Passed my CISSP today. Very happy. 90-95% of the exam is not technical but they throw in a few questions are very technical. I obviously can't disclose questions but there were some very specific items of technical chicanery on certain things. Fortunately, I knew the answers to some, but not the others. If I had memorised a few more specific technicalities from the Conrad or Sybex study guides on certain matters I would have felt better during the exam! But overall it is certainly true that most of the questions are managerial in style but there are certainly some technical ones too.
Beyond that, lots of things you'd expect so no surprises. I’ll just say that the Eric Conrad study guide pretty much covered all the content I needed. There were a small handful of questions on material I had never seen or heard about before – I presumed they were part of the 25 ‘research questions’ that don’t count. At least, that’s what I told myself to feel better(!) One of them was a certain abbreviation for something which I had never seen before. Well I’ve since searched the CBK and Sybex/Conrad and can’t find it so I’m relaxed about that and assume it’s part of the ‘25’!
The exam really was a mile wide.
Which material is the best?
Looking back, I think that the Eric Conrad books are the best. On the two days prior to my exam, I read the whole of his study guide (not the 11th hour, but the full version). It really prepared me very well. Beyond that, official Sybex was pretty good but a bit dry. Conrad explains things better and covers the same ground.
For videos, there's the outstanding free Cybrary ones of course but I really recommend the 60 hour set of videos from David Miller (which is at SafariBooksOnline - you need to buy a minimum one month subscription but really worth it. The same website also has brilliant summary videos from Sari Greene which are as good as the Cybrary ones. It also has Sybex, Eric Conrad, and a load of other CISSP books so I recommend everyone get a subscription). You can get a one week free trial BTW.
There is a brilliant Audio Book by Phil Martin called Simple CISSP. I listened to this a lot in the weeks leading up the exam. Highly recommended. Similar to the Cybrary videos for a great summary of essentials. If you don't have an Audible account then you can get one free book so do sign up (remember to cancel subscription though and you'll pay nothing). I used this a lot on the commute to work and at the gym – basically whenever I couldn’t read a book. It was invaluable. It’s a 16 hour audiobook so not as in depth as, say, David Miller, but equivalent to Cybrary. He covered the large majority of things on my exam – really worth it.
Which practice exam questions were closest to the exam?
First, I get a bit baffled by some people online who expect practice exam questions to be found on the real exam. Why would anyone think that?!!! I've read complaints on various boards from people saying that the real exam didn't have any questions found in the practice exams. But why should they? I'm really surprised people expect that! Anyway, I used a few practice exams:
Sybex - pretty close to the real exam style IMO but a bit too technical. And there are too many “easy answers” - what I mean is that of the four choices, Sybex very often have three "obviously wrong" answers. That's NOT what the exam was like for me. In my exam, there was typically one "obviously wrong" answer but often three that were plausibly correct. That makes the exam significantly harder than Sybex, even if the style of the question is right. Sometimes, the exam had FOUR very plausibly correct answers, so it was very tough to choose one. By contrast, the official Sybex questions often has 3 “obviously wrong” answers so you can find the right answer by eliminating the ones that are obviously wrong. In my real exam there were plenty of questions with four plausible answers.
The other problem with Sybex is that the question set is a bit narrow. I’ve done all of them including both 250 question mock exams. The problem with Sybex is that too many of the same topics come up again and again and you can be lulled into a false sense of security by being tested on the same thing, which causes you to gain particular knowledge. For instance, Sybex have lots on Kerberos. Well fine, but what about Sesame or other systems? After doing a few Sybex questions, and learning from the answers, I became very knowledgeable on Kerberos but soon realised I was getting all Kerberos questions right but deep down knew that I had very little knowledge of Sesame which uses difference terminology and adds extra features. There are lots of other examples of that with Sybex. By the time, I came to the final 250 practice exam, I could almost predict what topics would come up. Unsurprisingly, I passed the Sybex practice exam very easily but the real exam was far harder. Most other practice exams have a better range of questions.
Shon Harris / Jonathan Ham practice exams book, 4th edition – this is WAY, WAY too technical. The exam is not like this at all. I am not a technical person so found these questions very difficult. I was averaging about 55-60% yet I still passed the real exam today! This practice exam book needs a total rewrite because the real exam has far fewer technical questions of this type.
PocketPrep Phone App – FAR FAR too easy. Don’t waste your time with this. I was getting close to 90% and the 10% I got wrong was because the question was phrased in a weird way, as if not written by a native English speaker. These questions are far too easy. While the exam has some easy questions the PocketPrep app is almost entirely easy. It is not a good guide.
Eric Conrad - probably the closest questions to the exam with very well chosen questions BUT the answer choices are too easy. In the Conrad book and accompanying online practice exam, the four choices contain too many "obviously wrong" answers. This is the same complaint I had with the Sybex official answers, where you can find the correct answer by eliminating the obviously wrong ones. The real exam is not that easy. In my exam, I often found it hard to choose the correct answer because 3 or even 4 answers were plausibly correct. However, in general, the type and style of Conrad’s questions are close to the real thing. Conrad's questions are on his publisher's website which is here:
http://booksite.syngress.com/companion/conrad/ (but needs flash so might not work on mobiles)
Finally, a quick tip: Do the CISM! I passed that exam several weeks ago. I wasn't planning on doing it but someone pointed out that it's very similar to CISSP but less technical. I spent about a week preparing for it because the content is so similar to CISSP. The exam is not difficult if you know the non-technical bits of CISSP. Passing the CISM really destressed me because it took the pressure off the forthcoming CISSP exam. I felt that if I failed the CISSP it would still be ok because I already got the CISM! I wrote about my CISM experience here:
http://www.techexams.net/forums/isaca-cisa-cism/129059-passed-cism-last-week.html
Overall CISSP exam experience day was stressful. The exam is tough and I really thought I might have failed. I expect I didn't pass by much. Good luck to all who are taking this. And thanks to the many people who freely give their time to help others on this site. Your help and advice was part of the reason I passed.
