Going for CISSP in Afghanistan

aftereffector

As long as my testing center doesn't close unexpectedly, I will be attempting the CISSP CBT here in Afghanistan sometime in April or May. I've been studying for about four weeks now and I have just finished my first read-through of all of my material. My study plan is as follows:

First pass: Read one chapter in CISSP for Dummies, followed by the corresponding chapter in the Shon Harris AIO, until complete; no quizzes or practice questions from AIO just yet

Second pass: Complete first half of a domain in the Skillport online training module, read the corresponding chapter in Eric Conrad 2nd edition, then complete the second half of the Skillport module. Complete the ~15 chapter end questions from Conrad as well as the pre-test, mid-lesson questions, and lesson tests from Skillport.

I finished the Skillport and Conrad pass yesterday. Starting today, I will go through each chapter-end quiz from Shon Harris as a closed-book self test and record my scores. This will give me an idea of what I need to focus my studies on. When I am above 85%, preferably above 90%, in each domain according to CCCure and the accompanying Shon Harris practice exam book, I will consider myself ready for final review with the Sunflower PDF and my study notes. At some point in this process I'll book the test to make sure I don't slack off near the end!

stryder144

Wow! Keep us posted. I like the strategy and am really curious to see how it works out for you.

aftereffector

Okay, I finished the AIO chapter tests for all ten domains. My results are in:

Security Operations - 96%
BCP and DRP - 94%
Physical Security - 90%
Cryptography - 88%
Access Control - 83%
InfoSec Governance and Risk Management - 82%
Legal / Regulations - 77%
Security Architecture and Design - 74%
Software Development - 73%
Telecommunications and Network Security - 59%

...ouch. As a CCNA, that last one stung more than a little. WANs were my Waterloo with Cisco, and they're hitting me hard now. I missed questions on PEAP, remote procedure calls, EAP-TTLS, SASL, DNSSEC, CCMP, and so on. However, I now know what I need to focus on, and after a solid week of review, I hope to see my scores go up significantly.

zxbane

Looks like a solid study plan and I'm sure you will do great if you stick to it. Let us know when you pass!

da_vato

Overall it looks like your doing great . Telecommunications and Network Security is the largest section of both Conrad and Harris books so definitely work harder on that domain.

For only working on this for a month I'd say you're doing excellent.

colemic

Keep studying hard and take it ASAP - they can close testing centers at the drop of a hat (they did to me and I had to fly to Kandahar to take 2 tests).

LeifAlire

Are you taking the exam at a "Mobile Test" center...I wish they would never allow those "Centers" they are rife with cheating...

colemic

If he is on a military base, it is proctored in the Education Center and I highly doubt cheating is taking place. Or at least I would be REALLY surprised.

Meat

I took my CISSP exam at Signal University at Kandahar Air Field which was still open as of 2 weeks ago. The education center closed mid January. The exam is heavily proctored and you could not **** at either location. It's a shame that certification exams are proctored more closely than Nuke exams....lol

LeifAlire

Sorry man but I was over there for 18 months and witnessed a "Mobile Test" center in operation...those are proctored by friends not legit at all...

tprice5

well dang. I wish I would've read this last message. Sorry for the -1, LeifAlire?

We've got a test center here on base as well. It is definitely on the up and up. Unfortunately they only provide testing with Pearson Vue and not Prometric so we have to go out on the economy for all the Microsoft tests. Lucky me!

OP, enjoy that new Jeep Grand Cherokee

aftereffector

Another few days and another two chapters of review down - Telecom and Software Development. Telecom is still difficult for the sheer number of competing standards, but I think this read-through helped me differentiate between FR, ATM, X.25, and the rest. I also made progress on the flavors of EAP (EAP-TLS is the most secure because it has both client and server authentication through certificates; EAP-TTLS only requires certs for the server, and the client authenticates using some other method). The rest seems fairly doable. Next up are the other three problem domains: security architecture, cryptography, and legal - as well as a few CCCure questions as a check on learning.

aftereffector

Well, yesterday and today sucked. I took another full set of 50-question quizzes covering the ten domains on CCCure and my average actually dropped from the last time I quizzed myself. My problem domains are still the same, but the domains I thought I knew fairly well - cryptography and BCP mostly - aren't as solid as they were a week ago.

zxbane

after,

Don't get too caught up with the test scores and let them discourage you, I faced the same issue when studying. Just make sure you hit the weak areas and use numerous study resources if possible!

aftereffector

Thanks Zach! Your encouragement helped me push through that slump and get some good test scores on my next round of quizzing. I still have a few low scores here and there, but I feel like I am consistently understanding most of the tested material, with a few mistakes due to rushing through a question (I missed two negatives, like "which of these is not the best way to do something" in one quiz... d'oh) and I'm still trying to memorize random things like the EALs, Orange Book levels, the differences between the various VPN and WAN protocols, and some crypto stuff.

It doesn't look like the Army will come through with a voucher for this test in time for me to take it here - I'm leaving soon, thankfully - so I will go ahead and schedule it courtesy of MasterCard for a week from today. If I don't make it through the first time, I will go through the voucher process again at home station. But I really don't want to have to do that, of course

The countdown begins today!

da_vato

Good luck aftereffector. Don't forget to read through the (ISC)2 code of ethics and know the cannons. Even though it may be a stretch attempt to get a good nights sleep before. Oh and take somehting like jolly ranchers to snack on.

aftereffector

Thanks da_vato!

