Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer I


I’ve heard some rumblings that the new CAT format for the CISSP has made the exam much easier.

I took and passed the exam last week. The exam was tough but fair, in my opinion.

CISSP was my first certification and my first CAT exam, so I don’t have a frame of reference on the new format.

Has anyone taken both formats of the exam? Or does anyone have a better understand of CAT format?
4 Replies
Contributor III

From WikiPedia: "CAT successively selects questions for the purpose of maximizing the precision of the exam based on what is known about the examinee from previous questions. From the examinee's perspective, the difficulty of the exam seems to tailor itself to their level of ability. For example, if an examinee performs well on an item of intermediate difficulty, they will then be presented with a more difficult question. Or, if they performed poorly, they would be presented with a simpler question. Compared to static multiple choice tests that nearly everyone has experienced, with a fixed set of items administered to all examinees, computer-adaptive tests require fewer test items to arrive at equally accurate scores. (Of course, there is nothing about the CAT methodology that requires the items to be multiple-choice; but just as most exams are multiple-choice, most CAT exams also use this format.)"


  1. So, the exam should not be easier nor more difficult, but take less time.
  2. Taking less time could be seen as making it easier, as the old exam also tested your cognitive durability, something you really need if you want to be an infosec pro, methinks. So, in that regard I feel it's a step back.
  3. On the other hand, being asked more and more difficult questions until you 'break' is also a type of cognitive  endurance, and not being able to review your questions could also be seen as intellectually challenging.

I don't think many of us ever sat both exams, if anybody at all, as the new CAT format was introduced just now. Remember, the re-take policy requires 30 days to pass before you can re-take the exam. So, the only people that could have sat both exams are those that either recertify by doing the exam (e.g. not having acquired sufficient CPE's) or failed the old exam at least 30 days ago and re-took the new exam.

Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
Community Champion

The only thing I think not called out here by Heinrich is the fact that in the old test format subsequent questions could trigger the memory on review questions I've sat the old test format twice(l one paper one CBT I'd lapsed on CPEs), an I definitely picked up points on review, so I'd argue for that being a moderate advantage.


To be remembered as well is that ISC2 added non-scoring research questions, so not sure where these would fit into the CAT model. I guess we could ask that ISC2 get back to us with pass/fail metrics old vs new after it has run for a while?



Newcomer II

Great question, and great points from Heinrich !


Yes the test should not be easier or harder, just shorter. When I took the CISSP exam, it was on paper, and it was a 6-hour slot. They allowed people to take a lunch box and have a proctored break to eat, and I thought "what did I get myself in to?!" Luckily I finished in about half the time but it was nerve-racking to take a test that long.


The CAT testing is something that has been around a long time, and in fact, the DMV here in North Carolina uses it; I did an adaptive test when I added my motorcycle endorsement.


The bulk of the benefits are for candidates taking the test. A short, adaptive test is so much nicer and cleaner. Less time also helps keep the cost in control because high security testing facilities like (ISC)2 uses are expensive.


From an organization's perspective, there are additional indirect benefits - ones that the issuing body will realize, and will have an indirect impact on all the members. In addition to keeping the exam costs down, CAT exposes less questions (exam items) which also presents a security and cost benefit.


Since (ISC)2 is a non-profit, member-based organization, these additional savings and benefits trickle to members in an indirect way but are still very important to the integrity of the certification and its ANSI accreditation.



Jennifer Minella, CISSP,

(ISC)2 Board of Directors 2014-2019

2019 Chairperson

VP of Engineering
Carolina Advanced Digital, Inc.

Cyber Vista has a good webinar you can register for free that provides a good break down of the CAT format and offers some helpful tips as well.  Their course of instruction is very well put together also!