first thing first, you should be serious by passing the exam. it is tough yes, but also it will open your vision.If you are prepared well, you will be familiar with all concepts related to information security.
to make it clear, you know the difference among, lots of technical terms, weird words in the exam and questions, tons of information, huge amount of data, also the attributes of those items.
such an easy example, just like due diligence and due care (small tip, it is duty of care) you must catch up those tricky explanations,
information, is what, awareness of something, basic skill and recognition,
knowledge, is how, the skill the ability to solve problems using past expertise
insight, data, is why, understanding and creating designing standards.
he exam and the organization itself have the idea of you that you are prepared to be professional have both technical and management vision of insight. you should be able to distinguish lots of terms, why i must choose that way, public safety, what will be the everyones gain is?
the exam is hard to pass but not impossible, feel confident, prepare comprehensively, read and solve lots of books&questions dont focus just answers, the answers or questions indeed want to give you insight.
you should understand the idea behind the scene, see completely, dont make assumptions, understand, dont use just previous experince, technical knowledge, feel intrinsic feelings, deep dive, since you are the architect to make the story from begining till the end.
I would disagree with this statement when it comes to the new test. I recently took the CISSP exam in June after previously failing it when I took it in Dec of 2018. I used my boot camp books from 2018, over 1k flash cards. I bought over 1k test bank questions off of Udemy and spent hour upon hours, nights and weekends studying for the test and the test that was presented to me might as well have been in a foreign language.
The only question that had anything that was previously mentioned in my study materials was the code of conduct for ISC2 members. I am furious about the time and money I spent prepping for this to be presented with 99 obscure questions and a failure notice.
To echo EmreAtes:
The sentiment of the exam, which I agree with, is NOT to memorize a bunch of facts and see how much you remember. Instead, think about the study material as the building blocks of knowledge that you will need to rely on to solve the overall problem being presented. This seems to be the most common shock for all new CISSP test takers.
The facts from your flash cards and boot camp books are just that. They are facts. The exam is asking you to evaluate all of the possible solutions to an abstract problem, and seeing if you understand the facts well enough that you can weigh them against risk and other presented constraints.
The easiest way to describe this is by removing the technical facts and giving an abstract example. Let's suppose you worked for a bakery. To work in the bakery you learned all of the facts about ingredients, mixture ratios, baking equipment, kitchen safety, oven temperatures, and baking times. These are all facts you need to bake bread. In ideal world, armed with these facts you can select the best ingredients, mixtures, equipment and make the perfect loaf of bread. But alas, we don't live in an ideal world, we live in a world that is filled with constraints.
The CISSP exam is asking you to be the owner/manager of the bakery, and presenting you with a problem, such as what is the BEST way to bake 100 loaves of bread if one of your ovens is broken, and you have a client deadline of 8 hours from now. Knowing mixing time, as an example is a fact that leads you to understand that if you had people putting their hands in the mixing bowls to speed up the mixing process, you are introducing risk (safety, health hazards, etc). Baking more loaves at once affects oven temperature and can alter the quality of the product. Outsourcing the baking could cause your business to lose the quality control and possibly compromise your secret bread formula! Telling the client that they can't get bread on time is also a risk, to reputation and to the client taking their business elsewhere, etc. This risk has to be weighed against the other risks to understand the BEST decision to make here.
I hope that helps.