Hi everybody,
I am studying the (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide
7th edition. The book is very interesting and gives me a broad overview.
I need to take it one step further, to pass the exam. Before spending more time, I am very disturbed by the post:
Are all the questions in the exam covered by this book?
Cees Doets
PS I expect to miss 15% of the questions because I am not a native English speaker + I am not an technician (how many bits is xyz encryption) + I am not American (which bill passed ...). There is very important for me to have a high score on the remaining questions.
@Cees ,
No single book, or cram course for that matter, can prepare you completely for the CISSP exam. Remember, the exam is designed to check breadth of knowledge and experience over many diverse knowledge domains. The exam is not intended to be passable by a newbie with no experience and only one book or course as preparation.
Every good CISSP study book is meant to give you the basics of what each domain is about, and help you find other resource to learn more deeply about each domain. Each chapter in a CISSP pep book has multiple references listed. study selected items from those reference lists.
As WIlliam @denbesten said in a CSSLP thread last July:
If you read through these boards, you will find that there is no single source of material that will prepare you for an (ISC)² exam. The recommendations that you will consistently get are to use many references, to take lots of practice tests and to earn (much of) the required experience prior to sitting for the exam. (ISC)² exams are all about ability to apply your knowledge and experience in real-world situations. Although important, "book knowledge" is not enough to pass (ISC)² exams.
=-=-=-=
Several of the 'I failed, now what?' threads here have responses pointing out the need to understand management judgement in information security based on knowledge of he basics. Study Ross Anderson's Security Engineering, 2nd ed. (available free online) for an understanding of that approach.
Keep studying, and good luck.
I would Second Craig's comments here.
While studying books will certainly help in terms of knowledge refresh, the exam will predominatley test you as an experienced individiual.
I have heard tales of candidates revising content for hours a day for months and still failing.It's never about the text book, more about the concepts and understanding around managing Cyber within a professional situation.
By all means study, read, and write about all things security, but make sure you get boots on the ground and get yourself immersed in the subject from a practical application stand point. It will serve you better.
Remember, this is not a technical exam, but a far more expansive-breadth-of-knowledge-and-experience-type exam.
Wishing you the best of luck!
thank you for your replies.
Maybe I am just confused because on the cover page of the "(ICS)2 Official CISSP Study guide" is written:
quote
Covers 100% of exam 2015 CISSP ...
quote
Cees
@HTCPCP-TEA wrote:While studying books will certainly help in terms of knowledge refresh, the exam will predominatley test you as an experienced
...
Remember, this is not a technical exam, but a far more expansive-breadth-of-knowledge-and-experience-type exam.
Certification is not about the exam, it is about the professional experience. Passing the exam is not the 'long pole in the tent' to become certified. Having demonstrated deep experience in multiple infosec arenas, as defined by the CBK domains, is the critical, important, and hard part of the equation.
The exam is to ensure that anyone claiming certification knows enough about the breadth of infosec arenas to recognize which ones apply in a given situation, and also to realize when it is essential to have skills, or learn skills, or hire skills to complete all tasks in a project.
For a more complete exposition of this topic please see the blog post
The What and Why of CISSP Certification
@Cees wrote:
Maybe I am just confused because on the cover page of the "(ICS)2 Official CISSP Study guide" is written:
quote
Covers 100% of exam 2015 CISSP ...
quote
Cees,
That claim means that the book covers 100% of the topics, but not of the detailed question content. A major aspect of every CISSP prep guide, including that one, is the set of pointers to other references and resources to fill out details in the topics. If it were otherwise, the book would be considered "teaching to the test" and totally improper for a professional certification, especially one that must maintain its own certification under ISO/IEC 17024, as the CISSP and other (ISC)2 certifications must do to meet US. Defense Department requirements.
@Cees wrote:Are all the questions in the exam covered by this book? ... the cover page is written: "Covers 100% of exam 2015 CISSP ..."
The complete statement is:
"Covers 100% of exam 2015 CISSP candidate information bulletin objectives including, Access Control, Application Development Security, Business Continuity and Disaster Recovery Planning, Cryptology and much more..."
The operative word is "objectives". The best answer is "no" because "Objectives" are not the same thing as "questions".
The exam itself requires a similar focus on detail. Often times, a single question will have many seemingly "correct" answers and a single word in the question will dictate which is "most correct". In part, this is what gives the exam a reputation of being a "grammar exam".
PS I expect to miss 15% of the questions because I am not a native English speaker + I am not an technician (how many bits is xyz encryption) + I am not American (which bill passed ...). There is very important for me to have a high score on the remaining questions.
The exam is available in English, French, German, Brazilian Portuguese, Spanish, Japanese, Simplified Chinese and Korean. Hopefully, one of these is your native tongue and could counteract some of the "15%". Be aware though that there are reports that some of the translations are lacking. Also, (ISC)² has made a specific effort to remove references to any specific country's laws from the exam. You are likely to see questions regarding world-known legal concepts like GDPR, copyright, and tort vs civil law, but there should not be anything on CFAA or HIPPA or other US-specific laws.
"Technician" is covered reasonably well by the preparation materials. If you are doing OK on the practice exams, you will likely be OK on the "technician" aspects. The other aspects required are real-world experience, management-perspective (think like your boss's boss) and attention to detail. These are harder because they are neither learned through books nor classrooms.
Incidentally, the cover you quoted is from the 7th edition, which is one-version outdated. It is not required to upgrade, but some prefer a precise alignment with the current objectives. My study materials were similarly outdated (the 2013 version for the 2015 exam). I don't think it made it any harder for me to pass the exam.
Thanks for your answers en encouragments.
My mother tongue is Dutch. I am just making a small dictionary of unknown words like non-repudiation, ubiquitous, pilfer etc.
It is very nice to hear that the exam gets more international.
I keep going because the material is most interesting and useful.
@Cees wrote:I am just making a small dictionary of unknown words like non-repudiation, ubiquitous, pilfer etc.
That's an interesting thought... Perhaps if a few non-native speakers were to list the "non-familiar" words, (ISC)² could eliminate some of them from the exam. Simpler grammar helps everyone.
Of course, some words like non-repudiation do need to be learned as they are important parts of life in security. For what it's worth, non-repudiation is a word that many of us native speakers also need to look up. I know I had to years ago.