cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Dr_C_Lace
Newcomer II

CISSP Failed Exam 11/2018 ***Passed. 12/2018***

I wanted to share an experience about the CISSP exam I’d recently taken, and I'd like to receive exam beneficial feedback. In short, I had failed. In the last 6 weeks, I had clocked over 216 hours of concentrated study. Here’s what I had accomplished:

 

1) Read the entire CBK 4th edition cover to cover

 

2) Memorized all the questions and answers in the CBK (why the right are right and why the wrong are wrong)

 

2) Watched an entire CISSP video training series on Safaribooksonline… twice

 

3) Memorized all of the practice questions in the video series (why the right are right and why the wrong are wrong)

 

4) Read the Shon Harris book

 

5) Memorized the Shon Harris book “Quick Tips” portion of each domain

 

6) Memorized all the questions and answers in that book (why the right are right and why the wrong are wrong)

 

In effect, between these three resources, the facts, and I use that word specifically, were all in 100% alignment. In fact, in my last week, I basically reread through all the material in skim fashion and learned nearly nothing new. In my mind, I was 110% confident and ready for the exam ( counted over 500+ test questions memorized from multiple sources!). 

 

The exam.

 

I’m going to be as literal as possible, and try my best not to exaggerate my anecdotal figures. Within the first 10 - 15 questions, I already knew there was no way I felt like I was going to pass if the question format kept going the way it was. It was as if though the exam came from a completely different set of material. At the 150th question, I concluded that all that I’d studied was about 80% irrelevant. I’d say 70% or more of the questions were “What is the BEST…,” “What is the MOST likely…,” and “What is the MOST important…” In effect, all the FACTS I’d learned, studied, and committed to memory were completely useless with regard to passing the exam.  

 

Erroneous terms which are not even in the CBK were used in questions. THIS IS UNFAIR TEST PRACTICE. The test felt nothing like what a CISSP exam is supposed to be. In fact, If I had luckily passed the exam, I’d feel slightly undignified in that there's an entire bank of CISSP information in my head that was never even used. I would have been shocked if I did pass, given the questions. I would have thought, "How did I pass this thing anyway? Sheer luck? My knowledge on CISSP was barely touched..."

 

This is the part that really killed me; fact-based questions. Cold hard facts that you read in the book that I filled my notebook with never appeared on the test. Questions that I should have gotten 100% right because the answers are binary (either is or isn’t correct) were no where to be seen. The way I felt was that this test was not fact-based, it was subjective-opinion based. When I read questions that were almost fact based, there were answers I was expecting to see, and was ready to select. They oddly didn't appear, and I was sitting there with my arms crossed and head tilted to the side wondering, "What on earth are they expecting me to answer? The answer is "X" and it's not on the list!!!"

 

THIS TEST IS DESIGNED TO FAIL YOU.

 

Even if I had the CBK to reference on the test, it would have done me no good. The questions and answers to the test were not reference worthy. The mark of a good test is that the questions have to have a correct answer that is attributable to official study material. PERIOD. Otherwise, you're just making things up, and the test is whether or not I can read someone's mind and see the world as they do. That's just wrong.  

 

I don’t know what to feel at this point. I felt so confident, and I was completely shot down, and down $700 with not a thing to show for it. I feel scammed. The sad thing, is that I love IT and cyber security. I’ve been doing it in my career over 15 years. Truthfully, when I started the CBK study, I’d say a solid 60-70% of the material in the book I already knew just from doing it as my job. There was no reason I should have failed this. This cert wasn’t supposed to help me really improve my career as much as it was supposed to validate all that I’d already done.

 

This is not my first professional grade certification! I am TOGAF 9, PMP, and CompTIA Security + certified. CISSP is the worst test I've ever taken in my life!

 

Frankly, I don’t even know how to study for this test anymore. How does one study for questions like “BEST, MOST likely, MOST important thing to do…” I want APPROVED material that contains the answer to EVERY possible question that test has for me. If i cannot trace back a test question to a direct answer in a book, then the question needs to be thrown out. Period. You're testing my knowledge on facts written in a book. ISC2 does not have the right to just take someone's money for a certification that is suggested to represent the knowledge found in their CBK and totally rick-roll you into a test with questions that have nothing to do with the CBK official test material. If you have ANY advice to give me, I’d be happy to take it. I still want this cert.

