I am an Info Security professional with 11 years of experience. I took the CISSP CAT 2018 exam day before yesterday after 4 months of tremendous hard work. Studied 8 hours per day for the last one week. I failed after getting 150 questions. It was a nightmare and I was really disappointed. I am trying to figure out where I could have gone wrong. I had known from people that the exam ends at 100 questions if it can determine with certainty that the candidate is above or below the passing standard. I do know of people who had their tests ended at 120ish questions and passed and the others failed at 120 odd questions too. When I crossed the 100th question, I knew I was not doing good enough for the computer to determine that I was above the passing standard. I decided not to lose my cool and answered every question patiently expecting that the exam would end at some point of time. After 125 questions, I seriously lost hope. It was like a roller coaster ride. It kept giving me questions that invariably had key words like "BEST", "MOST", "LEAST" and so on.. While I was able to eliminate 2 choices, it was really hard to narrow down on one. And I also feel like it kept hitting me on areas where I did not fare well. After attempting 150 questions, the test report said that I failed and provided me with a report that said I was above proficiency level in 4 domains and was near or below proficiency in the remaining 4 domains. One thing, I can say for sure was that the exam clearly determined the areas that I personally felt I was weak at. But there are certain confusing aspects that I need clarity on...… My questioning is merely in pursuit of understanding. Please enlighten me on the below
1. If the CAT could fail a person at 120ish and pass another candidate at 120ish, why does it throw 150 questions for a few?. Does that mean that I could have got the last 5 questions and still passed ?? Was my answering so unpredictive that the algorithm was not efficient enough to determine my capability until the 150th question ? If yes, it contradicts with my testing report where it says I was near or below proficiency in 4 domains. Why does an algorithm have to wait till the1 50th question to finally determine I did not reach the proficiency in 4 domains ?
2. Can a candidate be below proficiency in 1-2 domains and still pass at the 150'th question ? I see people posting that they had 150 questions and came out thinking that they surely failed but passed to their surprise. Quite a gray area
3. If a candidate has cleared the exam at 100 questions, is it mandatory that he should have received all 25 unscored questions ? If yes, does it mean that of the 75 that were scored, he/she could have answered merely 70 percentage of them correctly(close to 50+ questions) and still passed ? If yes, this seems not ok.
4. The difficulty level of a question is relative. What is difficult to one could be easier to another. How does ISC2 determine that a question is difficult or easy.
5. If ISC2 had a way to determine the set of difficult questions, the exam could throw only questions from the difficult pool to all candidates and determine if the candidate scores 70% of ISC2's difficult questions correct? That would be a much fair way. Why even give the easier ones ?
I can read the Sybex 2018 edition twice before my next attempt, but I don't want this scaring experience again 🙂 Can someone enlighten me on the above questions asked and the test taking strategy
I read only from Shon Harris last time. I did not have the patience to read the book for more than once.
Ah. I may have identified your problem, here ...
Shon, well, I don't want to be too hard on her. She stole from the best. (Stealing from one person is theft, stealing from two people is plagiarism, stealing from three people is research.) And her material always was readable. But she did have this habit of explaining things, in lots of detail, that she didn't actually understand. When doing the seminars, I always told the candidates that I refused to answer any questions that started out "Shon Harris says ..."
Now I bought the ISC2 Sybex 2018 edition and also the ISC2 test papers. Reading them as slowly as I can. This time, I am going to give a tough fight 🙂
It may have been mentioned before, but you should read "Security Engineering" by Ross Anderson. It's the best single volume coverage of the field that I know. (And I'm not the only one.) There are other texts, but Ross is a mainstay, and anything he writes is worth reading.
Thanks Rob. Yes. His book is classic. Attack vectors change all the time. But Anderson's books stand the test of time. It's not for nothing that they use it as a fundamental text book in many Sec engineering classes.
The disconnect I see is that many people swear by this or that guru. What many fail to realize is that the only guru who can help you move forward is the one standing in your own shoes or sitting on your own a$$.
Thanks as always for your comments!
Thanks all for sharing nice insights about the exam.
I passed the exam last Sunday on 120th-ish question. And I think probably the Meditation I tried on Exam-day morning did contribute more than 4 months of hard study. It helped to keep me cool and let the experience talk.
Two cents from a newbie.
Spot on. Congrats and kudos. The test is more than about knowledge; it's about experience and managing how you solve problems. Every moment of thought counts and can mean the difference between success and failure.
The test asked me 150 questions as well with a passing result. I'll admit I thought it beat me up a little bit. I was testing with a CAT simulator that showed me to be proficient or above in all 8 domains. When I sat down for the test? I felt like it was a different certification than what I had spent the previous 4 months studying! So I understand the frustration. I think the most important things have already been covered and since it's been some time since you originally posted, I hope you go back and attack it again after following the advice on this board.
Yes, the test is difficult. When you get to 125 questions you begin to think you've failed and that plays into your answers. The best advice I got was to expect 150 questions over the course of 3 hours. (I remember dramatically asking myself "why am I still even trying?") The key is to stay the course and keep answering the questions to the best of your ability based off what you've learned. Look for the manager hat in the answers. I hope you try again and pass! The world is growing more and more complicated and it needs as many of us professionals as it can get.
Good stuff. Good luck.
I did not have the patience to read the book for more than once. Now I bought the ISC2 Sybex 2018 edition and also the ISC2 test papers. Reading them as slowly as I can.
That's certainly the way to progress. Patience and deliberation; thought and attitude.
These, too, are requirements for any sort of professional. Attending patiently to the task is a must.
Domo arrigato Misterroboto!
Encouragement is never stale dated. Thanks for it.
I found that I needed to make a conscious choice to look for the kernel of truth or fishiness to decide how to answer. Since each correct or incorrect answer weights whether one passes or fails, I took the time and paid attention. Even though my attention tends to be scanty.