Plenty of great feedback in this thread for helping those who are trying reach the goal. Couple of observations based on this and other threads prior to passing the CISSP myself.
1. Frustrated test takers seem to have a similar point of view with study guide test questions not being helpful and significant content not tested. Are there any recommended guides out there which can assist and improve test takers techniques with the (Most, Best, etc) questions in relation to the CISSP material? This may not even be CISSP guides but would be my first recommendation to someone who is taking the test. Test taking skills just as being a polite human needs to be taught and practiced.
2. For those that truly do not have the in-depth experience as they thought, is there an official path they should start with? If you search google for passing the CISSP, you will receive a ton of different answers. As I stated in my earlier reply, I was able to pass the CISSP with Shon Harris 6th edition and ISC Study Guide 7th edition only because I was confident my experience level would speak to every domain. Note simply working for 20 years in any field does not make someone more experienced (leaving it at that).
If these two questions can be answered with more certainty, I believe it will remove some noise simply because the cost is significant to many and honestly I do not understand why there is not at least 1 retry attempt without cost. Again, I may be off basis here based on my recommended study search as I only used 2 self-study and experience so please share your thoughts.
I passed my CISSP exam back around end of June. I've also held Security+ certification. From my experience both exams are very different. There is a reason even CompTIA itself position CISSP as "expert" level certification and Security+ only has "Intermediate" on the IT certification road map, because the depth and breath of the knowledge domain they cover are different.
Was the exam difficult? Definitely! But personally I feel it's the right exam for CISSP. It's not just about memorizing the terminology or content, it's also about understanding and being able to apply the knowledge to different situation and threat landscape that's constantly changing. So picking a best choice as answer for the question is very fitting, and realistic. Can't have one shoe fit them all. As CISSP, we are supposed to know the terminology and content. What's IPS? What's web proxy? What's change management? What's WAF? That's not the objective of the exam. In real life, customer/audience/manager would ask you: What is the BEST way to protect the environment? What is the MOST Important item to work on this quarter/fiscal year? If we do not have these technology, what will Most likely to happen? Can't tell them: sorry, it's not in the CBK~
The study method that works for me is to ask/learn from others: Without much programming background, I asked my colleague who is a developer about SSDLC and that help me understand the chapter; With no prior knowledge in audit, I sit through one and ask auditor questions regarding the process; I attended cybersecurity conferences and meetings to enforce knowledge area that I'm not familiar with. I took the opportunity to ask speaker additional questions to help me understand the concept. All I can say is work experience help, and there is a reason people form study groups. I read only one book, watched the training modules on Pluralsight. But experience and ideas I learn from my colleague attribute more to me passing the exam.
Hope you find the study method that work for you.
The CISSP exam is no joke! I passed the legacy version in 2015. I studied like crazy for months. I credit my passing the exam not just to studying hard but also to my experience working in the industry.
Also, the thing which helped me the most in passing this exam was PERSPECTIVE - the questions must be answered from the perspective of a CISSP answering the questions using the knowledge from the CBK.
I hope you will take the exam again (and soon).