 

(If you are not a test taker post April 2018, then I don't think I want your opinions or words in this forum as it's probably irrelevant. I want help from someone who has passed it after this date, and the correct material I need to study for the exam. The ISC2 CISSP CBK, Shon Harris book, and the latest Sybex book, which I am reading now, is regurgitating all the information I already know, and KNOW FOR A FACT is not on the test.)

101 Replies
Wemack57
Newcomer II

I agree experience helped me pass my CISSP! I tell my students "think like a manager, relate everything to CIA, and the exam is a mile wide and an inch deep".

 

Warren

Spoon2k
Newcomer I

Sorry to hear that you didn't pass. I also failed during this summer but I managed to pass it about 2 weeks ago on my second attempt. What did I do differently? I looked at my score sheet result and focused my studies heavily on my 4 "failed" domains and made an honest commitment to myself that I wasn't going to quit until I pass this exam.  I also picked up new reading materials and new practice question sets.  I did around 5k to 7k practice questions in total and I made sure I actually understood the concepts and not just memorizing them.  There's actually a difference.  That's one thing I want to touch upon after reading your post.  I know you mentioned you have several other certifications in the bag with numerous years of working experience in the field which is great but the word I keep seeing in your list of preparation is "memorized". After failing my initial attempt in the summer, I quickly found out that utilizing memorization for this particular exam is a bad thing.  Sure, there are some things you can memorize like the different block and key sizes in crypto or how tall a fence should be to keep a determined intruder out etc. but for the vast majority of the CISSP concepts, I think memorization will steer you in the wrong direction when it comes to the actual test because of how it's worded and written.  The only way to combat and win this exam is to deeply understand the concepts which will help you pick the BEST or MOST correct or LEAST wrong answer in any given situation the test may throw at you.  

 

I know the feeling of after weeks and months of preparation for this costly exam only to find out that you have failed. I've been there and so have many other people so you are definitely not alone.  Take a short break from CISSP but not too long of a break to let out some steam and venting but then jump right back in and tweak your studying preparations for the next attempt. 

 

I wish you all the best and I look forward in seeing your passing post sometime in the future!

CISOScott
Community Champion


@Dr_C_Lace wrote:

I wanted to share an experience about the CISSP exam I’d recently taken, and I'd like to receive exam beneficial feedback. In short, I had failed. In the last 6 weeks, I had clocked over 216 hours of concentrated study. Here’s what I had accomplished:

 

1) Read the entire CBK 4th edition cover to cover

 

2) Memorized all the questions and answers in the CBK (why the right are right and why the wrong are wrong)

 

2) Watched an entire CISSP video training series on Safaribooksonline… twice

 

3) Memorized all of the practice questions in the video series (why the right are right and why the wrong are wrong)

 

4) Read the Shon Harris book

 

5) Memorized the Shon Harris book “Quick Tips” portion of each domain

 

6) Memorized all the questions and answers in that book (why the right are right and why the wrong are wrong)

 

In effect, between these three resources, the facts, and I use that word specifically, were all in 100% alignment. In fact, in my last week, I basically reread through all the material in skim fashion and learned nearly nothing new. In my mind, I was 110% confident and ready for the exam ( counted over 500+ test questions memorized from multiple sources!). 

 

The exam.

 

I’m going to be as literal as possible, and try my best not to exaggerate my anecdotal figures. Within the first 10 - 15 questions, I already knew there was no way I felt like I was going to pass if the question format kept going the way it was. It was as if though the exam came from a completely different set of material. At the 150th question, I concluded that all that I’d studied was about 80% irrelevant. I’d say 70% or more of the questions were “What is the BEST…,” “What is the MOST likely…,” and “What is the MOST important…” In effect, all the FACTS I’d learned, studied, and committed to memory were completely useless with regard to passing the exam.  

 

Erroneous terms which are not even in the CBK were used in questions. THIS IS UNFAIR TEST PRACTICE. The test felt nothing like what a CISSP exam is supposed to be. In fact, If I had luckily passed the exam, I’d feel slightly undignified in that there's an entire bank of CISSP information in my head that was never even used. I would have been shocked if I did pass, given the questions. I would have thought, "How did I pass this thing anyway? Sheer luck? My knowledge on CISSP was barely touched..."

