cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
EmreAtes
Newcomer III

CISSP exam

first thing first, you should be serious by passing the exam. it is tough yes, but also it will open your vision.If you are prepared well, you will be familiar with all concepts related to information security.

to make it clear, you know the difference among, lots of technical terms, weird words in the exam and questions, tons of information, huge amount of data, also the attributes of those items.

such an easy example, just like due diligence and due care (small tip, it is duty of care) you must catch up those tricky explanations,

 

information, is what, awareness of something, basic skill and recognition, 

knowledge, is how, the skill the ability to solve problems using past expertise

insight, data, is why, understanding and creating designing standards.

 

he exam and the organization itself have the idea of you that you are prepared to be professional have both technical and management vision of insight. you should be able to distinguish lots of terms, why i must choose that way,  public safety,  what will be the everyones gain is?

 

the exam is hard to pass but not impossible, feel confident, prepare comprehensively, read and solve lots of books&questions dont focus just answers, the answers or questions indeed want to give you insight.

 

you should understand the idea behind the scene, see completely, dont make assumptions, understand, dont use just previous experince, technical knowledge, feel intrinsic feelings, deep dive, since you are the architect to make the story from begining till the end.

8 Replies
Rossva
Contributor I

Good post. The hardest thing about the exam IMHO is stumping up the £672 it costs to take it, passing, submitting your endorsement request. Then waiting. And waiting. And waiting. And Waiting. With no feedback whatsoever on the progress. Unacceptable.
EmreAtes
Newcomer III

exactly, my progress is lasts almost 7 weeks, and no information about, i agree the cost is high yes,
RobertV
Viewer

I would disagree with this statement when it comes to the new test.  I recently took the CISSP exam in June after previously failing it when I took it in Dec of 2018.  I used my boot camp books from 2018, over 1k flash cards.  I bought over 1k test bank questions off of Udemy and spent hour upon hours, nights and weekends studying for the test and the test that was presented to me might as well have been in a foreign language.

 

The only question that had anything that was previously mentioned in my study materials was the code of conduct for ISC2 members.  I am furious about the time and money I spent prepping for this to be presented with 99 obscure questions and a failure notice.

kevinkidder
Newcomer III

RobertV,

 

To echo EmreAtes:



The sentiment of the exam, which I agree with, is NOT to memorize a bunch of facts and see how much you remember. Instead, think about the study material as the building blocks of knowledge that you will need to rely on to solve the overall problem being presented. This seems to be the most common shock for all new CISSP test takers. 

 

The facts from your flash cards and boot camp books are just that. They are facts. The exam is asking you to evaluate all of the possible solutions to an abstract problem, and seeing if you understand the facts well enough that you can weigh them against risk and other presented constraints. 

 

The easiest way to describe this is by removing the technical facts and giving an abstract example. Let's suppose you worked for a bakery. To work in the bakery you learned all of the facts about ingredients, mixture ratios, baking equipment, kitchen safety, oven temperatures, and baking times.  These are all facts you need to bake bread. In ideal world, armed with these facts you can select the best ingredients, mixtures, equipment and make the perfect loaf of bread. But alas, we don't live in an ideal world, we live in a world that is filled with constraints.

 

The CISSP exam is asking you to be the owner/manager of the bakery, and presenting you with a problem, such as what is the BEST way to bake 100 loaves of bread if one of your ovens is broken, and you have a client deadline of 8 hours from now. Knowing mixing time, as an example is a fact that leads you to understand that if you had people putting their hands in the mixing bowls to speed up the mixing process, you are introducing risk (safety, health hazards, etc). Baking more loaves at once affects oven temperature and can alter the quality of the product. Outsourcing the baking could cause your business to lose the quality control and possibly compromise your secret bread formula!  Telling the client that they can't get bread on time is also a risk, to reputation and to the client taking their business elsewhere, etc. This risk has to be weighed against the other risks to understand the BEST decision to make here. 

 

I hope that helps. 

 

Kevin

 

 

Rossva
Contributor I

Good post! To pass CISSP you have to understand the content not just be able to remember stuff!
rslade
Influencer II

The SSCP is knowing a tomato is, technically, a fruit.

The CISSP is knowing not to put it in a fruit salad.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
When men stop believing in God they don't believe in nothing;
they believe in anything. - G. K. Chesterton
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
RobertV
Viewer

I get what you are saying but let me use your analogy to re-express my point.  When I got my original materials in 2017, they were all about "How to be a Baker" and when I took the test in Dec of 2017 it was the old 6-hour test and the test reinforced the ideology of "How to be a Baker".

 

I didn't pass that test but while I was taking it I could clearly see the connection to my study materials and how I could/would have passed it I had studied my baking skills harder.

 

I had a job transition in 2018 so I had to wait until 2019 to re-take the test.  I had my old materials and purchased some new materials.  The new materials fell in line with the old materials which reinforced the ideology to be a good baker you need to know "X", understand "Y" and how to differentiate them from "Z".

 

My issue is after all of that when I sat down with the next test in 2019.  The questions were so disparate from all of the information (flashcards, books, podcasts, Udemy, etc) that it felt like I was taking a test on "How to be a Blacksmith".

 

I realize with the size of the test bank this may not be everybody's experience but I would also ask for anyone commenting on this thread did you pass the certification with the old test or the new test?

kevinkidder
Newcomer III

I passed the exam this year using the new exam, and the 1-version old study materials. Namely, the Shon Harris book, the CBK, and the official study guide from the ISC.  

 

I know what you mean, and can 100% understand your frustration. It is something that I have seen echoed here in the community numerous times. I can't say for certain, but I do know that I relied heavily on my own experience and management experience to understand the questions and how they were framed to the ISC material.