I recently passed the CISSP exam and wanted to share my experience with you. I have around 3 years of work experience as a build engineering and technology auditor. I used the below material to prepare for the exam:
1) (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (7th Edition): It is very important to go through this book and get familiar with the concepts and terminologies. Make sure that you practice the questions at the end of every chapter and read the domain summary. The exam would be based not just on how much you remember from the book, but also how think you can apply those concepts practically. It would test your thought process around these topics.
2) Attended the 5 day classroom training provided by (ISC)2: This training is provided by official instructors from (ISC)2 and they will walk you through the 8 domains of CISSP. This training was more of a wake up call for me and made me realize what areas I need to focus on. I think the training really pushed me in the right direction but please go back and study for a couple of weeks before you appear for the exam.
3) Official study guide provided during the classroom training: Another thick book but this covers the 8 domains separately unlike (1) which has 21 chapters covering different topics. I believe (1) was still better in terms of depth and number of practice questions but this book had some additional information as well.
4) Cybrary: There are some free videos available on this website, some of them are really useful and informative like cryptography and networking. Worth watching.
5) Boson Tests: Available for $75, you get 5 practice exams with some decent questions. These tests will make you go back to your text book and research further on certain topics. Please practice these tests once you have read the book. Really worth buying it.
Although I prepared from a lot of different sources for this test, the exam was nothing like what you would except. It will mostly test your thought process towards a situation, therefore your work experience will definitely become a factor. I believe many questions were risk based and since I am an auditor, my experience helped me think and guess the most appropriate answers. Overall, the exam was NOT EASY so please make sure that you dig deep in every concept and think about its practical application. Spend 50% of your time in practicing questions and get yourself familiarize with the type of questions they ask.
With all that said, All the best 🙂
Congrats! I passed the exam in July and was pretty certain I had failed because I had to answer all 150 questions. I was expecting, with adaptive testing, to have it cut out earlier than the full 150. The questions are not what I would consider easy, by any stretch of the imagination, but if you have drilled through practice questions the logic will come to you.
Certified Information Systems Security Professional is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)².