 

This is the part that really killed me; fact-based questions. Cold hard facts that you read in the book that I filled my notebook with never appeared on the test. Questions that I should have gotten 100% right because the answers are binary (either is or isn’t correct) were no where to be seen. The way I felt was that this test was not fact-based, it was subjective-opinion based. When I read questions that were almost fact based, there were answers I was expecting to see, and was ready to select. They oddly didn't appear, and I was sitting there with my arms crossed and head tilted to the side wondering, "What on earth are they expecting me to answer? The answer is "X" and it's not on the list!!!"

 

THIS TEST IS DESIGNED TO FAIL YOU.

 

Even if I had the CBK to reference on the test, it would have done me no good. The questions and answers to the test were not reference worthy. The mark of a good test is that the questions have to have a correct answer that is attributable to official study material. PERIOD. Otherwise, you're just making things up, and the test is whether or not I can read someone's mind and see the world as they do. That's just wrong.  

 

I don’t know what to feel at this point. I felt so confident, and I was completely shot down, and down $700 with not a thing to show for it. I feel scammed. The sad thing, is that I love IT and cyber security. I’ve been doing it in my career over 15 years. Truthfully, when I started the CBK study, I’d say a solid 60-70% of the material in the book I already knew just from doing it as my job. There was no reason I should have failed this. This cert wasn’t supposed to help me really improve my career as much as it was supposed to validate all that I’d already done.

 

This is not my first professional grade certification! I am TOGAF 9, PMP, and CompTIA Security + certified. CISSP is the worst test I've ever taken in my life!

 

Frankly, I don’t even know how to study for this test anymore. How does one study for questions like “BEST, MOST likely, MOST important thing to do…” I want APPROVED material that contains the answer to EVERY possible question that test has for me. If i cannot trace back a test question to a direct answer in a book, then the question needs to be thrown out. Period. You're testing my knowledge on facts written in a book. ISC2 does not have the right to just take someone's money for a certification that is suggested to represent the knowledge found in their CBK and totally rick-roll you into a test with questions that have nothing to do with the CBK official test material. If you have ANY advice to give me, I’d be happy to take it. I still want this cert.

 

(If you are not a test taker post April 2018, then I don't think I want your opinions or words in this forum as it's probably irrelevant. I want help from someone who has passed it after this date, and the correct material I need to study for the exam. The ISC2 CISSP CBK, Shon Harris book, and the latest Sybex book, which I am reading now, is regurgitating all the information I already know, and KNOW FOR A FACT is not on the test.)


Your last statement says volumes about why you didn't pass. You evidently are smarter than the test or at least that is how your post comes across. Sounds like you just want the answer key to the test and not to learn anything because you already know it all.

 

The CISSP test is not designed to fail you, it is designed to test your application of security and the ability to apply it, not a regurgitation of ports and protocols.

 

You want the correct material to study for the exam? Well you just lost it by thinking that anyone who PASSED the test before April 2018 is irrelevant or can't help you. Perhaps you should have waited a day or two to cool off before you came in here and vented. Sounds like you want an exam dump, which is illegal and against the canon of ISC2 ethics, which is also potential exam material, per the official guidance.

 

So if a doctor in a hospital knows that there is a heart, a hand, a foot, and a knee in a body, shouldn't they know and be able to operate on the most crucial (BEST) body part to work on in an emergency? Or is it just good enough that they know these body parts and can point them out on a patient? Now you see why you failed.

Shannon
Community Champion

 

@CISOScott wrote:


Your last statement says volumes about why you didn't pass. You evidently are smarter than the test or at least that is how your post comes across. Sounds like you just want the answer key to the test and not to learn anything because you already know it all.

 

The CISSP test is not designed to fail you, it is designed to test your application of security and the ability to apply it, not a regurgitation of ports and protocols.

 

You want the correct material to study for the exam? Well you just lost it by thinking that anyone who PASSED the test before April 2018 is irrelevant or can't help you. Perhaps you should have waited a day or two to cool off before you came in here and vented. Sounds like you want an exam dump, which is illegal and against the canon of ISC2 ethics, which is also potential exam material, per the official guidance.

 

So if a doctor in a hospital knows that there is a heart, a hand, a foot, and a knee in a body, shouldn't they know and be able to operate on the most crucial (BEST) body part to work on in an emergency? Or is it just good enough that they know these body parts and can point them out on a patient? Now you see why you failed.


Kudos for that @CISOScott--- I was sincerely wondering when someone would start showing tough love in this thread.

 

@Dr_C_Lace, as many of the others have stated --- & was last emphasized here --- it's not just a matter of rigorously preparing yourself in the way that you described and expecting that to guarantee a passing score.

