Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer I

ISC2 set you up for failure when it comes to taking the CISSP test for theset 3 reason in my oponion

I think ISC2 set you up for failure on purpose for 3 reasons. To make sure most people do not pass the test. The reason is not that the person did not Study or study hard enough, but I think for these particular reasons below 


1. Exam Type CAT. With the computerized random test, they make sure that you can't mark a question if you are unsure of the answer and come back to it later. Also, they add a fan to the flame by making sure that when you get a question wrong they ask you more of the same type of question wrong to lower your score 


2. They give you an unreasonable time limit. The test comprises 100-150 questions because it is the CAT type of exam. However, you have approximately 1 Minute or so for each question. I say not enough time to read, and comprehend all the question and all the answers and comprehend it and be able to eliminate the wrong answers to pick the correct one. Especially when you are given a scenario-type question that is very tricky and uses tick words to try and confuse the exam taker. 


3. They throw in 50 questions or so that are going to be on future exams. I say because of this, the test take is unable to evaluate how they are doing because We don't know which questions are the throwout questions. Therefore that adds to the stress of taking this exam. Also not know when the test ends so you don't know if the test will end at question 99 or question 150.  


Therefore besides the exam itself being hard and filled with trick-type scenarios these 3 reasons in my opinion add to the stress of taking this exam and a higher chance of failure. If I am wrong tell me why please, and I will remove my article.

14 Replies
Newcomer I

To give an example a question might ask which one of these is not an example of Due Diligence.
Now if you are reading the question fast you might not pick up on the word NOT. So this question is asking which one is an example of Due Care. So now even if you pick up on the word NOT, you still have to read each answer carefully and be able to determine if it is an example of Due care or Due diligence. and I say there is not enough time when you have 100-150 types of questions like this which can be very tricky.
Community Champion

Honestly, this reads like you missed the exam and are just venting. I am not sure but I believe the use adaptive testing like everyone else nowadays. And with this kind of test the questions change based of your answer, this would be why you can't go back. With the time limit, if you answer right you get less questions, but when you answer wrong you get more, so it is very subjective. As for trick questions, welcome to the world! I have taken many tests by many different vendors and they all do it. You MUST always read carefully. The worst I have found is when they ask for "the best" answer when a few answer are right. Way back when I took the CISSP it was on paper and even then I left the room with no idea if I passed or failed...



Contributor III

See all the "passed" posts on It is clearly doable, and a lot of people do.

Advocate I

Will agree with JKWiniger.

I had postponed my CISSP test several times.  While I had been in the field for years I only used the office CBK book at the time, and a practice exam book.  that's it.

I finally went in a took it.  This was BEFORE the computer adaptive testing.  I went thru, answered each question as best I could.  I don't recall going back on any questions, but may have for 2-3.

I wasn't there very long.

I finished, and went out.  The lady at the desk said I still had time, but I just said I'm done.  She printed out the results and I had passed.  Of course, if you pass you have no idea what your score is.  But it was such a relief.  There were a LOT of questions on encryption, and don't know if they were dummy questions.

Contributor III

My personal experience was that after going back to a question or agonising over it for ages, I didn't have a better answer than my initial thought.
Community Champion

I too concur with John.


It may help to realize a few things:


It is in (ISC)²'s financial best interest for people to pass exams and become certified.  Each new member brings with them another highly-profitable $125 (or $50 if CC) annual maintenance fee.  Failures *might* result in a retake fee, but exams have a lower profit margin because (ISC)² must pay PearsonVue per attempt.


The exams are highly instrumented.  (ISC)² knows exactly how long each person before you spent answering each question. They can measure how long is needed, with no speculation necessary.  The best advice I can offer is to build an internal feel for how fast one must move by timing yourself during practice exams and to do many practice exams (even non-security) to develop the skill of quick comprehension.


Watching/worrying about progress risks becoming the hare in "The Tortoise and the Hare". The best strategy is to answer each question to the best of your ability, starting with the first question and continuing until the very last. If you were to learn you were 1% below proficiency, what would you do differently?  I would hope nothing because you should be doing that already. 


