> rburg350 (Viewer) edited a topic in Exams on 12-22-2020 07:47 AM in the (ISC)² Community :

> HELP! This is the 2nd time that I have taken the CISSP exam and failed.  I
> have been in the security field for over 15 years as a security analyst,
> Security Manager, and IT Security Director. I have a MBA and graduated from
> MIT.  I have been working in IT for over 30+ years.

OK, I have to admit that I find it really bizarre that someone with that level of
experience failed the exam. I've never encountered a similar situation, and I've
got to admit that my first thought is to wondere whether you've actually got 15
years expereince, or one year fifteen times over.

>   I took on the attitude that
> I got knocked down but I am going to get right back up and try again.

Which is good ...

>  So
> this time I purchased the ISC2 online self study course with 100+ videos and
> went through them twice taking a tremendous amount of notes.  I took the
> domain tests, and the domain exercises.  I read the Sybex Official Study
> Guide 8th edition from front cover to back.  I studied the official
> practice tests 2nd ED and scored 95-100% on all domains.  I used the flash
> cards which came with the online course and knew them all.

Which is not a guarantee, unfortunately. Read "Security Engineering," by Ross
Anderson. You don't even have to buy it:
http://www.cl.cam.ac.uk/~rja14/book.html

>   I cannot talk about
> the specific questions on the exam but I will say that the questions were so
> long and confusing it was disappointing.

Yeah, the questions can be long, and you do have to work at understanding them.
It's the same as doing security.

>  Nothing on OSI, nothing on
> protocols or the threats at the different levels, nothing on code of ethics,
> nothing on encryption, nothing on DR, nothing on backups, nothing on SLE &
> ARO, nothing on OWASP....I could go on.

Yeah, when I took the exam I got fixated on RADIUS, and figured I was going to
fail if I didn't know absolutely everything about the protocol. Of course, there
wasn't a single question on RADIUS on the exam I took ...

>  I think it is more about
> comprehension of the English language and being a good test taker.

Yeah, you do have to work at understanding the questions. Check out:
https://community.isc2.org/t5/Exams/CISSP-questions/m-p/18626

>  I have
> spent over $2K trying to pass this exam and many many hours of dedicated
> studying. I don't even know how to suggest a study method.

Yup, when I took the test I wasted $300 on absolutely the worst study guide ever
written. (It was*so* bad that, when I was doing seminars, I told people not to buy
it. One candidate said that he alsready had. I asked if he had read it, and he said
no. I said not to read it, just leave it in a cool dark place and avoid it until after
he'd passed the exam.) But the two things I've suggested should save you some
money ...

======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/