cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Dr_C_Lace
Newcomer II

CISSP Failed Exam 11/2018 ***Passed. 12/2018***

I wanted to share an experience about the CISSP exam I’d recently taken, and I'd like to receive exam beneficial feedback. In short, I had failed. In the last 6 weeks, I had clocked over 216 hours of concentrated study. Here’s what I had accomplished:

 

1) Read the entire CBK 4th edition cover to cover

 

2) Memorized all the questions and answers in the CBK (why the right are right and why the wrong are wrong)

 

2) Watched an entire CISSP video training series on Safaribooksonline… twice

 

3) Memorized all of the practice questions in the video series (why the right are right and why the wrong are wrong)

 

4) Read the Shon Harris book

 

5) Memorized the Shon Harris book “Quick Tips” portion of each domain

 

6) Memorized all the questions and answers in that book (why the right are right and why the wrong are wrong)

 

In effect, between these three resources, the facts, and I use that word specifically, were all in 100% alignment. In fact, in my last week, I basically reread through all the material in skim fashion and learned nearly nothing new. In my mind, I was 110% confident and ready for the exam ( counted over 500+ test questions memorized from multiple sources!). 

 

The exam.

 

I’m going to be as literal as possible, and try my best not to exaggerate my anecdotal figures. Within the first 10 - 15 questions, I already knew there was no way I felt like I was going to pass if the question format kept going the way it was. It was as if though the exam came from a completely different set of material. At the 150th question, I concluded that all that I’d studied was about 80% irrelevant. I’d say 70% or more of the questions were “What is the BEST…,” “What is the MOST likely…,” and “What is the MOST important…” In effect, all the FACTS I’d learned, studied, and committed to memory were completely useless with regard to passing the exam.  

 

Erroneous terms which are not even in the CBK were used in questions. THIS IS UNFAIR TEST PRACTICE. The test felt nothing like what a CISSP exam is supposed to be. In fact, If I had luckily passed the exam, I’d feel slightly undignified in that there's an entire bank of CISSP information in my head that was never even used. I would have been shocked if I did pass, given the questions. I would have thought, "How did I pass this thing anyway? Sheer luck? My knowledge on CISSP was barely touched..."

 

This is the part that really killed me; fact-based questions. Cold hard facts that you read in the book that I filled my notebook with never appeared on the test. Questions that I should have gotten 100% right because the answers are binary (either is or isn’t correct) were no where to be seen. The way I felt was that this test was not fact-based, it was subjective-opinion based. When I read questions that were almost fact based, there were answers I was expecting to see, and was ready to select. They oddly didn't appear, and I was sitting there with my arms crossed and head tilted to the side wondering, "What on earth are they expecting me to answer? The answer is "X" and it's not on the list!!!"

 

THIS TEST IS DESIGNED TO FAIL YOU.

 

Even if I had the CBK to reference on the test, it would have done me no good. The questions and answers to the test were not reference worthy. The mark of a good test is that the questions have to have a correct answer that is attributable to official study material. PERIOD. Otherwise, you're just making things up, and the test is whether or not I can read someone's mind and see the world as they do. That's just wrong.  

 

I don’t know what to feel at this point. I felt so confident, and I was completely shot down, and down $700 with not a thing to show for it. I feel scammed. The sad thing, is that I love IT and cyber security. I’ve been doing it in my career over 15 years. Truthfully, when I started the CBK study, I’d say a solid 60-70% of the material in the book I already knew just from doing it as my job. There was no reason I should have failed this. This cert wasn’t supposed to help me really improve my career as much as it was supposed to validate all that I’d already done.

 

This is not my first professional grade certification! I am TOGAF 9, PMP, and CompTIA Security + certified. CISSP is the worst test I've ever taken in my life!

 

Frankly, I don’t even know how to study for this test anymore. How does one study for questions like “BEST, MOST likely, MOST important thing to do…” I want APPROVED material that contains the answer to EVERY possible question that test has for me. If i cannot trace back a test question to a direct answer in a book, then the question needs to be thrown out. Period. You're testing my knowledge on facts written in a book. ISC2 does not have the right to just take someone's money for a certification that is suggested to represent the knowledge found in their CBK and totally rick-roll you into a test with questions that have nothing to do with the CBK official test material. If you have ANY advice to give me, I’d be happy to take it. I still want this cert.

 

(If you are not a test taker post April 2018, then I don't think I want your opinions or words in this forum as it's probably irrelevant. I want help from someone who has passed it after this date, and the correct material I need to study for the exam. The ISC2 CISSP CBK, Shon Harris book, and the latest Sybex book, which I am reading now, is regurgitating all the information I already know, and KNOW FOR A FACT is not on the test.)

101 Replies
CompTIAisBetter
Newcomer I

I was actually registered to take it for the second time in October. But
after reading your replies I think I'm going to cancel and take the $100 loss
to avoid wasting my time and money!

Stephen Pettye, MBA, PMP, CSM, MCSE, ITIL, A+, VCA
CompTIAisBetter
Newcomer I

It's required for certain positions but you can take CompTIA instead. After
reading your reply, I'm going to cancel second attempt, get a refund, and
study for CompTIA instead!

Stephen Pettye, MBA, PMP, CSM, MCSE, ITIL, A+, VCA
denbesten
Community Champion


@rosesnmor wrote:

... each time I try the test remembers and gets even harder ...


It does get harder, but not for the reasons you suspect.  The test is "Adaptive", meaning that it changes its difficulty level to match your knowledge level.  Since you (presumably) have more knowledge than you did when you first took the test, you will see harder questions.