 

I found that out the hard way, and I've not bothered replying because you asked those who took the exam before April 2018 to refrain. While I took it some years ago, I found it tough then too. My initial method of preparing was simply what I did for the other exams I had taken, such as the ITIL, MCSE, CCNA, etc. (For those, you could depend on having a good know-how of the study materials.) Alas, that didn't work, and I failed the attempt.

 

After that, I went on to go through a lot of questions, analyzing them, and coordinating with those in study groups to clarify things. Like others have also said, work experience plays a big role in the outcome. And during the exam, about 25% of the questions I faced were similar to the ones I earlier saw --- but all of my preparation paid off.

 

I took my CISM in December 2018, so perhaps my verdict on that would qualify for you. For this I chose to bank only on accumulated knowledge --- from my CISSP preparation --- & work experience, and relied only on the practice questions in a study group. Credit to a friend who convinced me to try it; while I wasn't keen, he assured me that passing the CISSP would mean I would do fine on this.

 

Again, I was confronted with a myriad of new questions --- this time, only a fraction of the questions were similar to what I'd read. But at the end, it didn't make a difference.

 

Some advice to add to your existing approach:

 

  1. Try as many practice questions as you can, and always attempt to connect provided answers to the CBK information.
  2. Don't accept answers that seem wrong as the 'word of God,' but attempt to clarify these --- either through online research or coordination with others. (Study groups / forums would be great for this)
  3. Look for patterns in the questions, along with words in the scenarios painted. This would help justify provided answers, and also make you more comfortable with new questions.
  4. Relate your work experience to the scenarios in the questions, 'coz multiple factors often affect the outcomes & thus the answers.

See the exam as challenging to pass --- rather than designed to fail --- and take up that challenge again...

 

 

 

 

 

 

 

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Shannon
Community Champion


@Shannon wrote:

I took my CISM in December 2018, so perhaps my verdict on that would qualify for you. For this I chose to bank only on accumulated knowledge --- from my CISSP preparation --- & work experience, and relied only on the practice questions in a study group. Credit to a friend who convinced me to try it; while I wasn't keen, he assured me that passing the CISSP would mean I would do fine on this.

Correction:  CISM in December 2017

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
teac22003
Viewer III

Both exams were the current version.

Things I did before the May 2018 exam included:

  • Took a 5 day training course
  • Read the ISC2 7th edition and did the practice exams
  • Created a large set of flashcards on Quizlet and tested myself those as well as other individual's flashcards
  • Downloaded the Total Seminars CISSP testing software and went through about 1500 questions
  • Watched the Cybrary CISSP

The result of me taking the 1st exam was a below proficiency in most domains, and only passing one.  To be honest I did not feel like I had a solid understanding of everything, but did not expect to do that bad.

 

Things I did before the November 2018 exam included:

  • Read the entire ISC2 8th edition and completed 1500 or so test questions also reviewed 700+ ISC2 flashcards
    • Any test questions I got wrong I would refer back to the the book and make sure I understood the answer.
  • Read the Eric Conrad CISSP Study Guide and tested my self with all of those questions.
  • Created over 300 flash cards that I constantly reviewed

This time I felt very confident I understood all the domains sufficiently to pass.  The result was again passing only one domain (the same one) and getting a "near proficient" in all the others.  Better but still failed.

 

Things I did before the May 2019 exam included:

  • Took another 5 day training course, and constantly studied in the morning and at least 2-3 hours every night
  • Continued to test myself using Quizlet

The day after my training course was over I went to take the exam for the third time and finally PASSED!. Make sure when you are taking the test you look at each of the answers very carefully.  Wish I could give some tips on what I did different to be able to pass, but I really think it just comes down to understanding the material.  The more your read, study, and test yourself then the more likely you are to do well on the exam.

 

Thanks

Lost + Confused........

denbesten
Community Champion


@Dr_C_Lace wrote:

 

(If you are not a test taker post April 2018, then I don't think I want your opinions or words in this forum as it's probably irrelevant.


Sad that you feel that way.  You are shutting yourself off from the wisdom of 13,365 CISSPs on this forum that have successfully passed the exam. When you are ready, I have three bits of advice:

 

  1. Meditate on @CISOScott's critical insight:

    The CISSP test is not designed to fail you, it is designed to test your application of security and the ability to apply it, not a regurgitation of ports and protocols.

