCCURE questions.

I got my books in PDF format and carried them on a tablet and my smartphone for quick access when I had a few moments to study. I also acquired the ezPDF reader application for android which allowed me to have the books read back in the car for increased study opportunity.

I took a 250 question 10 domain baseline test with CCCure on 12/20 and scored at 71.6%. Interestingly, it appears 9 of those 250 questions have been "retired" since then, potentially indicating a high turnover in the CCCure test bank.
65%(35 of 54)Access Control
78%(54 of 69)Telecommunications and Network Security
100%(14 of 14)Information Security Governance and Risk Management
47%(8 of 17)Software Development Security
81%(26 of 32)Cryptography
55%(16 of 29)Security Architecture and Design
63%(10 of 16)Operations Security
80%(8 of 10)BCP and DRP
81%(13 of 16)Legal, Regulations, Investigations and Compliance
83%(5 of 6)Physical (Environmental) Security

I started out on the Conrad book because it was half the size, and therefore half the effort to squeeze in. I did about 80% of this book using text-to-speech read back in my car via ezPDF.

After completing the Conrad book I took another 250 question test on 01/01 and scored a 76%. Hardly the improvement I'd hoped for.
77%(23 of 30)Access Control
82%(72 of 8icon_cool.gifTelecommunications and Network Security
86%(6 of 7)Information Security Governance and Risk Management
65%(15 of 23)Software Development Security
76%(28 of 37)Cryptography
70%(19 of 27)Security Architecture and Design
50%(6 of 12)Operations Security
80%(12 of 15)BCP and DRP
78%(7 of 9)Legal, Regulations, Investigations and Compliance
64%(7 of 11)Physical (Environmental) Security

At this point it became obvious that I needed a strategy that allowed better absorption of detail and the coverage of the entire Harris book in one month. What I did was evaluate what domains were weakest/most detail oriented and set those aside for reading. The remaining were scheduled for audio readback in the car. This allowed me to simultaneously work on two domains. Upon completion of a domain I would take a 100 question test on CCCure specific to the domain and be sure I studied the answer given in the test engine for any incorrects.

This process finished on 02/02 with the lowest score for a single domain at 80% (BCP/DRP) and the rest over 85%, my personal target. My test was scheduled for today, (2/04) so I had the 2nd and 3rd to solidify my knowledge. I brought up the Harris book in a PDF editor and deleted everything but the 'quick tips' pages, resulting in a 43 page list of key concepts. I listened to these about 3 times in the last two days. Nomenclature is not my strong point, so this helped refresh terminology I last read/heard a month ago.

On 02/02 I took a 250 question test from the Total Tester engine bundled with the Harris book, scoring 90%.
On 02/03, test eve, I took a final 250 question test on CCCure and scored 89.6%.
91%(42 of 46)Access Control
89%(64 of 72)Telecommunications and Network Security
100%(19 of 19)Information Security Governance and Risk Management
94%(15 of 16)Software Development Security
97%(29 of 30)Cryptography
92%(23 of 25)Security Architecture and Design
85%(11 of 13)Operations Security
67%(12 of 1icon_cool.gifBCP and DRP
92%(12 of 13)Legal, Regulations, Investigations and Compliance
87%(13 of 15)Physical (Environmental) Security

This morning I went through the ethics statement to ensure I knew the order of the canons, though I didn't get any questions on it. Of course the line at McDonald's was huge since I had to make the test appointment, so I didn't get breakfast - or coffee. Crummies in the the tummy was the worst part of the test.

The only thing that caught me by surprise was a couple of questions expecting me to know in detail the transformations of some common encryption and detailed IP packet construction. I didn't plan for that level of granularity. It definitely felt like huge swaths of what I had studied was not covered at all in the test.

I passed in about two and a half hours, and was confident that I had when I clicked complete. I had 22 questions flagged for uncertainty and I got 4 (I think, maybe 5?) of the new interactive questions.

Lots of the questions have paragraphs of info that are entirely unrequired to answer the question.

Any questions on anything I didn't cover, feel free to ask.

Comments

  • teancum144teancum144 Member Posts: 229 ■■■□□□□□□□
    SkeyeLlama wrote: »
    ...the transformations of some common encryption ...
    Would you mind elaborating on this? I'm not sure I understand the context.
    If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. :D
  • SkeyeLlamaSkeyeLlama Member Posts: 11 ■□□□□□□□□□
    teancum144 wrote: »
    Would you mind elaborating on this? I'm not sure I understand the context.

    I'm not sure how detailed I can get on this without giving away a question. It is probably safe to say that I was expected to be able to identify crypto algorithms from their diagrams.
Sign In or Register to comment.