Hey there,
I know your frustration. This test is not designed to test your technical knowledge. There is know practice test that will help you with what you will take. Take off your engineer or technical hat off. Throw it completely out the window. It will not help. Think like a manager. A manager does not know the technical. They care about the business and risk. Basic concepts. DO NOT READ MORE THAN ONE BOOK. Why? All the books contain the same material but talks about it in a different way. So why read more. Always eliminate two answers. Always. You will see questions that have nothing related to the terms in the book. Think sensibly. Grammatical mistake will be everywhere. Who cares. Understand what they are asking. This is a psychological exam. All the answers will look the same. Take the question for what it is asking. You understand if you are engineer because you are in a different mindset. This is normal. Think like a manager think like a lawyer.
I have to say that while there was very little correlation between information available in books and the exam, (for me it was an old stile, 5.5 hr experience), it was still well worth it.
The prerequisites are referring to years of practical experience in multiple domains, which I had. Most of the questions were answered strictly by relying on experience and logic.
Even with 20 years of experience in the field, I've spent about 6 months studying the materials and, when encountering something that I felt deserved more attention, looking for external resources for deep dives into the subjects.
I cannot agree more with your post and sentiments. I have lodged a complain having had the exact same experience. I have spent 100's hours, and practised 1000's of questions, I would say 80% of what I learnt is not on the exam. I work in the cyber and have 25 years of experience in high level IT. I used the official ISC2 study guide and practise questions, Videos, 11th hour study guide, CISSP for dummies and Shon Harris book but all useless as the questions bore no resemblance to what is published.
Like you I may sound bitter but I'm just annoyed and feel the exam is very unfair and bears no resemblance of what is published and what I studied. Not even a hint of a leading question, vague reference and replacement works, ambiguous and simply awful.
I won't be wasting my time or money again I will go with another qualification body.
@Dr_C_Lace wrote:I wanted to share an experience about the CISSP exam I’d recently taken, and I'd like to receive exam beneficial feedback. In short, I had failed. In the last 6 weeks, I had clocked over 216 hours of concentrated study.
You've already a lot of feedback. I'd just add, simply, that in my experience when I took the test (granted in 2004 but I've kept abreast of its evolution), I felt it was designed to evaluate three things - in order of priority:
I think the issue is many certifications are designed in the reverse. If you spend a couple of hours memorizing some facts, you can get yourself certified as anything from an SEO expert to a robotics integrator. Welcome to the gig economy. The CISSP, ideally, is a bit different. As others have said, you have to think like a manager. You don't need to know the specific checklist of how to secure an OS, but you need to know that there is a checklist and how to construct a process that ensures the checklist is followed.
As of 12/21/2018, there are 131,000+ CISSPs that have all passed the exam, so there is definite proof that passing is possible.
I concur with @JoePete that something seems to be missing something and it is probably not the book-knowledge. After all, the studies you report are comparable to that described by most posters, both those who have passed and those who have failed.
Since you claim experience, that leaves "think like a manager". By this, we do not mean somebody that supervises people; We are referring to mid- to upper-management -- those responsible for setting strategic direction and making million-dollar risk decisions.
If you are looking for a "study and pass" cert, you might check out Security+. The studying you did for CISSP will give you a huge head-start on that cert.
@EmmaJakeJames wrote:I cannot agree more with your post and sentiments. I have lodged a complain having had the exact same experience. I have spent 100's hours, and practised 1000's of questions, I would say 80% of what I learnt is not on the exam. I work in the cyber and have 25 years of experience in high level IT. I used the official ISC2 study guide and practise questions, Videos, 11th hour study guide, CISSP for dummies and Shon Harris book but all useless as the questions bore no resemblance to what is published.
Like you I may sound bitter but I'm just annoyed and feel the exam is very unfair and bears no resemblance of what is published and what I studied. Not even a hint of a leading question, vague reference and replacement works, ambiguous and simply awful.
I won't be wasting my time or money again I will go with another qualification body.
I have been in IT since '83. I have owned several successful IT consulting companies. Designed and built solutions for DoD and helped two large Federal agencies transition from User ID and Password to PIV cards. I had only pursued the Security+ exam, as a universally recognized cert, in my entire career. I blew that test away. My current role required the CISSP cert. Fine, I can nail that too! LOL I took a boot camp course, read all the books, and crunched thousands of questions many with the instructor after class was officially over for another 1.5 to 2 hours a night for 6 days. I didn't do bad on the test but I didn't pass. I audited the course again, requested a different instructor, and I added Kelly Handerhan's video series found at Cybrary.IT. The second instructor never reviewed one question with the class the whole 6 days. That made me think. I realized that no question on the exam REMOTELY read/performed/seemed like any question I had encountered during my preparation.
It's. Not. About. Questions.
I know a few on here will argue with me that practice questions are a good resource. That's fine. We will agree to disagree. I think that if you are trying to get the questions answered correctly you are thinking more about the question then you are the material. Second review of the material I never practiced one question. Next test attempt I was finished in under 2 hours at 100 questions.
In real life, when a crisis arises and you are in that authority role, someone will run up to you and exclaim that the building is on fire! Because of adrenaline, fear, exhaustion, and misfiring synapses this person may not use the most grammatically correct wording. You have to sort through the emotions, physical issues and the crisis to make a decision, act on it and escalate it to upper management. This is CISSP to me. This is why their questions are not grammatically correct. They want to see how you can sort through the NOISE and get to the crux of the issue, determine a plan and execute.
Maybe this will help you. Maybe it won't. I wish you the best either way.
@EmmaJakeJames wrote:
If you can tell me where it says in the isc2 promotional material that you need to not bother reading the expensive content, not really bother attending the expensive courses they have charged me a lot of money for & I have invested hundreds of hours studying this & many other books I purchased.
It does seem as of late there are more complaints about the exam and its quality - but then again, for a long time, there wasn't much of a forum like this. Bear in mind that a certain number of questions on each exam are experimental - confusing or "wrong" questions may end up there, but you're not being graded on them.
I don't see (ISC)2 as forcing or even cajoling people into spending a lot of money on study materials. That said, there is a lot of money in the test and test-prep industry today - just like there is a lot of money in the security industry. However, quality is a different story in both regards, and for that reason, probably like a lot of folks here, I've developed a selective blindness toward marketing material. My study experience - granted it was 15 years ago - was I'd sit down with (ISC)2 Official Study Guide - it probably cost me $75 - and sip a Newcastle Nut Brown Ale. Some nights it would be two Newcastles, but that would be my cut-off. I didn't want to be reading (or drinking) too much in any one night. I probably ended up spending as much on beer as I did on the book, but neither was a sizable investment in time or money. What the guide affirmed was that my experience and intuition developed over the preceding 10-15 years wasn't too far off. I do vividly recall having to learn machine-state models (Bell-Lapadula, Biba) - that may have been a three Newcastle night.
I'll also say that my preceding work experience had been pretty broad - networking, databases, programming, systems - but it also included non-tech sectors. I think the typical tech employee, certainly at the time but still today, works much more in a silo. If it hadn't been for that broad experience, the exam would have been more daunting. My advice is less study, more experience in the domains you may be unfamiliar with. Build a database application, take part in a risk analysis, write a policy, etc.