I failed on Saturday the third time but I´m not frustrated because I was well prepared. I learned the last 5 months and read the Sybex and the ISC book. Additionally I´ve visited a One week training which I learned 12 hours a day.
The problem with the adaptive exam is that it is a disadvantage if you have practice experience, because the only have inexact questions like What is the MOST, or the LEAST … and so on.
Some guys from the finance sector did the exam after a week training and they all passed. They had no IT practice, they only looked for the keywords and guessed the answer.
So, for the CISSP you shouldn´t have experience on the job. You should have less knowledge and only look for their keywords, that´s it. Don't consider with your experience from the job.
very sorry to hear that you did not pass. I can appreciate your disappointment - especially if you have tried three times, and have done a lot of studying and preparation. In such situations it is tempting to blame something else than yourself, especially if you fail to see what you did "wrong".
And that may well be the key: to find out where your weak areas are, and how to improve on them.
In most cases, people fail for mostly one or more of the following:
Motivation. Given your efforts and the time spent already - assuming you roughly spent the same time to prepare yourself for the first two tries - it seems that obtaining the CISSP is of enormous importance to you. So, you are well motivated, even though you may not feel like it right now. I don't think that is the problem.
Knowledge. The bare facts, the stuff that is listed in the CBK. To test your knowledge, you might, for example, do test exams. I have had some good experiences with CCCure when I prepared for my exam. If you consistently score somewhere over 80 percent on their tests, you should have adequate knowledge. You could also join or set up a study group (even a study peer is often sufficient), which often can help to build knowledge too. If you fail to fully understand a concept or topic, do additional research. E.g. you might use this community to help you find the answers. However - just check and doublecheck - also consider the quality of your efforts to study: if you study, do you actually study or just read fragments in the book? Do you create extracts? Do you try to formulate questions and answers from the materials? Do you try to explain a newly learned concept or idea to others? Do you actually USE the terms and concepts that you studied? Did you try to "braindump" - or do you really DIG what you learned? There is an excellent book that may help you with your studies: it's the Sciences Good Study Guide (ISBN 0-7492-3411-3), you may consider buying it.
Attitude. This is the most difficult thing: obtaining the proper mindset. Picture yourself as being responsible for advising a board of a large company about security: would you tire them with nitty-gritty details, or give them a broad oversight? Would you whack them around their ears with details, or give them a sufficiently detailed, but still broad vision? Do you, by nature, balance cost against risk? Do you understand that your mission must not be to make things overly secure - but just secure enough? The art of being able to oversee the entire, dynamic field and then destill a good advice on board level from all that is what a CISSP should be able to do. So, instead of focusing on details, focus on the main themes and try to be consistent with that when you answer your question. Don't fight the questions: read them as if you were that manager, then choose the best answer.
I hope that you will find out what the issue is, or the issues are, that stop you from passing the CISSP exam. I hope you have the energy and stamina to continue your studies. And remember: nobody gives a dang if it took you a couple of attempts to obtain this accreditation. In the end, a CISSP is a CISSP - that's the entire point of it!
it is really frustrating if 25 years IT experience are worthless and if the only way to pass the exam is to memorize exam questions. The new adaptive exam doesn´t require deep knowledge of a topic, you just have to look for buzzwords to guess the right answer. If I read the questions which normally are a one-liners and look for the answers I´m thinking yes, answer no. 2, but from this point of view it could also be, for example answer no. 3. Beginners or non-IT professionals have it much easier, because they just looking for your keywords and the answer from the regarding Domain.
Guten Tag, Dirk.
These 25 years of experience are no doubt NOT worthless: they will serve, eventually, as proof of your competence in at least 2 of the 8 domains and hence enable you to obtain the credential. However, if most of your work experience has been on a hands-on level, then yes, indeed, the natural focus on details that you may have might hamper you.
However, it is certainly not so that merely knowing the buzzwords makes you pass the exam. If that were the case you would have passed on second attempt, as by then you no doubt would have learned to do "the trick". But there is no "trick" - it does not suffice to scan for buzzwords. You need the proper mindset: think like a manager, like an advisor, not like a guy that has to install and configure hardware and software (not saying you're doing that, just trying to give advice).
Also, beginners and non-IT pro's will not be able to proof they have sufficient experience to qualify for CISSP.
The message, as hard as it may seem is clear: there is nothing wrong with the certification nor the exam. You may feel it is not the proper exam to test your skills - which no doubt are quite good in many fields - but that's not relevant. A CISSP is a multi-faceted person, that understands technology, but mostly has an eye out for the broader scope of things, and is able to destill simplicity from complexity. Not a person that just produces buzzwords. And the exam tests you on these facets. So, if you fail, you don't fail because you did not learn the buzzwords. You fail because you either lack motivation, knowledge or the proper mindset.
I hope you will stop fooling yourself - sorry, but that's how it looks to me - and start facing reality: either the CISSP is not for you, or you need to change something. For sure enough - I don't think the exam will change on short term..
Again, this is an exam where 'memorizing' questions will do you no good at all. (ISC)2 does not have a bank of questions for anyone to collect and memorize. If this is what you believe is the key to your success, then I would encourage you not to go out and blow another $700 on another attempt.
Brain dump maybe giving CCCure a bit too much credit unless things have changed radically since I used it back in late 2000s. Its a good test engine with questions written by volunteers not professional question writers or necessarily by current CISSPs - anyone can submit a question. So last I looked the question base was a bit outdated. This may have changed, it's been awhile.
Anyone have recent interaction with the site? There are certainly real brain dumps out there, but I am leaning at giving CCCure a bit of a light pass unless proven to have gone to the dark side or something.
Maybe I have bad information... ...No need of starting a dissertation if I am incorrect. Thanks.
M.A., M.S., CISSP, CISA, CISM, MCSE
You've made a potentially libellous statement on a public website about a business run by a respected member of this community ( @clementdupuis ) - I think you should edit your post to remove the offending remarks!