cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kevinkidder
Newcomer III

How deep is too deep when studying for the CISSP?

Hi all,

 

I am along the path of studying for the CISSP with quite a few resources (Official CBK, Harris' "All-In-One" Exam Guide, Lynda.com videos, Cybrary.it, Transcender practice tests, and many other suggestions from people here- Thank you all!). Each of these resources go to varying depths of detail on each topic.  One question I have though is how deep is too deep in terms of a topic? Meaning, without giving away details, will I need to memorize specifics of the privacy laws to know which privacy law specifically prohibits a specific type of action? Or would it be more likely that knowing about the laws is enough?

 

I plan on being over prepared, but don't want to get bogged down in details that aren't important to memorize.

 

Thanks

 

Kevin

8 Replies
Beads
Advocate I

Selecting material is more about preference and taste in that materials are essentially useless when you never finish them.

 

Generally recommend find two sources in book form and read them slowly - cover to cover. Add to that one good lengthy quiz book and possibly one CCCure or similar online simulator. Anything more than this will be complete overkill.

 

As for what to read depends entirely on how much experience in the field you have. If your fairly new I would strongly suggest something that sounds like an All-in-one approach type of book. Well versed in most of the subjects tested and just need a good refresher? There are smaller, more concise reads with names like "11th hour" or "essentials".

 

Whatever you do please avoid any material that sounds suspicious or outright "brain dumps". These won't help much and only exist to cast a shadow on the certification on both the industry and individual. Yeah, someone is out to make a buck but the damage done has been lasting. Let's not go there.

kevinkidder
Newcomer III

Thank you Brent.

 

I am not questioning my sources of study, as I am fairly confident in them. I have been in IT for 20+ years with various roles in and out of security. I am questioning the depth of the questions on the exam. I have heard the CISSP exam explained as wide, but not deep. Some of the practice exams that I have seen so far though seem to be both.

 

Thanks.

 

Kevin

Jesse_Mundis
Newcomer III

The test on the whole is *very* wide, and *not* very deep in any one area. That said, however, there will be specific questions that may include "details" like bit lengths of common cipher keys, or specifics about which OSI layer is relevant in a given situation, or port numbers for common protocols. In that sense, individual questions may feel "deep" or at least detail-oriented.

To your example of "which privacy law covers an action" - yes, I'd say knowing the difference between, say, ISO 27000 and NIST 800-63 is exactly the kind of "detail" you might need.

It's like knowing the difference between "authorization" and "authentication" and not just memorizing "auth" as being important.

That said, for any *particular* detail, you may only see one question about it, out of 250. So obviously, you can't study and memorize *all* the details of all the things.

As a study strategy, breadth is vital, depth is useful.

But as others said, one or two inclusive books, and a good video course, and sample tests should be plenty. I used "11th hour" as a review the week before my test, not to learn, but to refresh.

I also kept track of all the sample questions I got wrong along the way, and at the end of study went back and did all of those again. Any I still got wrong a second time, made up my "things I clearly didn't internalize" list for last minute review and study.

Good luck.
Bertikus
Newcomer III

The textbook answer is, go as deep as you can go.  Since that doesn't really answer the question however, I did find on the CISSP website under approved training this link: http://learnzapp.com/apps/cissp/ There are (I believe) retired test questions which will best show you how they ask questions and shed some light on how deep to go.

Lamont29
Community Champion

My philosophy to test-taking and my overall success has been to choose a relevant authoritative resource and go with that. If you actually retain 45-50% of what you've read in the Official CBK, Shon Harris, or any other authoritative resource, you will pass the test if you are honest with yourself and avidly study in a proper manner. A good deal of the test (30-35%) that I was presented with were experience based. Those questions were very intuitive to me and I would not have needed to study to answer those particular items.

 

You may be spending too much money in my opinion, but everyone is different.

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE
Lamont29
Community Champion

If you have that much experience, then you will be fine. You are exhibiting 'test fright' that's probably due to the $700 that this test cost. It's not that bad Kevin when you have the requisite knowledge + experience. Just do the study targeting those areas that you want to brush up on and go take the test.

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE
Early_Adopter
Community Champion

CISSP is really "deep down superficial".

 

Reading, comprehension and attention to detail are as critical as the remembered knowledge. However with twenty years in IT, you'll be pretty well prepared from your nine to five(unless of course, it was all at 'Reynholm Industries' as featured in the 'IT Crowd' - but in that case, I see a more lucrative career for you acting in sitcoms...) 😉

 

One good book is probably enough, the new study guide was quite good for me.

 

Here's what I do when I study for an - read it for say 30 minutes at a time, note down concepts I don't understand, rest for ten, look them up, rest for ten and then attempt the recall of the facts and redo any I miss. 

 

CAT means it's important not to get questions wrong - so I'll reiterate attention to detail, but none of the questions are what I'd call deep. Good Luck!

 

 

canLG0501
Newcomer III

I understand being over prepared, but not wanting to get bogged down in details that aren't important to memorize. I felt the same. I took a strategy of looking at the percentages of each domain and focused on the domains that were heavily weighted (i.e. Security Operations and Risk Management). It worked for me and it will work for you!