  2. Watch The Karate Kid (1984). You are Daniel. Your 216 hours equates to "wax on; wax off".
  3. Review the sage advice that has already been offered across this community to others who did not pass. There is a lot to learn from the Mr Miyagis on this community.

 

nagarajan
Contributor I

Hi Christopher,

 

I agree to what (William DenBesten) has said. I can imagine how you might be feeling after 2 unsuccessful attempts. Since you have attempted the exam twice, you would know the domains and topics where you scored less. 

A few points that may help you for any exam:

1. Do read the question well and see if you understand what has been asked and if you know about it. Many folks often don't read the question well and jump on the anser.

 

2. Gauge your understanding of domains/topics/subjects by explaining to others. If you know something well then you can explain them well.

3. Read more on topics that you find hard to understand.

4. While taking practice tests, think what would be your best choice to solve a given problem.

5. Shon Harris AIO is suited for all, the book is very nicely written and Shon Harris. Some people find the official study book from isc2 is a bit tough to understand. 

6. Watch videos on topics that you find are not easy to understand by just reading. Try the cccure quizzes, it helps in testing your knowledge domain wise. I find it useful to see how much time do I take to attempt the #of questions.

 

Back in 2014, there were 250 questions and 10 domains. It was a bit intimidating as there were only few who had passed the exam. What works for one may not necessarily work for all, but use all the resources as they are going to talk about security and made for CISSP aspirants.

 

I wish you luck for the exam.

Nagarajan

 

Regards,
Nagarajan Viswanathan (Raj)
rslade
Influencer II

> Dr_C_Lace (Viewer) posted a new topic in Career on 11-06-2018 04:32 PM in the (ISC)² Community :

My word, we *are* feeling sorry for ourselves, aren't we?

> I wanted to share an experience about the CISSP exam I’d recently taken,
> and receive exam beneficial feedback.

Well, I don't know how "exam beneficial" it will be, but you'll get feedback 🙂

> In short, I had failed.

OK, yeah, that was short.

> In the last 6
> weeks, I had clocked over 216 hours of concentrated study.

Yeah, that was concentrated. Might be a bit better if you spread it out ...

> Here’s what I
> had accomplished:

Not sure that's an accomplishment, but ...

>   1) Read the entire CBK 4th edition cover to cover   2)
> Memorized all the questions and answers in the CBK

OK, I have previously noted that practice tests and questions, in most cases, are
really not that helpful. Sorry, they just aren't. Period.

> (why the right are right
> and why the wrong are wrong)

This is an interesting comment. (Which you reiterate, again and again.) Who told you *why* the right are right and the wrong are wrong? Don't get me wrong: when giving the practice questions *I* use (no, you can't have them. Unless you're in the Vancouver area) I always concentrate on the "why." But you seem to be studying alone. (Which is possibly another problem ...)

>   2) Watched an entire CISSP video training
> series on Safaribooksonline: twice   3) Memorized all of the practice
> questions in the video series (why the right are right and why the wrong are
> wrong)

Se above re: practice questions.

>   4) Read the Shon Harris book   5) Memorized the Shon Harris book
> “Quick Tips” portion of each domain

As I have noted before, although Shon's stuff is useful, I always refused to answer any question that started out "Shon Harris says ..." She just made too many mistakes, "explaining" things she didn't actually understand. (If you really had the 15 years experience you claim, I'm surprised you didn't notice that ...)

>   6) Memorized all the questions
> and answers in that book (why the right are right and why the wrong are
> wrong)

See above re ...

>   In effect, between these three resources, the facts, and I use
> that word specifically, were all in 100% alignment.

OK, now I *know* you haven't memorized as much as you said, since I know that, at the very least, the official guide and Shon aren't in alignment in many, many places.

But you still only read three sources. That's not necessarily enough. First off, read Anderson. ("Security Engineering, Ross Anderson) Secondly, have you read any actual source literature? (*None* of the study guides are source literature.  Check out
http://victoria.tc.ca/int-grps/books/techrev/mnbksccd.htm )

> In fact, in my last
> week, I basically reread through all the material in skim fashion and
> learned nearly nothing new. In my mind, I was 110% confident and ready for
> the exam ( counted over 500+ test questions memorized from multiple
> sources!).    The exam.   I’m going to be as literal as possible, and
> try my best not to exaggerate my anecdotal figures. Within the first 10 - 15
> questions, I already knew there was no way I felt like I was going to pass
> if the question format kept going the way it was. It was as if though the
> exam came from a completely different set of material.