The CAT stops early if it is sure you will pass/fail.  No need to waste time if you have already earned 700 points or have lost 300.  I do agree though that uncertainty creates avoidable stress, particularly once one is asked question 126.  One fix might be to ask fewer non-graded questions if the CAT believes the exam will go long, so that everyone ends up stopping at (e.g.) exactly 150 questions.

Community Champion

I have shared my opinion in the other post. I think it's open for discussion and agree to disagree. But when we point out issue, if there are "facts" to support, then it's more easy to discuss or debate, otherwise, it is a just shallow discussion.

1) Exam Type CAT.
CISSP is CAT. I have waited until the CAT and took the CISSP test back in 2018, and I don't really want take the 6 hour paper version. it's very exhausted to do the 6 hours. With CAT, this enable the differentiation of the candidate's ability.

2) Unreasonable time
I am not a native English speaker and I took 10 ISC2 exam/test in English and I passed all in the first attempt with fairly good amount of time left (mostly), except ISSEP which I got only a couple minutes left. If you found it's insufficient time, then it's back to your knowledge, how you familiar with the domains being tested and or your time management during the test. Of course a native speak can have advantage on reading and understanding the questions, but if a non-English speaker can finish all the test on time, we need to question if this is a matter of insufficient time given or if this is an issue related to how familiar with the domains being tested?

And CISSP with 100-150 questions in 3 hours ( it's now 125-175 question in 4 hours I believe), you really need to spend your time wisely, this is universal in every tests.

Spending 3 minutes in answering 1 question with wrong answer, score the same as spending 1 minute and have wrong answer on the same question, the different is you lose 2 mins ( resulting you got less time in reading and answering the others question), realize you don't know (unsure) the answer, and making your best or educated guess is also a skill. I guess it's very rare to have someone to get 100% correct with the given time and the test does not require you to get 100% to pass ( you only need to score 700/1000 to pass)

3) Even if there is experiential questions, they are not counted in the scoring. Also security is not a "static" one.

I don't think ISC2 is intentionally set-up for candidate for failure, but rather one's insufficient knowledge, experience is setting up their own failure for the exam/test in the first place.

Community Champion

@fsohrabi wrote:
even if you pick up on the word NOT, you still have to read each answer carefully and be able to determine if it is an example of Due care or Due diligence.

Is there any value added by an exam which can seem contextually granular and unnecessarily precise?  That value may not be easy to find, but when I was studying for this exam, I realized early-on that I might have bitten off more than I could chew.


But somewhere in my fourth month of reading was when it clicked.  That was when I realized that my boat may be swamped, but I was starting to navigate the bayou.  The book which really helped me here was Chapple's Eighth Edition.  It was an excellent read, and it ties the domains together very neatly.

As soon as I learned to bail out my boat and keep navigating, my confidence was set.  I passed the adaptive test.


But I still read each answer carefully.


A claim is as good as its veracity.
ISC2 Team

1.  The ability to mark a question and go back to it later has not been an option for at least two years, regardless if it is a CAT exam or linear exam.


2.  The exam now consists of 125-175 questions and you have 4 hours to complete the exam.  That gives you approximately 1:22 to 1:55 to read/answer each question (dependent on how many total items you're presented)


3.  We continuously work with volunteer Subject Matter Experts (SME) who already hold the CISSP certification to develop new items (questions) for the exam.  These questions are placed on the exam to determine if they are statistically acceptable items (not too hard or too easy).  If they meet our statistical requirements, they will then become an "operational" or "scored" item on a future version of the exam.  If they don't, then we send the items back to SMEs with guidance on what needs to be changed (based on statistics).  


Since I've been personally involved in dozens of content development workshops over the past two years as well as having reviewed thousands of items, I can assure you that none of the questions are written to be intentionally "tricky"; attention to detail is paramount and our statistic-based approach to exam content performance bears this out.  


Please keep in mind that I nor my team create ANY of the exam content; that is done by volunteer SMEs (your peers) and the items created by those SMEs are peer reviewed within the item writing workshops as well as reviewed by a group of SMEs during a group review workshop.  Everyone on my team holds at least the CISSP and are members too.


If you or anyone else wants more clarification, please reach out to me directly via private message.


Many thanks!


Terence L. Dutton

Senior Exam Content Development Manager

CISSP #333526