I wanted to share my recent CISSP exam experience and get some advice.
Background : I have been in IT for the last 14 years and work as an IT Infrastructure and Security Architect. Over the years I have given a number IT certification exams from Microsoft, Cisco, VMware and Citrix. Also last year passed my Cisco Cyber Ops and as some of the material does overlap thought it would help. Now I understand these are technical exams and CISSP exam is not quite the same, as it is from a mangers point of view.
1st Attempt Feb 2019: After studying for 3 months using self-study books and online resources, I thought I was prepared for the CISSP exam. I learned all the quantitative risk formulas and the Encryption stuff. Pretty much all the technical stuff I was confident it.
But when it came to the exam the type of questions being asked threw me with Most , Best and First wordings as there was more than 1 correct answer and narrowing the right one down was tough. Also I was gutted I did not get any technical questions or quantitative risk formula questions as I was hoping to score easy marks on those. I also came across some topics I have not read in any of the resource material before.
Sadly I did not clear the exam. I got asked 150 questions on my 1st attempt, with 30 mins spare. So time was ok. Also the fact you cannot go back and mark questions for review is another point.
I was really disappointed but having got a break down of where my week topic were I thought Ok I know where to focus.
I got 3 topics Above Proficiency, 1 near Proficiency and 4 Below Proficiency. I knew the SDLC stuff was not strong and software development sections
So determined not to give up and pass it second time round I booked the exam on April 6 2019
This time round I knew where my weak areas were and used the following resources. I also was putting in around an hour a day of study over the 2 months.
I went over the things I was weak in from last times exam
I was more confident this time as I knew what to expect.
Then on the exam day- As I was going through my questions there were again some topics which I have not read in any of the resource material before and was not feeling very confident. I was pacing myself expecting to get up to 150 questions again and I still had 45 mins on the clock when I reached my 100 question. This time the exam ended after by 100 questions on the dot. I was really surprised as I did not think I had got 70%.
Sadly as anticipated the result was that I had failed again!! Once again no formula or technical questions. None of them I was hoping to get easy wins on.
Even more shocking this time I got only 1 Above Proficiency, 4 near Proficiency and 3 Below Proficiency. In a way, my score was worse than before. How is that even possible? Part of me thinks did I click the end exam button my mistake on the 100th questions. As I thought if I had got to answer the additional 50 questions I could have passed.
To say that I am gutted is an understatement
But I am not defeated; I am going to give the exam again but wanted to ask the community of any books and new study material I can use. As it seems the exam has evolved and the study guides are now slightly out of date.
I also wish they give you a score like all other IT certification exams.
Any tips from those who passed would be greatly appreciated.
I will give the exam again but I need to a new study strategy, otherwise I am just burning money. (ICS)2 must be making a killing on all of us who fail the exam. Why does the exam have to be so expensive? Anyway this is just a moan.
I took my exam a few days ago on April 4, 2019. To prepare, I purchased an app with practice questions and took one of the official ISC2 CBK 5 day courses (not considered a boot camp). I gained a lot of knowledge from this course but also have 17 years working in security and IT. I too thought surely that will help me on this journey. Finally, I bought the ISC2 Official Practice Questions latest edition. I did a lot like you and went through all these questions until I could answer them quite easily. I did learn from the questions so it wasn't a waste. I really felt like I was ready and prepared to take the exam. As soon as I saw the first question, I knew it was much different than any other practice questions I worked with previously. I believe the word "most" was used in 90% of the questions. I too noticed there were only a handful of questions that warranted a straight-forward answer. I studied the security models extensively but only got maybe 2 questions regarding that. It was a little disappointing. I ended up doing all 150 questions with only about 15 minutes left over at the end. Honestly, I didn't feel like I did that well on the exam but I did pass. One thing I did notice was it was fairly easy to eliminate at least 2 of the answers on most of the questions. At that point, you have a 50/50 chance of getting it right. You really do have to think more like a manager and answer questions based on that. I've taken 19 Microsoft and Cisco exams and this was by far the hardest. One last thing, once you've chosen an answer, don't change it. My instructor told us that over 90% of the time, when you change an answer, it's from the CORRECT answer to the INCORRECT answer. Only ~5% of the time, are you changing from INCORRECT to CORRECT. I applied that while taking my exam. Several times I wanted to change my answer but left it in the end. Hang in there and don't give up. You WILL pass and in the end, you'll be much better prepared than someone who might have passed on their first try.
