cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Newcomer III

How deep is too deep when studying for the CISSP?

Hi all,

 

I am along the path of studying for the CISSP with quite a few resources (Official CBK, Harris' "All-In-One" Exam Guide, Lynda.com videos, Cybrary.it, Transcender practice tests, and many other suggestions from people here- Thank you all!). Each of these resources go to varying depths of detail on each topic.  One question I have though is how deep is too deep in terms of a topic? Meaning, without giving away details, will I need to memorize specifics of the privacy laws to know which privacy law specifically prohibits a specific type of action? Or would it be more likely that knowing about the laws is enough?

 

I plan on being over prepared, but don't want to get bogged down in details that aren't important to memorize.

 

Thanks

 

Kevin

8 Replies
Highlighted
Contributor III

Re: How deep is too deep when studying for the CISSP?

Selecting material is more about preference and taste in that materials are essentially useless when you never finish them.

 

Generally recommend find two sources in book form and read them slowly - cover to cover. Add to that one good lengthy quiz book and possibly one CCCure or similar online simulator. Anything more than this will be complete overkill.

 

As for what to read depends entirely on how much experience in the field you have. If your fairly new I would strongly suggest something that sounds like an All-in-one approach type of book. Well versed in most of the subjects tested and just need a good refresher? There are smaller, more concise reads with names like "11th hour" or "essentials".

 

Whatever you do please avoid any material that sounds suspicious or outright "brain dumps". These won't help much and only exist to cast a shadow on the certification on both the industry and individual. Yeah, someone is out to make a buck but the damage done has been lasting. Let's not go there.

Highlighted
Newcomer III

Re: How deep is too deep when studying for the CISSP?

Thank you Brent.

 

I am not questioning my sources of study, as I am fairly confident in them. I have been in IT for 20+ years with various roles in and out of security. I am questioning the depth of the questions on the exam. I have heard the CISSP exam explained as wide, but not deep. Some of the practice exams that I have seen so far though seem to be both.

 

Thanks.

 

Kevin

Highlighted
Newcomer III

Re: How deep is too deep when studying for the CISSP?

The test on the whole is *very* wide, and *not* very deep in any one area. That said, however, there will be specific questions that may include "details" like bit lengths of common cipher keys, or specifics about which OSI layer is relevant in a given situation, or port numbers for common protocols. In that sense, individual questions may feel "deep" or at least detail-oriented.

To your example of "which privacy law covers an action" - yes, I'd say knowing the difference between, say, ISO 27000 and NIST 800-63 is exactly the kind of "detail" you might need.

It's like knowing the difference between "authorization" and "authentication" and not just memorizing "auth" as being important.

That said, for any *particular* detail, you may only see one question about it, out of 250. So obviously, you can't study and memorize *all* the details of all the things.

As a study strategy, breadth is vital, depth is useful.

But as others said, one or two inclusive books, and a good video course, and sample tests should be plenty. I used "11th hour" as a review the week before my test, not to learn, but to refresh.

I also kept track of all the sample questions I got wrong along the way, and at the end of study went back and did all of those again. Any I still got wrong a second time, made up my "things I clearly didn't internalize" list for last minute review and study.

Good luck.
Highlighted
Newcomer III

Re: How deep is too deep when studying for the CISSP?

The textbook answer is, go as deep as you can go.  Since that doesn't really answer the question however, I did find on the CISSP website under approved training this link: http://learnzapp.com/apps/cissp/ There are (I believe) retired test questions which will best show you how they ask questions and shed some light on how deep to go.