I have to say that while there was very little correlation between information available in books and the exam, (for me it was an old stile, 5.5 hr experience), it was still well worth it.

 

The prerequisites are referring to years of practical experience in multiple domains, which I had. Most of the questions were answered strictly by relying on experience and logic. 

 

Even with 20 years of experience in the field, I've spent about 6 months studying the materials and, when encountering something that I felt deserved more attention, looking for external resources for deep dives into the subjects.

I cannot agree more with your post and sentiments. I have lodged a complain having had the exact same experience. I have spent 100's hours, and practised 1000's of questions, I would say 80% of what I learnt is not on the exam. I work in the cyber and have 25 years of experience in high level IT. I used the official ISC2 study guide and practise questions, Videos, 11th hour study guide, CISSP for dummies and Shon Harris book but all useless as the questions bore no resemblance to what is published.

Like you I may sound bitter but I'm just annoyed and feel the exam is very unfair and bears no resemblance of what is published and what I studied. Not even a hint of a leading question, vague reference and replacement works, ambiguous and simply awful.

I won't be wasting my time or money again I will go with another qualification body.

---

@Dr_C_Lace wrote:

I wanted to share an experience about the CISSP exam I’d recently taken, and I'd like to receive exam beneficial feedback. In short, I had failed. In the last 6 weeks, I had clocked over 216 hours of concentrated study.

---

You've already a lot of feedback. I'd just add, simply, that in my experience when I took the test (granted in 2004 but I've kept abreast of its evolution), I felt it was designed to evaluate three things - in order of priority:

1. Experience
2. Intuition
3. Knowledge

I think the issue is many certifications are designed in the reverse. If you spend a couple of hours memorizing some facts, you can get yourself certified as anything from an SEO expert to a robotics integrator. Welcome to the gig economy. The CISSP, ideally, is a bit different. As others have said, you have to think like a manager. You don't need to know the specific checklist of how to secure an OS, but you need to know that there is a checklist and how to construct a process that ensures the checklist is followed.

Thanks for the response but I am a senior consultant
& manager & have been for many years. I also think like a lawyer as I specialise in gdpr which I teach & advise globally. I am currently studying for a masters in data protection at university in the legal dept. I thought the exam very unfair & unjust & have complained as isc take your money & tell you what is covered but then ignore it, they should be transparent which they are not. if this was a manager exam with no need to study, just walk in & have a stab at it, fine. But they encourage u attend courses at great expense, spent time & money on their official courses, spend 100s hours revising. I would have chosen another examining body if I knew that the exam as no bearing on anything they encourage you to shell out for.

As of 12/21/2018, there are 131,000+ CISSPs that have all passed the exam, so there is definite proof that passing is possible.

 

I concur with @JoePete that something seems to be missing something and it is probably not the book-knowledge. After all, the studies you report are comparable to that described by most posters, both those who have passed and those who have failed.

 

Since you claim experience, that leaves "think like a manager".  By this, we do not mean somebody that supervises people; We are referring to mid- to upper-management -- those responsible for setting strategic direction and making million-dollar risk decisions.  

 

If you are looking for a "study and pass" cert, you might check out Security+.  The studying you did for CISSP will give you a huge head-start on that cert.

If you can tell me where it says in the isc2 promotional material that you need to not bother reading the expensive content, not really bother attending the expensive courses they have charged me a lot of money for & I have invested hundreds of hours studying this & many other books I purchased. I am able to apply knowledge & was not looking for a survetmonkey style exam but credibility that u can apply knowledge, but this exam was a joke. the questions were in some cases incorrect (I distinctly recall the gdpr one, it was actually extremely poorly worded, vague& wrong therefore there was no answer to it at all) purposely misleading you, obscure word replacement which makes no sense is unfair, misleading.
You are also making big presumptions, I’m not a small fry jobbing IT manager who is just a people manager. I make and influence big decisions for national organisations. Your comment of simple pass & cert is quite condescending & offensive. I am no idiot.

---

@EmmaJakeJames wrote:

I cannot agree more with your post and sentiments. I have lodged a complain having had the exact same experience. I have spent 100's hours, and practised 1000's of questions, I would say 80% of what I learnt is not on the exam. I work in the cyber and have 25 years of experience in high level IT. I used the official ISC2 study guide and practise questions, Videos, 11th hour study guide, CISSP for dummies and Shon Harris book but all useless as the questions bore no resemblance to what is published.

