Testing on CISSP 14 April 2014

jvrlopez · March 2014

Well the time has finally come. I floated the $599 on my credit card today and scheduled for an 0800 test on 14 Apr. The VA will reimburse me pass or fail so I'm not too worried at the moment...I'm kind of curious to just sit the test at the least to see what it's like.

I went ahead and selected this date since it will give me just enough time to retest once more (if I fail) prior to the date my employer set as the deadline for me to achieve the CISSP, which is May 15. There's some doubt as to if this would actually happen.

Anyways, I've been studying off and on since November (not so much up until recently, seeing as how I was very busy at work). With the 3 weeks left, I figured I'd start off with the domains I'm comfortable with (so as to not discourage or dissuade me from studying right off the bat) and hit the ones I'm less comfortable with closer towards the test.

My study materials include the Sybex CISSP and AIO CISSP and their corresponding practice question engines. I'm going through the domains in the Sybex book and compounding it with the AIO book should I need elaboration or clarification. When it comes down to matters of memorizing tables, similar concepts, etc, I'm simply writing them out on some paper over and over. After covering each domain, I'm going through and doing the practice questions at the end of the chapters as well as some on the test engines provided.

On the domains I'm comfortable with, I'm scoring high 70s and 80s so I'm feeling pretty good at this moment.

I went ahead and ordered the 11th Hour Conrad book since I recall others saying it was a great, concise resource to reference close to your test date.

Does anyone have any other suggestions, areas/methods to study, or helpful insights? I always hear the adage, "Think like a manager on the CISSP." Can anyone share their approach to this way of thinking?

Thanks! Can't wait to get this over with!

~J

TheProfezzor · March 2014

Don't expect short questions and respective short answers. Be prepared to read verbose questions and very lengthy answers to them. CISSP isn't a technical exam. It's a managerial exam and it is required that you read the whole situation and decide which option is the best option. This requires a good short term memory and a great deal of grip on the CISSP CBK concepts. If you can pull this off, you can get through it with ease. Practice questions by taking 250 question exams, just to train your mind and your body for the 6 hour ordeal.

Amurray22 · March 2014

when quizzing yourself, try to vary what you use. So maybe take the end of chapter questions for each domain and then use the software questions for your full 250 question practice exams. I found that the quiz engines tended to repeat questions so that you end up memorizing the answer more than knowing the material.

zxbane · March 2014

Your study plans sounds solid, just make sure you put in the time between now and test day and focus on the areas you are the least familiar with or are scoring the lowest in. Let us know when you pass!

da_vato · March 2014

Don't forget to read the code of ethics.

jvrlopez · March 2014

Been going through my domains again. Most of the stuff rings a bell and comes true, the hard part is all the little details, various protocols, and acronyms. I'm going through and identifying those right now and will hit them harder.

As of today, my testing average for Access Controls was a 78 and a 74 in Telecommunications and Network Security (!!!). Hoping to make the step up to 80 or above averages here shortly.

I guess I'll keep this topic alive with my study endeavors to hopefully motivate me and keep pressing! Put in a good 6.5 hours over the last two nights. I feel it coming back to me

sojourn · March 2014

Good luck. If you have any specific T&NS questions, post em up and we'll help out.

jvrlopez · March 2014

The only issue I'm having with T&NS is all the acronyms on technologies/protocols I don't use on a daily basis at work and home. I've made a list out and I'll reference them at work and home whenever I can. I just looked over it now and they are looking a bit more familiar

zxbane · March 2014

Sounds like you are on pace to do great, and with a few more weeks to go of using the techniques you are you should be successful. Good luck!

jvrlopez · March 2014

Another day and another 4 hours of studying down. I focused on the Information Security Governance and Risk Management domain. I scored 85%, 80%, and 70% on a two 20 question and one 100 question practice test for an overall average of 78.3%.

