That would suck, for sure. My wife would say, "Bottom-line...does it say PASSED or FAILED?" 🙂. As we all know, when it gets to the interview...score means nothing and if by some weird circumstance the resume stated (CISSP; passed on [greater than 1] attempt) , I would see it as an opportunity to discuss and uncover the personality/character of the interviewee.

Why do people think that ISC2 should revisit thier policy around paying and taking theexam - this the most normal thing in the world. @sandyshar - it really sucks to fail man - i sympathize and understand but why should ISC2 not bill you for the second attempt??? Let me try and give a very distant example.... - imagine you have an incredible fence around your house - everybody absolutely loves that fence and want to touch it and take pictures of it. Then you announce that you would take 100$ to allow someone to paint your fence - thousands of applicants come, if the one chosen fails - would you allow them to do it again for free? - It may sound irrelevant in the beginning but it's really the same thing - we want to have that cert so badly - it comes with a cost - in my opinion this is pure business - each fail generates money for ISC2 - they've got to be crazy to bill only the first attempt. In my opinion - this works as a motivator to some extend as well.

@sandyshar- very sorry to hear you did not make it - yet.  There are two issues you seem to address: firstly that the exam did not match your expectations, secondly that you have to pay a lot of money to sit for the exam (again).

 

I do somewhat sympathise with the second issue; if you have to pay this yourself, it really is a significant amount of money. On the other hand, if you become a CISSP this immediately increases your market value, and I believe that the 1400 or thereabout  dollar you had to spent to become a CISSP - assuming you pass on second try - is still money well spent. Also, as a CISSP you should already have at least five years of cumulative, paid work experience in two or more of the eight domains of the (ISC)² CISSP Common Body of Knowledge (CBK). This usually involves getting a salary, and we are mostly paid quite well. Also, in many cases, the employer will pick up the bill. So, unless you are in a particularly odd situation, you should be able to raise the money, methinks. 

 

About the first issue you seem to raise: yes, the exam can throw you off a bit. I sat my exam in 2011 and also have the exact same type of recollection that  you seem to have: being somewhat surprised by the line of questioning, which was quite different from what I had expected. However, as a professional I am used to very many different ways customers can bring up issues and the many different cultures and communication styles involved. It is up to the CISSP to see through all that and give proper advice. The exam merely reflects this, methinks.

 

I really hope you will sit again and pass.

 

> sandyshar (Viewer) posted a new reply in Customer Support on 08-24-2018 05:01 AM

> I also attempted CISSP on 21/08/2018 and failed. It is really a big
> disappointment as i worked very hard towards preparing for CISSP. The kind of
> questions i had faced during the CAT exam were really out of expectations.
> Though i was able to attempt all 150 Questions but the final result was fail.
> Now again i have to pay 699$ (Plus Tax) to sit for second attempt. This is
> really unfair. ISC2 should revisit this policy.

To quote an American president of a few years back, "Life is not fair."

Do a search on "anderson" (you'll find out) and read those threads.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Those whom the Gods would destroy, they first call promising.
- Cyril Connolly
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

I don't think the ISC2 should change their policies with regards to the retake fee. I mean, granted, it would make it financially easier, but knowing human nature most folk would probably take a nonchalant approach to the exam because the retake is cheap. I above been contracting for most of my IT career to date. That means most all of my professional development, including exams, has been self-funded. Trust me, I take my exams seriously , especially as the funding comes out of the shared family budget. I studied for the 6-hr exam as if failure was not an option . I studied as if there would be no financial resources to retake the exam I basically studied as if it was my one and onky chance to pass this...including answering over 2500 practice questions and taking 4x 6hr practice exams. I passed.

Rather than lament about the failure (because failure isn't final until YOU decide to give up) or request a change in policy, why not go back and seriously look at how you prepared for the exam, mentally and academically. Ask in here and other forums such as Luke Ahmed's "Study Notes and Theory" group on FB, for assistance. Get back in the saddle and get those letters!
When I clicked start, I had NO concern as to the questions, the format of the questions, the length of the exam...nothing. Why? I Prepared. So can you. You can do this!

Let me chime in to say that you are not on an island by yourself. Many
people did not study well enough to pass this test. Also, the test is
largely experience based. The 5 - years required minimum years of
experience to sit is just that... the minimum! I think that the 8 domains
require considerably more in order for this test to be 'intuitive' and thus
easier to pass. All others should do more intensive study.

No, (ISC)2 is not and should not make it financially feasible for someone
to keep retaking the test with impunity. This will of course drive down the
value of the testing and thus the certification, and the CISSP wouldn't
hold any value in that instance and I would have never pursued it in the
first place.

I'm in the same boat. Did 150 questions...still failed. I don't know...if we hit 150 questions, does that mean we were close?

I don't want to lose hope, but I also don't want to keep banging my head against a wall. I know the subject matter. But it seems that I just need to figure out what ISC2 expects a manager to think like. I guess I need help in identifying what "managerial thought" in ISC2 parlance means.

Think about your managers and what they do on a daily basis (not team leads, not SMEs... mangers, senior managers, directors, CISOs)

Do they log onto a server/router/IDS/firewall.. any device?
Do they change a firewall rule?
Do they run a vulnerability assessment or a pen-test?
Do they reboot a server?
Do they scan for viruses?

I.e do they do anything physical to the environment they are responsible for?

Any answer that suggests an immediate physical action is probably the wrong answer.

It's a rhetorical question but it's to get you to review the difference between a manager and his staff.

Hope this helps...