Very common reaction. I tell candidates that this is the hardest exam they have ever seen, and not to panic if it takes a couple of dozen questions to get into the swing of it.

But, no, it all comes from the same material.

> At the 150th
> question, I concluded that all that I’d studied was about 80% irrelevant.
> I’d say 70% or more of the questions were “What is the BEST…,”
> “What is the MOST likely…,” and “What is the MOST important…” In
> effect, all the FACTS I’d learned, studied, and committed to memory were
> completely useless with regard to passing the exam.

Well, not *completely* useless, but, no, you can't get by on just "FACTS," as you call them. You have to be able to do synthesis, and analysis, and (and this is where the BEST and MOST questions come in) judgment and critical thinking.

>     Erroneous terms
> which are not even in the CBK were used in questions.

"Erroneous" terms? Look, I wrote the dictionary, so I've got a far better right to make that kind of claim, and it just doesn't hold up. As far as not being in the CBK, the CBK is basically a list of included topics. It's not a cast-in-stone, nothing-else-gets-in document.

> THIS IS UNFAIR TEST PRACTICE.

No. Sorry. I've been a teacher for over fifty years; I've done special study on tests and measurement; I've created lots and lots of exams. (From kindergarten on up to post-grad, and on to commercial training in business and industry.) This is not unfair test practice: far from it. Just because you failed, and you're upset, you don't get to make that claim.

> The test felt nothing like what a CISSP exam is supposed to be.

How do you know? Thousands of people over the years have worked very diligently to make sure it does what it is supposed to: assess whether people know what they are talking about when they talk about security.

> In fact, If I had luckily passed the exam, I’d feel slightly undignified
> in that there's an entire bank of CISSP information in my head that was
> never even used.

If it was an exhaustive test it would take a couple of months to write ...

> I would have been shocked if I did pass, given the
> questions. I would have thought, "How did I pass this thing anyway? Sheer
> luck? My knowledge on CISSP was barely touched..."   This is the part that
> really killed me; fact-based questions. Cold hard facts that you read in the
> book that I filled my notebook with never appeared on the test.

Again, 1) the exam isn't, and can't be, comprehensive, and 2) facts are not the only things being tested.

> Questions
> that I should have gotten 100% right because the answers are binary (either
> is or isn’t correct) were no where to be seen.

Exactly. This isn't an exam that you can memorize all the answers. What use would that be? It would only test whether you can memorize a lot of stuff, not whether you can understand or use it.

> The way I felt was that
> this test was not fact-based, it was subjective-opinion based.

Yeah, a lot of people feel that way, when they first encounter it. But it isn't subjective, and it isn't based on opinion. There are reasons. You have to understand them.

> When I read
> questions that were almost fact based, there were answers I was expecting to
> see, and was ready to select. They oddly didn't appear, and I was sitting
> there with my arms crossed and head tilted to the side wondering, "What on
> earth are they expecting me to answer? The answer is "X" and it's not on the
> list!!!"

Yeah. Sometimes you'll see four "right" answers. And you have to pick the one that is *most* right. Sometimes you see four wrong answers, and you have to pick the one that is least wrong. Life (and security) isn't neat and tidy and fact-based. We need to know you can handle it.

>   THIS TEST IS DESIGNED TO FAIL YOU.

Yes. If you don't have the experience and judgment to do the job.

>   Even if I had the CBK to
> reference on the test, it would have done me no good. The questions and
> answers to the test were not reference worthy.

Oh, they all have references. At least two for evey question.

> The mark of a good test is
> that the questions have to have a correct answer that is attributable to
> official study material. PERIOD.

Ummmm, no. That hasn't been the case since the primary grades. That is the mark of a test written by a lazy teacher.

> Otherwise, you're just making things up,
> and the test is whether or not I can read someone's mind and see the world
> as they do.

Not just someone's mind. The minds of an awful lot of experienced people, many of whom are leaders in this industry.

> That's just wrong.     I don’t know what to feel at this
> point. I felt so confident, and I was completely shot down, and down $700
> with not a thing to show for it. I feel scammed.

Sorry you feel that way. It can be upsetting, I know. Get a good night's sleep, and get up and try again.

> The sad thing, is that I
> love IT and cyber security. I’ve been doing it in my career over 15 years.

OK, *that* surprises me. I would have thought that anyone who has had that much experience, and who claimed to love the field, would have had a really good chance. What kinds of things have you been doing over that time?