I felt alright with this domain, seeing as I finally figured out my SLE, ARO, ALE, ACS, and cost/benefit value of safeguard formulas...I wrote them down a few times over and will do so again until the day of the test...I like plugging in various values and simulating the outputs.

I will go through this domain's flashcards and copy and paste anything I had trouble remembering or would like to revisit into my running wordpad file...for some reason the Shon Harris AiO seemed to have way more acronyms and models (ITIL, NIST, etc) than what I found in my Sybex book. Will have to go back for those.

Also have the Shon Harris mp3s burned to CD so I can listen in my car on the way to and from work!

Getting excited!

NimrodHunter · March 2014

jvrlopez, which practice test engines are you using?

AndyLien79 · March 2014

jvrlopez wrote: »

Another day and another 4 hours of studying down. I focused on the Information Security Governance and Risk Management domain. I scored 85%, 80%, and 70% on a two 20 question and one 100 question practice test for an overall average of 78.3%.

I felt alright with this domain, seeing as I finally figured out my SLE, ARO, ALE, ACS, and cost/benefit value of safeguard formulas...I wrote them down a few times over and will do so again until the day of the test...I like plugging in various values and simulating the outputs.

I will go through this domain's flashcards and copy and paste anything I had trouble remembering or would like to revisit into my running wordpad file...for some reason the Shon Harris AiO seemed to have way more acronyms and models (ITIL, NIST, etc) than what I found in my Sybex book. Will have to go back for those.

Also have the Shon Harris mp3s burned to CD so I can listen in my car on the way to and from work!

Getting excited!

Sounds like you're on pace to pass this exam! I just started studying not too long ago. Where can I get the Shon Harris mp3s? Are the mp3s updated with the information from his AIO 6th edition book? Please advise.

Thanks,

Andy

zxbane · March 2014

I agree, sounds like you will do great jvr, you have a solid study approach.

jvrlopez · March 2014

Let me first say that I was ready to tear my book in half, throw out all my study materials, and just go have a drink...

Seriously, the software development domain just rubs me the wrong way...Scored a 90%, 65%, and a 52% (wtf!) today...Some of the stuff was easy oversight and just rushing (layer 1 vs 0 for the kernal, etc). And cryptography is the next domain too, weee!

So I think I got a good study routine down...study a single domain for 3-4 hours a day with a few tests at the end, review all 4 domains covered during the work week lightly on Friday after work for an hour or two, and review them all again Saturday with a compilation test of all covered domains...

My confidence sure did take a hit today, but I'm sure I'll regroup...TGIF tomorrow and I'm looking forward to hitting this stuff up again Saturday all day.

AndyLien79 wrote: »

Sounds like you're on pace to pass this exam! I just started studying not too long ago. Where can I get the Shon Harris mp3s? Are the mp3s updated with the information from his AIO 6th edition book? Please advise.

Thanks,

Andy

Sorry I overlooked this.

You can get the Shon Harris MP3s from the publisher for free here:

http://www.mhprofessional.com/sites/CISSPExams/register.php

Just register and you're good to go! Just a heads up that the zip archives and domains are under (presumably) the older version domain names.

NimrodHunter wrote: »

jvrlopez, which practice test engines are you using?

Again, sorry I overlooked this reply.

I am using the great test engine included with the Shon Harris AiO, the end of chapter quizzes from the Sybex CISSP book, the quizzes from the Shon Harris MP3 page above, and the Shon Harris AiO practice question book.

Thinking of it now, I'm going to start taking the practice question book to work and using it to stay fresh on the domain from the day before. Should be good to pass around the office and compare scores!

sojourn · March 2014

Software Dev is a nightmare for me too. I am not a developer, have no desire to be. I'm feeling it's going to be one of my worst domains. I'm ok with the database stuff, but the SDLC stuff - no thanks.

Thankfully it is not one of the Top 5 domains. (You do know about the Top 5, right?)

jvrlopez · March 2014

I feel more comfortable with the SDLC than the database stuff!