I'm sorry to hear you failed twice. I agree the exam is expensive and it is mentally hard to prepare for another try.
I prepared with almost the same material than yours, so I can't give much additional advice. However, just my two cents:
* This video by Kelly Handerhan is great for getting the right mindset: https://www.youtube.com/watch?v=-99b1YUFx0A
* I used mainly the Pocket Prep mobile app for passing the CISM, and the questions were very close to the real thing. I cannot recommend it for CISSP, as I haven't used it, but I recall some people talking good about it.
Also, try Boson again, but now do not focus on choosing the right answer (that you probably have already memorized). Instead, before answering try to reason why the other options are not correct, and check if your argumentation was right.
> rka61 (Viewer) posted a new topic in Certifications on 04-07-2019 01:27 PM in the (ISC)Â² Community :
> Background : I have been in IT for the last 14 years and work as an
> IT Infrastructure and Security Architect.
> Over the years I have given a
> number IT certification exams from Microsoft, Cisco, VMware and Citrix.
Yeah, those aren't going to help much ...
> Now I understand these are technical exams and CISSP
> exam is not quite the same, as it is from a mangers point of view.
Managers complain it's too technical, techies compain it's too managerial ...
> when it came to the exam the type of questions being asked threw me with
> Most , Best and First wordings as there was more than 1 correct answer and
> narrowing the right one down was tough.
> Also I was gutted I did not get any
> technical questions or quantitative risk formula questions as I was hoping
> to score easy marks on those.
Yeah. When I studied, I got fixated on RADIUS and related technologies, and
figured I would fail unless I knew *every* detail of the protocols. Guess what: not
a single question on that whole area.
> I also came across some topics I have not
> read in any of the resource material before.
Yeah. I remember one question on my exam and I thought I bet I'm the only one
in this whole room that's even worked with that ...
> Boson CISSP Exam
> environment- This was a really good simulation software as the exam
> questions are worded very similarly so you get good practice in learning how
> to answer them.
Hmmmm. In my experience, not really ...
> Second time round around 80%+ as you remember some of the
Exactly. This is not an exam where you can remember any of the answers. You
have to know the field.
> In a way, my score was worse than before. How is that even possible?
With the CAT, it's really possible, since it's even more of a "subset."
> But I am not
> I am going to give the exam again but wanted to ask the community
> of any books and new study material I can use.
"Security Engineering" by Ross Anderson.
> Why does the
> exam have to be so expensive?
Because assessing experience is a non-trivial task ...
I can't express enough how correct mbenet is in his statement :
"Instead, before answering try to reason why the other options are not correct..."
The REASON why you should select an answer is the key to understanding. Most questions (like life) won't be "which if these is factually correct", instead you will face choices where every choice COULD be acceptable with variable consequences.
When you choose to go to the store from your home, you have choices. You might choose to drive your car because you will have to carry groceries, or it is far away. You choose which route to take to get there. All of these choices have VALID reasons. That isn't to say it couldn't be done some other way, but you validate your reasoning in such a way to say the method you chose is the BEST.
The same is true on the CISSP Exam. Knowing WHY an answer would be BEST, WORST, etc is where the "think like a manager" concepts come from.
I hope that helps.
do not give up!! Keep going!
My only advice is to use CRITICAL thinking, analyze the material and think what you WOULD do as a manager.
Go back to the BASICS, and do not overthink the exam. and DO NOT memorize but understand the materials