I started to study for CISSP from October 2020 with reading CBK, Official study guide, All-in-once and their practice tests. I am having CCNA, MCSA, CompTIA Sec+ and Symantec cert, so I thought this was enough for the CISSP exam. However, I failed the first attempt at question 135. I’ve never failed any exam since the date I started to take tests with Pearson Vue. The result of first attempt really made me sad.
I took a break one week and continue to learn more by doing more practice tests and study more with SDLC, BCP, DRP, CP,etc. I booked another exam last Saturday. When question 101 appeared, I thought I did not do very well to pass at question 100 and kept trying to answer the questions. I managed time pretty well and when the question 136 appeared I thought I did better than first time, and hoped that I could pass after question 150. But when I saw the result page, I was sad again. I did better this time though with one domain Above proficiency. I practiced more than 5000 questions from well-known source. I could conclude that the 3 hours exam “sound” good but it is still not enough and 150 questions are very overwhelmingly.
Any good and right advice and guidance is much appreciated!
The first thing I will ask is do you have any idea where you are falling short?
Are you comprehending the material? Many other tests you can just simply memorize enough question and end up passing, but it seem with this test I hear people doing better when they have a good understand of the material and look at things from a best practices point of view. I have mentioned in other posts how the CISSP exam is from the best practices mindset where as the CISM is from a management mindset. Having the right mindset on one of these tests makes all the difference.
I fell short on "Security and Risk Management", "Security Assessment and Testing" and "Software Development Security". First time, I fell short also on "Identity and Access Management (IAM)", but I push it forward this time and got it "Above". "Security and Risk Management" is still low at this attempt.
When taking second attempt, I understood questions better but I also felt I lacked "something" compared to other times I took other tests and passed.
I agree with you that I might need to "look at things from a best practices point of view." But what should I do to improve those weak areas?
Actually CISSP is not the hardest (at least not that hard to me) but different people has different strength and weakness, so can't comment.
my advice for exam,
1) knowing the domain "inside out" is important, knowing which domain to improve and spend time on those. With only 1 domain Above proficiency, definitely it's far from par (CISSP has 8 domains)
2) read question "carefully", since many people complain about the English on how the question is worded (I am not an English native speaker but I find no problem in this myself).
3) during the practice, understand every multiple choice is offered. If you have known the domain inside out, you should able to identify which answers are distractions normally 2 answers are very obvious wrong one and pick the best one from the other 2 which give you a step closer to pass.
4) Apply #3 in your actual exam and do not panic, stay calm, even you have questions you are not sure, ok to pick an answer, move on and don't drag on too much and don't think about it after you press the submit or next question ( because you can't do anything about it already)
5) Time management, since CISSP is a CAT (non-linear), getting correct answer in the beginning and make the test giving you more difficult question to secure higher mark and having a good start is essential (hence spending more time in the beginning would be ok) otherwise you may not able to get enough "weighted" question to get the pass the test. (IMO).
Finally it's not about who answer lesser question and got pass, but when you plan to finish all 150 question and hoping a pass is a very dangerous (or marginal), always aim high, even if you have missed, you won't be too far. I think very much you may need to work on point #1
I recall my exam stop at 10X questions
Hope it helps. and I hope next time you said you answer question ~120 or less, exam stop and you got pass.
Thank you for your response. I agree with you on most of your tips.
#1: I will absolutely work on the weak areas to improve it with the right mind set. I got three "below", four "near" and one "above" from the last attempt, so I think I am on the right track. I figure out I like to pursue CISSP certification because the gaining knowledge helps me on my daily basis of workplace in IT area.
#2: I agree with you. The wording style of questions are varying. I am feeling the exam is made by many people, not only one or two.
#3: I do pretty well on this in my second attempt. I could narrow down two amongst 4 choices pretty quickly. But need to choose the right one "faster".
#4: I agree with you. Because I don't not know some topics "inside-out" really well, I was still stuck at choosing the right one between "final twos" when they sounded similarly and both true.
#5 and final: I agree with you: I should aim higher other than finish all 150 questions.
I don't know when I will be really really "ready" to take the test again and pass. But just continue to study.
Yeah. It's not easy to know when I will be ready to sit and pass the exam.
I did the official book's practice exam few times but I will try to do it the way you suggested.
I hope some day I could reply to you and say I pass the exam but I know I have to work it out more.
Just FYI, I have friends very rely on the official practice guide and failed the exam. I did not ask for details. I did not know how he use that guide (I did not use that practice guide myself but only practice question at the back of each domain in CISSP study guide and the way I describe how I use the question, not only treating them as a test but a method to learn)
For me, I would still recommend knowing the basis/domain inside out is your best bet. Practice guide are only "aids". Rob also provides you good reference material for deeper knowledge learning (esp the Security Engineering by Ross is a nice one).