Katiusha · March 2014

Good luck on the test! Let us know how it went!

jvrlopez · March 2014

Thanks! I certainly will...very excited and anxious to see what it'll be like (a good nervous).

Finished studying on 4 domains for the past week...Access Control (very comfortable with), Network and Telecom (the WAN technologies are killing me...), Info Security Governance and Risk Management (feeling ok, just need to brush up on the other models that aren't in the Sybex book [ITIL, etc], and Software Development (I feel ok with this one from a glance...need to hit it hard).

Spent about 20 hours the past week studying...hoping to continue the trend this upcoming week. Cryptography is next! I got a feeling I'm going to be writing out all the encryption standards by hand 100 times!

SN - Had breakfast with my wife's best friend and her husband this morning. He's in school for CE and is taking a certification for that field on the same date, same place, and same time asm ym CISSP! I've never been to that testing center (San Antonio only has two locations for the CBT) so he gave me some heads up info (comfort level, room temperature, processing times, etc). Small world.

aftereffector · March 2014

Ugh. WAN technologies, InfoSec governance frameworks and risk models, and security models are the bane of my existence. Let me know if you come up with any "eureka!" study techniques - but like you, I feel that I will just have to rote-memorize them and hope for the best.

jvrlopez · March 2014

Covered encryption tonight...was surprised by how quick this domain went down. I was done in about two hours, though I do need to go back and review some things (mostly the bit sizes). Averaged a 67 over three tests, which was a lot higher than I thought I would do...I got the 10,000ft to 1,000ft view down, just need to work on recalling the nitty gritty.

Was glad to see how quickly all the standards came back to me from Security+ and CEH, though I'm still going to write out the symmetric, asymmetric, and hashing types each chance I get.

As of now, this domain is my #1 to review once I get through all of them.

I also got my 11th Hour Book today. Was surprised at how concise it is. I'm considering staying with this exclusively right up before the test.

About 13 days left!

TheProfezzor · April 2014

jvrlopez wrote: »

Covered encryption tonight...was surprised by how quick this domain went down. I was done in about two hours, though I do need to go back and review some things (mostly the bit sizes). Averaged a 67 over three tests, which was a lot higher than I thought I would do...I got the 10,000ft to 1,000ft view down, just need to work on recalling the nitty gritty.

Was glad to see how quickly all the standards came back to me from Security+ and CEH, though I'm still going to write out the symmetric, asymmetric, and hashing types each chance I get.

As of now, this domain is my #1 to review once I get through all of them.

I also got my 11th Hour Book today. Was surprised at how concise it is. I'm considering staying with this exclusively right up before the test.

About 13 days left!

I wish I had the memory you have!

jvrlopez · April 2014

Thanks! I do have a knack for being able to recall static metrics if I focus on them for a little while.

I overslept on my nap today after work and didnt wake up until 9pm! I ended up studying for 3 hours tonight (was well rested) on Security Architecture and Design. The domain wasn't too hard and differentiating the security models from one another wasn't as taxing as I thought (there's a key point to each that I stick with to separate them out and recall the details afterwards.)

The part that killed me in my studies were all the "multi-" terms for processing and the kernel layers and the like. I'm not a host guy and it's never been one of my string points. Guess ill just have to write out these terms over and over closer to the test.

I was alright on one practice test with an 85, blew another with a 50, and finished my last with a 74, today's domain average coming out to around a 70...

2 more domains left this week, another 2 next Mon-Tues, and then I can finally go back and hit up on my weak areas and bring those averages up! Can't wait, 12 days left!

sojourn · April 2014

Keep it up, I like reading your daily reports! I've booked May 1st so I'm learning from everything you write.

Benchwarmers · April 2014

jvrlopez - keep up the great study skills! As sojorn said, your daily analysis is a good measure for other folks who are studying.

jvrlopez · April 2014

Thanks for the kind words and encouragement, all! Feels great to be studying daily and sharing my experiences (highs, lows, and all in between) with all those interested.