> Truthfully, when I started the CBK study, I’d say a solid 60-70% of the
> material in the book I already knew just from doing it as my job.

Yeah. I took a seminar, and, after a few days, Gloria asked me if I was learning anything. I had to think about it for a few minutes and reply that, no, since all of us were quite experienced, we weren't learning anything, but we were having a really good time swapping war stories 🙂

> There was
> no reason I should have failed this. This cert wasn’t supposed to help me
> really improve my career as much as it was supposed to validate all that
> I’d already done.

Quite true. So I'd look at what you have, actually done ...

>   This is not my first professional grade
> certification! I am TOGAF 9, PMP, and CompTIA Security + certified. CISSP is
> the worst test I've ever taken in my life!

No, it's probably the best. If you use it right ...

>   Frankly, I don’t even know
> how to study for this test anymore.

Yeah. I get that. You went in brim full of confidence. Maybe, if I might say so, a little arrogant. And you got shot down. And it's hurt. And it's hurt your pride.  And, being hurt and having been unexpectedly failed, you can't think where to go from here. (Been there, a few times.) And you're probably depressed over it all, so it's even harder to think of what to do.

Find a study group. Or create a study group. Find a local ISC2 chapter or other security group. Read Anderson. Read some of the other books from that list I gave you earlier. Read/subscribe to the RISKS-Forum Digest. Read more here on the "community." That should give you some starting points.

Oh. And accept that you might not be the greatest security maven since Bruce Schneier. Yet.

How does one study for questions like
> “BEST, MOST likely, MOST important thing to do.

For that, unfortunately, you need experience. Some yours. (You can also borrow some from other people, if you stop thinking that you, personally, know all the answers.)

> I want APPROVED
> material that contains the answer to EVERY possible question that test has
> for me. If i cannot trace back a test question to a direct answer in a book,
> then the question needs to be thrown out. Period.

Not for this exam. Doesn't work that way.

> You're testing my
> knowledge on facts written in a book.

Life doesn't come from a book.

> ISC2 does not have the right to just
> take someone's money for a certification that is suggested to represent the
> knowledge found in their CBK and totally rick-roll you into a test with
> questions that have nothing to do with the CBK official test material. If
> you have ANY advice to give me, I’d be happy to take it.

Well, here's the advice. We'll see whether you take it ...

> I still want this
> cert.

Good.

>   (If you are not a test taker post April 2018, then I don't think I
> want your opinions or words in this forum as it's probably irrelevant. I
> want help from someone who has passed it after this date, and the correct
> material I need to study for the exam. The ISC2 CISSP CBK, Shon Harris book,
> and the latest Sybex book, which I am reading now, is regurgitating all the
> information I already know, and KNOW FOR A FACT is not on the test.)

When discussing different certs, I usually tell people that if they want a job tomorrow, take a SANS cert. If they still want to have a job in ten years, take the CISSP. The CISSP is based on the foundations, the fundamentals, the basics.  Those don't change over time.

======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

> Dr_C_Lace (Viewer) posted a new reply in Career on 11-06-2018 06:20 PM in the (ISC)² Community :

> If you know the facts,
> you can apply facts to the scenarios, and the answers should be SCREAMING at
> you, "PICK ME! I'M RIGHT!"

You're still too hung up on what you choose to perceive as "facts," but you are right that, most of the time, your first response is probably the correct one. I tell candidates that it's very easy to "overthink" questions and, after your initial experience, that is definitely something you will need to guard against.

> The words of test are actively trying to
> deceive you.

No. They aren't. They are just trying to determine if you actually do understand the concepts, rather than simply regurgitating what "Shon Harris says ..." 🙂

>   For this failure of a test, I am suddenly thrown curveballs,
> one after another, where the test doesn't even cover the approved material,
> but instead asks all sorts of questions that have nothing to do with CISSP
> as a practice.

You say you love security. I love it. One of the reasons I love it is that *everything* you learn is relevant to security ...

> Given how bad the test was, I would have actually felt bad if
> I did pass, and certainly sorry for the next person that had to take it. I
> would have to literally "wish them the best of luck" because they would
> absolutely need it.

If you insist on staying with the "they are trying to trick me" mindset, you are going to be fighting the exam. Fighting the exam is a really good way to fail ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Ye cannae just rush in anywhere. It looks bad, havin' to rush
oout again straight awa'. - `The Wee Free Men,' Terry Pratchett
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468