Like you I may sound bitter but I'm just annoyed and feel the exam is very unfair and bears no resemblance of what is published and what I studied. Not even a hint of a leading question, vague reference and replacement works, ambiguous and simply awful.

I won't be wasting my time or money again I will go with another qualification body.

---

I have been in IT since '83.  I have owned several successful IT consulting companies. Designed and built solutions for DoD and helped two large Federal agencies transition from User ID and Password to PIV cards. I had only pursued the Security+ exam, as a universally recognized cert, in my entire career. I blew that test away.  My current role required the CISSP cert. Fine, I can nail that too! LOL I took a boot camp course, read all the books, and crunched thousands of questions many with the instructor after class was officially over for another 1.5 to 2 hours a night for 6 days.  I didn't do bad on the test but I didn't pass.  I audited the course again, requested a different instructor, and I added Kelly Handerhan's video series found at Cybrary.IT.  The second instructor never reviewed one question with the class the whole 6 days. That made me think. I realized that no question on the exam REMOTELY read/performed/seemed like any question  I had encountered during my preparation.

It's. Not. About. Questions.

I know a few on here will argue with me that practice questions are a good resource.  That's fine. We will agree to disagree. I think that if you are trying to get the questions answered correctly you are thinking more about the question then you are the material. Second review of the material I never practiced one question. Next test attempt I was finished in under 2 hours at 100 questions.

In real life, when a crisis arises and you are in that authority role, someone will run up to you and exclaim that the building is on fire! Because of adrenaline, fear, exhaustion, and misfiring synapses this person may not use the most grammatically correct wording.  You have to sort through the emotions, physical issues and the crisis to make a decision, act on it and escalate it to upper management. This is CISSP to me. This is why their questions are not grammatically correct. They want to see how you can sort through the NOISE and get to the crux of the issue, determine a plan and execute.

 

Maybe this will help you. Maybe it won't. I wish you the best either way.

---

@EmmaJakeJames wrote:
If you can tell me where it says in the isc2 promotional material that you need to not bother reading the expensive content, not really bother attending the expensive courses they have charged me a lot of money for & I have invested hundreds of hours studying this & many other books I purchased.

---

It does seem as of late there are more complaints about the exam and its quality - but then again, for a long time, there wasn't much of a forum like this. Bear in mind that a certain number of questions on each exam are experimental - confusing or "wrong" questions may end up there, but you're not being graded on them.

 

I don't see (ISC)2 as forcing or even cajoling people into spending a lot of money on study materials. That said, there is a lot of money in the test and test-prep industry today - just like there is a lot of money in the security industry. However, quality is a different story in both regards, and for that reason, probably like a lot of folks here, I've developed a selective blindness toward marketing material. My study experience - granted it was 15 years ago - was I'd sit down with (ISC)2 Official Study Guide - it probably cost me $75 - and sip a Newcastle Nut Brown Ale. Some nights it would be two Newcastles, but that would be my cut-off. I didn't want to be reading (or drinking) too much in any one night. I probably ended up spending as much on beer as I did on the book, but neither was a sizable investment in time or money. What the guide affirmed was that my experience and intuition developed over the preceding 10-15 years wasn't too far off. I do vividly recall having to learn machine-state models (Bell-Lapadula, Biba) - that may have been a three Newcastle night.

 

I'll also say that my preceding work experience had been pretty broad - networking, databases, programming, systems - but it also included non-tech sectors. I think the typical tech employee, certainly at the time but still today, works much more in a silo. If it hadn't been for that broad experience, the exam would have been more daunting. My advice is less study, more experience in the domains you may be unfamiliar with. Build a database application, take part in a risk analysis, write a policy, etc. 

I had a very similar experience as to what is communicated above. However, after recommitting myself to more study and was determined to see this to the end I became more frustrated because I still do not understand how to prepare for the test. If official books, official prep questions, and boot camps are no good, what options do I have? I failed on my first attempt and continue to use what resources are available. However, I still feel lost as to how I can prepare for the test. I am in search of good advice.

Regards,


______________________________________________________________________
This message is confidential, intended only for the named recipient(s) and may contain information that is privileged or exempt from disclosure under applicable law. Any patient health information must be delivered immediately to intended recipient(s). If you are not the intended recipient(s), you are notified that the dissemination, distribution or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at either the e-mail address or telephone number above and discard this e-mail. Thank you.