Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer I

ISC2 set you up for failure when it comes to taking the CISSP test for theset 3 reason in my oponion

I think ISC2 set you up for failure on purpose for 3 reasons. To make sure most people do not pass the test. The reason is not that the person did not Study or study hard enough, but I think for these particular reasons below 


1. Exam Type CAT. With the computerized random test, they make sure that you can't mark a question if you are unsure of the answer and come back to it later. Also, they add a fan to the flame by making sure that when you get a question wrong they ask you more of the same type of question wrong to lower your score 


2. They give you an unreasonable time limit. The test comprises 100-150 questions because it is the CAT type of exam. However, you have approximately 1 Minute or so for each question. I say not enough time to read, and comprehend all the question and all the answers and comprehend it and be able to eliminate the wrong answers to pick the correct one. Especially when you are given a scenario-type question that is very tricky and uses tick words to try and confuse the exam taker. 


3. They throw in 50 questions or so that are going to be on future exams. I say because of this, the test take is unable to evaluate how they are doing because We don't know which questions are the throwout questions. Therefore that adds to the stress of taking this exam. Also not know when the test ends so you don't know if the test will end at question 99 or question 150.  


Therefore besides the exam itself being hard and filled with trick-type scenarios these 3 reasons in my opinion add to the stress of taking this exam and a higher chance of failure. If I am wrong tell me why please, and I will remove my article.

14 Replies
Newcomer I

@tldutton I have a question regarding how the questions are set. You mentioned they are submitted by groups of SMEs and evaluated prior to being placed in as ungraded questions to determine their performance. Why is it that the language of the questions are not held to a standard? For example, you will often hear individuals regarding the test as a reading comprehension exam due to the nature of diversity in language used for a single term/definition. I have heard over and over that often the terms seen do not match the official study guide or any materials published by ISC2. I don't understand why ISC2 would not require a standardization of language across questions/definitions if they are truly trying to be the 'voice' of best practice in information security. Anu thoughts? Thank you in advance!
Contributor III

I suspect that this is deliberate, to separate those who understand the concepts and are able to apply them in practice, from those who have just memorised lots of text.
ISC2 Team

First, there are NO trick questions on any of our exams.

Second, there are very few scenario-based questions on exams; as we come across them during our reviews, we get those questions rewritten.

Third, the verbiage used in all of our questions is based on what is the prevalent language of the profession at the time the question is written.

Fourth, the average amount of time per question hasn’t changed much over the years. When I took the exam in 2009, I had an average of 1.44 minutes to answer each question; the average time is 1.2 minutes. Keep in mind that our questions have actually gotten shorter over time.

Fifth, when you get a question wrong, we ask you more questions in the same area to determine your competence in that area, NOT T
to lower your score.

Sixth, as part of our job requirements, everyone on my team, including myself, must have at least the CISSP before we could even apply for the position. This means that we were members before we joined ISC2 and are still member since have the same requirements to maintain our certifications like any other member. In order to maintain our ANAB accreditation, we have to prove that are exam are fair, equitable, and free of bias.

Seventh, my team and I as well as the entire ISC2 organization would rather you pass the exam and become a member than fail the exam.

Finally, all of our questions follow a standardized style guide to ensure every question is standardized from a style perspective as possible.

Each of our items on every exam uses language:
That is neutral to demographic background (e.g., culture, nationality, gender), evidence-based, ethical, and legal.

That never references a specific race, ethnicity, or gender or use pronouns (e.g. “you”, “he”, “she”)

That avoids overly specific knowledge, verbatim phrasing, and opinion-based content

That avoids using obscure words or phrases and regionalized or nationalized speech, slang, colloquialisms, and jargon

That uses “will/shall” instead of “would/could” to eliminate bias in interpretation

That avoids trick items, those that mislead or deceive into answering incorrectly

That is at an acceptable reading level and avoids wordiness

That does not result in negative questions by eliminating the use of NOT or EXCEPT since it creates undue cognitive burden.

If you’ve passed any of our certification exams, I personally invite you participate in one of our item development workshops so you see the work that goes into every question. Just send me a DM, and I’ll give you my work email address so I can get your information to add you to our pool of volunteers.

Community Champion

This was an excellent exposition.  Thank you for writing it.

A claim is as good as its veracity.
Newcomer I

I can tell you this out of experience. I have got my first CISSP exam in which i failed miserably. There were 3 domains that I was below proficiency. I felt like "If I cannot do it, no one can do it". seriously.

Instead of giving up, this made me more passionate about studying and finding my mistakes. Because in the first one, I got 175 questions which is supposed to mean that they were easiest questions according to CAT.

I started to read discussions about ideology of CISSP where people discussed too many aspects etc etc.

Then I have realized that I was still thinking like a technician, not like a manager/CISSP. I focused on changing and improving my point of view.

On my second attempts last wednesday, I passed it only with 100 questions. You can do it. You should just try to think more like a CISSP, than a technical person.