I re-read Security Operations in the AIO today and worked through some practice questions to gauge my knowledge of the domain. The test is booked and paid for. It's a good feeling, even though I'm also pretty nervous about the test. $600 is a lot.

mistabrumley89

Good luck champ!

NimrodHunter

Hello aftereffector, believe me, I felt the same way after reading all the post on how valuable practice exams where and recommending that you score between 70-80 percent to help ensure you "knew" your stuff and like you say $600 is a lot to spend on a test (which again I felt the same way). However, I never scored above 65% and still passed and felt like cccure and any other practice test did not prepare me for the test because they are NOTHING like the actual test. The only thing that help me was experience and kept thinking ... How would a manager answer this .. not a tech. Memorize the ISC2 code of ethics and its order (very important) as it will help you narrow down some harder questions and answers.

All the material is good to get an understanding of the subject matter and valuable, and it will help you with some "throw away questions", but the test isn't like any other test I've ever taken and again not one practice test came close to what to expect.

Just take your time, make sure you read the questions carefully and thoroughly, don't just assume an answer simply because "I read that in a book or saw the answer on a practice exam"

Good luck to you, you can do it!

aftereffector

Thanks Charles and NimrodHunter! I really appreciate the encouragement. It's almost completely a mental game at this point - I will keep reviewing tonight but right now I think I know what I know, and I hope that will be enough. I do have the (ISC)2 ethics memorized, and I feel fairly comfortable with the Common Criteria levels, the different security architectures, all the access control methodologies, and so on. I read through the Conrad book over the last two days and I skimmed through three or four chapters in the AIO this morning while half-paying-attention to a very, very, very long meeting. Nothing is really standing out as a deficiency in understanding but I'm sure I will encounter some topic on the first question that will make me curse all the studying I didn't do last week

I'll be signing into the testing center in just 21 hours. Fortunately (fortunately?) my day job is keeping me very busy today, so I don't have enough time to even think about the test as much as I usually would. CISSP is all well and good but if TACSAT isn't working, that is what I will be working on!

zxbane

Good luck and be sure to let us know when you pass tomorrow!

stryder144

Good luck tomorrow! I'm rooting for you!

keremozt

Good luck for tomorrow. Don't bother about useless details, I think you already know the essentials, just relax.That's the best thing to do, the exam will be long.

da_vato

Good luck!

jvrlopez

Best of luck!

aftereffector

The short version: I passed!

The long version: I tried to go to sleep early last night but ended up staying awake until about 1 AM doing nothing in particular. I had assumed I would be up late because of nerves and so I scheduled my test for the afternoon so I could sleep in a little. I went for a 30 minute run to wake up, studied for 2 or 3 hours - I did the 142 question comprehensive exam from the back of the Shon Harris book, scoring 78% - reviewed some of the chapter end summaries from the AIO, and got some lunch before signing into the testing center.

The test itself was a lot easier than I expected. I had the same feeling that jvrlopez described of wondering if I was in the right exam; the questions were straightforward, more like a Cisco exam than the tricky CCCure or Shon Harris AIO questions, and I was going pretty fast. I went through all 250 questions in 110 minutes and flagged 55 for review. After a 5 minute break, I took ten minutes to review them and felt confident about all but 12 of the flagged questions. I felt calm throughout the entire exam except for when I was halfway through my review, as I knew that I wasn't going to change more than one or two answers (if any) and my exam was basically done already. With 230 minutes left on the clock, I ended the exam and received the very welcome one-page printout.

My preparation consisted of approximately 60 days of studying, about 1-4 hours per day. My primary sources were the Shon Harris AIO 6th edition (very, very thorough, but also far more in-depth than the exam required); the Eric Conrad study guide, 2nd edition (also very good. I got the Kindle edition for this one); and the CISSP for Dummies book, which I used as a topic introduction for each domain before diving into the AIO. I read through every page of all three books before self-testing with the AIO chapter end quizzes, then drilled myself with the entire 1500 question CCCure database and the Shon Harris AIO companion practice test book. I kept reading the AIO as I had free time and concentrated on the things I felt unsure about - WAN protocols, security architectures, types of evidence, software design methodologies, and so on. Before the test, I felt unsure if my knowledge was good enough to pass, but I also felt fairly comfortable with all the information presented in the Eric Conrad and the majority of the information in the AIO.

Off to the validation process! Thanks to everyone for your support, answered questions, personal experiences, encouragement, and most of all, the sense of community in this forum. Special thanks to da_vato, zxbane, jvrlopez (best study recap I've ever read for anything, ever), NimrodHunter, Charles, stryder144... and so many more. Today is a red letter day!

jvrlopez

Congrats!!!

Nice to see we had a similar experience and the same result

It's funny how easy the test can seem if you study and have the right experience.

I'm glad my thread was able to help you!

da_vato

Congrats!!

zxbane

Knew you would pass, awesome job! You put in the time and it paid off.

Any goals next?

GeneC

Congrats! Thats fantastic!

It really nice to hear and also the common thread here is preperation and experience are key. I have just over 6 weeks till exam date, and its only recently that I am looking forward to taking it.

Thanks for all the encouraging posts of successfull CISSP's

Gene

colemic

Awesome! Congrats on the pass, especially in such a challenging environment... been there, done that, not going back.