 

It works much like the Divide-and-Conquer troubleshooting technique, in which one looks from the middle to determine if the problem is to the left or the right.   An adaptive tests start by asking you a question.  If you answer wrong, it then asks easier questions.  If you answer correctly, it asks harder questions.  In the end, you end up answering questions of a particular difficulty level with about 50% of your answers being correct.  If this final difficulty level is "good enough", you pass.

 

The thing that makes this stressful is that we are trained to judge how well we are doing based on how many questions we answer correctly.  With adaptive tests, everyone ends up answering incorrectly, so everyone feels like they are doing poorly.  The difference being that those who deserve to pass are incorrectly answering much more difficult questions.

 

In your case, the fact that you are seeing more difficult questions is a sign that you are getting closer to passing. 

R-R
Newcomer II

Stephen,

I see you have the CISM cert. I am currently studying for that and I am finding the CISM practice questions more challenging and require a laser like focus that requires some overthinking, where I felt was not as much the case in CISSP.

I found the exam challenging as others noted and seen questions I have never seen before (for obvious reasons), but I approached with the mindset of CIA and logical, technical, administrative. Everyone that passes will tell you that they have no idea how well they are doing until it is done, if they do... it is not true.

Wording and foundational knowledge will help, even if you don’t know a cloud related question, think of cloud security based approach, federated IDs, SAML, etc.. to help steer you.

If you have the CISM and PMP, which are both in my radar, you can do this.
Dr_C_Lace
Newcomer II

Thanks for sharing your experience. I'm sorry that this journey's been this much of a burden on you. It shouldn't be. As far as tips, the only thing I can tell you would be no different than what I'd said already throughout this forum. In addition, I hear that the test changes often. Add that to the fact that the test is digital, who knows how many actual questions there are, and where they're coming from, or how they're pulling them out to give you on your exam. Taking that exam nowadays is anyone's guess as to how to actually prepare. From the feedback I am hearing, it doesn't seem to be any different from the time I took it almost a year ago. Will ISC2 do something about it, it's anyone's guess. They have to know the statistics though on pass/fail. 

Linuxchic
Viewer

I can totally relate to this post.  I just failed the CISSP exam a week ago and felt like I could have written your post.  Within the first 5 minutes I knew I was not going to pass the exam because of the way the questions were worded.  I actually thought that I had been give the wrong exam because the questions were so foreign.  Nothing like what I had studied.  I felt like I had wasted all those hours of study and all those hours taking practice exams.  It would be nice if the CISSP were really a test of our knowledge of the material and not a test in the mastery of exam-taking (i.e. ridiculously ambiguous worded questions).

jrags51
Newcomer I

The hard part in all of this:
I signed up with Training Camp who says they guarentee  a pass.
Once you fail the first test they offer you the Training Camp over again.
They also offer a days worth of online classes as well.
I've seen three instructors, with three different teaching methods, three different opinions.
Example:
The First Instructor taught the OSI modle from Layer 7 down, the theory was
that people start browsing first, so teach it backwards.
The Second Instructor (The online guy) taught it both ways.
The Third Instuctor taught it from Layer 1 and up (the way I was taught in 1984).
 
I'm not saying this is the reason why I failed my first test, I've only taken the one test so far.
But here's what I did find out taking the class the second time.
 
The Eight Domains are written by eight different people, They often repeat the same material
but in their own indivdual view, they also contradict eachother. Qantative and Qualitive in the
ISC2 training book is wrong. Many inconsistancies in the training material. ISC2 also did a poor job editing the training material, meaning the book as a whole.  You're being Tested on the ISC2 Greeanway of knowledge. Meaning, if they got it wrong in the book, you need to drink the Green Cool-Aide and answer the question WRONG.
So, your half way through the test, you come up to a "Green Question" unknowingly you're going to answer the question the way you were taught, instinct kicks in, the right way and NOT the "Green Way". It's my opinion the less you know going into this test  is better. There was a college kid in our training class with no experiance what so ever and he passed on his first try.
I'm alost 40 years into this business and it's hard to deviate from instinct to Green Cool-Aide.
Again I'll say it, IT'S A GAFFE!
 
Just my opinion,
 
jrags51
denbesten
Community Champion


@jrags51 wrote:
... three instructors ...written by eight different people

The test itself was written by hundreds of CISSPs that came before you, so it is a good thing that your training materials similarly have many different authors.  

 


...if they got it wrong in the book, you need to drink the Green Cool-Aide and answer the question WRONG.... 

(ISC)² test writers and educational staff do not talk to each other.  This is a requirement of ISO/IEC 17024, the "certification standard" to which (ISC)² complies.  

 

Instead of proclaiming "they got it wrong", instead ask yourself "how could that be"? Checking against the errata and taking a "deep dive" into the topic with other books and reference materials (e.g. NIST and ISO standards) will oftentimes identify the subtle differences that make it possible for seemingly different views to not be contradictory.   I also suggest reading this discussion, not so much for @rslade's excellent questions, but more for the analysis of the answers and the related chatter.

 

 

Kellyob5
Viewer III

Jrags - you stated it perfectly- the less you know the better. Someone I work with was pretty fresh out of college and passed. I have over 25 years in the field and have failed the test 2x - like you I have taken courses, studied from several different guides, who knows how many practice tests later. Its beyond frustrating. Sorry to see so many of us are in the same position.

Sent from my iPhone
Kellyob5
Viewer III

Hey Linuxchic- I feel your pain. So many hours of studying to be slammed within 5 minutes. Its beyond disheartening. I completely agree about the ambiguous words and completely confusing play on words. I hope some day they change the test and test us on the materials we spend hundreds of hours studying. Many of the questions don’t even represent the “real world” in my opinion.

Sent from my iPhone