Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How deep to prepare for CISSP?

Hello everyone!


Without going into too many details, how deep should one prepare for CISSP? I read everywhere that CISSP should be answered like a manager and it is an inch deep and mile wide type of an exam, however, there are tons of technical details in all of the CISSP books and lots of minute details such as different steps in a process, sequence of steps, labeling details (for example TCSEC, ITSEC, Common Criteria EAL levels etc.), bit/block size of algorithms, cable lengths etc. Every practice exam I have tried also tests for a lot of these types of technical details.


For the real CISSP exam, I am wondering if it is worth putting time memorizing all these minute technical details if the exam is only going test the breadth of knowledge? Can anyone please let me know how much of the exam is really technical or deep? It would just help me focus more of my time on learning the concepts instead of memorizing technical minutiae.



3 Replies
Newcomer III

I've passed the CISSP and SSCP exam and I would say that "an inch deep and mile wide" is correct, but ...

Some questions have answeres like:


You don't have to know what the law says, but you need to know what they are used for. If the question is about health-care, the chances that HIPAA is the correct answer is quite high. If it's about credit-card transfers you can guess the correct answer is PCI-DSS.

So an inch deep and a mile wide seems to be correct.

Another example is the EAL levels. You need to know which assurance level is the "highest" and you need to know the order. Now looking at the order it makes sense even though you didn't study for it:

EAL1: Functionally Tested
EAL2: Structurally Tested
EAL3: Methodically Tested and Checked
EAL4: Methodically Designed, Tested and Reviewed
EAL5: Semiformally Designed and Tested
EAL6: Semiformally Verified Design and Tested
EAL7: Formally Verified Design and Tested

I would say, don't read the pages in the book, but understand the content. Read a page and be sure you understand and can explain to someone else what it does or say. Then you're ready for the exam.

I have to say that even though you know everything from the book, it doesn't guarantee you will pass the exam. It's also a mindset you have to have for passing the exam. Although a lot makes sense.

My biggest challenge on the exam were the questions. As a non-native English speaker, I didn't understand most of the questions. I could read the questions 5 times, but still didn’t understand any of it. So most of my answers were guesses.

Good luck with the exam! If you fail, you know what sorts of questions are being asked, how long it took for you to answer the question so you know if the next time you need to hurry, which domains you performed the worst etc. And if you pass it will helps you in your career for the rest of your life.
Newcomer I

I have been studying for 4 months now and have been using the (ISC)2 guide. I can honestly say between 3 different review sources I have had varying degrees of success. 

(ISC)2 Flash cards seem to be the easiest of the testing material. Once you have a good grasp on those I would move to the Sybex test questions that are linked with the book. Lastly I would try the phone app questions. These seem to be the hardest ones for me but, these tests maybe different for each person depending on your method of study. 

Please note that if you can include the "11th Hour CISSP" Study guide this should be helpful when you are nearing the time to take your test. 


Good Luck. 


ISC2 Former Staff

Preparing for the CISSP is a difficult and challenging experience. After you pass the examination, it is enormous accomplishment that you will be extreme proud of. We have always said the work experience is your chief asset to passing an (ISC)² examination. he CISSP Exam Outline is a great source information.  Unfortunately, I am not able to say if it more technical or managerial. Many individuals say that the (ISC)² Flash Cards help them a lot; you can find digital flashcards under Education & Training on the (ISC)² website.  There are also several self-study resources available at


I would like to wish you the best of luck on your examination.


Kindest Regards,

Laura Schneiter