Today marked the end of another domain, the 7th for me, that being Operations Security. I did very well and not many of the concepts struck me as foreign or something I think I would have to go back and hit hard again. A lot of the stuff I've either seen in previous studies or in my experiences in the Air Force and as a DoD contractor.

I studied on this domain for 3 hours tonight and took three practice tests (70 questions overall) for an 80% average (I actually averaged 80% on all 3...funny). Right now I'd have to put this near my most comfortable domains (next to access controls) but I'll still be revisiting it with the rest of this weeks domains (cryptography, Security Architecture and Design, and Business Continuity and Disaster Recovery Planning).

Business Continuity and Disaster Recovery Planning is tomorrow, followed by a quick review of all 4 domains Friday after work, and then a 6 hour, in depth review session of all four followed by a practice test covering all of these.

**edit: If you go back and average out my end of domain tests for the 7 I've covered so far, I'm at a 75 at the moment. Some of these can obviously be brought up between now and the date of the test...slowly but surely...

About 11 more days! Argh!

jvrlopez · April 2014

Today covered my last daily domain for the week, BCP/DRP.

The domain was pretty straightforward and I didn't stumble or get caught up on too many parts. The technical aspects (backups, off sites, etc) came to me once I focused and got down to differentiating them (I used to have a hard time contrasting differential vs incremental...but I got it now!).

The only part I don't feel completely solid on are all the various steps in the BCP and DRP. I'm sure I'll just hand jam them and commit them to memory...it was good to see AV, EF, SLE, ARO, and ALE show up again in this domain. Falling back on my previous studies, I was able to rock the scenario questions regarding these formulas!

For my practice tests, I scored two 80%s and one 62.5%, argh! Like I said before, I didn't miss many technical questions, just the ones corresponding to the processes (which I'm sure is important in regards to this exam). Average is 74 for this domain this time around...

Tomorrow is a quick overview of this week's past 4 domains (I will probably do this after work with my flash cards, chapter summaries, domain objectives, and the 11th Hour Book). Saturday is my 5 hour study session to go over all of the domains completely and again.

Monday and Tuesday are my last domains (Legal and Physical Security) which I'm pretty sure I'll do alright in, but we'll see. Seeing as how I haven't covered anything really technical since Cryptography, I feel confident that so long as I get a grasp of all these various concepts and procedures, I've got a shot.

10 more days...whoa.

jvrlopez · April 2014

Just finished up 5 hours of studying today...reviewed 3 domains that covered this past week, Security Architecture and Design, Operations Security, and BCP/DRP. I didn't cover cryptography because I'm setting Sunday aside for that alone.

I went ahead and made a list of things I want to commit to memory prior to the test (as in spend the last couple of days just writing them out over and over). Most of them were the steps to processes. Most of the formulas and technical pieces are good to go, however, it's all the various procedures, steps, and functions that are killing me, argh!

Took an exam of 75 questions over all 3 domains reviewed today. Some of the questions were on there twice and I happened to miss one, IIRC.

Security Architecture and Design - 72%
Operations Security - 84%
BCP/RCP - 64%

Overall average is a 73%, booo!

jvrlopez · April 2014

Just finished up 2 hours on Legal, Regulations, Investigations, and Compliance...nothing in the material was too foreign, but I can already see all the various laws tripping me up. Those murdered me on the Shon Harris practice questions. Scored a 100%, 75%, and 61% (!!!!) on my practice exams today, 78% average.

The forensics piece isn't too bad, just all the laws and such get me. Going to have to go back and commit those to memory...

Tomorrow is my last domain and then I have the next 5 days to go over everything I'm not comfortable with again.

Less than a week left, lets do this!

sojourn · April 2014

Good luck mate!

donw35 · April 2014

Keep it up, your hard work will pay off

cgrimaldo · April 2014

Good luck in these next few days!

Testing on CISSP 14 April 2014

Comments