Every three years, I go through the ritual of taking the CISSP exam rather than submitting CPEs to keep my certification current. As you might guess considering the nature of my employment, I'm very comfortable with taking exams, so I don't mind one bit.
This was my fourth time passing the CISSP exam. First time was back in 2012. Ah, the "good ole days"... where you had to register for a particular exam date and time in a specific live-proctored location for a SIX-HOUR, 250-question, paper-based exam. They didn't have any availability near me, so I ended up having to travel to Indianapolis to take it.
By 2015, the CISSP had transitioned to a computer-based exam. Yay, no more bubbles to mark! And by 2018, it had become adaptive. Let me tell you, wading through 100-150 questions is FAR better than having to deal with 250!
Now it's 2021, so it's time for me to recertify. I’m not sure exactly how long my exam took but I estimate a bit more than a minute per question. At 100 questions, it said my exam was done.
I didn't use anything to study, relying only on current knowledge and real-world experience. That said, I'm not new to IT or to the CISSP exam itself. I certainly wouldn't recommend that everyone go into the exam cold like I did.
You all probably already know what I would generally recommend to study. So instead, I will give you some tips on how to approach the exam.
- Many people say that this is NOT a technical exam. Well, yes and no. Yes, you DO need to think like a manager/owner. But you have to understand the technology to be able to manage well. And I encountered MANY technical questions on the CISSP exam. You'll need to understand a bunch of terminology and concepts and steps and methodologies. You also need to know how to tie that knowledge together when presented with questions about those topics. For example, you might not need to know how to configure a firewall, but you might need to know where, why, and what kind of firewall might need to be placed. Protocols? Yep. Network devices? Yep. Headers? Yep. Authentication? Yep. VPNs? Yep. Encryption methods? Yep. I could do this all day.
- Read each question carefully. This is as much a reading comprehension exam as much as it is a technical or managerial exam. Pay particular attention to bolded and capped words like MOST, BEST, and FIRST.
- Read each choice carefully. Eliminate obviously wrong choices and focus on the others. Some choices might seem similar, but if you've studied and understand the concepts, there will be nuanced differences between each one.
- There are sometimes multiple "good" choices, but there is always a BEST choice (Yes, you should probably do Choice A in many situations, but you MUST ALWAYS do Choice B).
- Similarly, there are sometimes choices that are factually accurate but do not answer the question or fulfill the question's requirements (Yes, Choice C is accurate, but it isn't 100% relevant to the question like Choice D is).
- Many people get hung up on these kinds of tricky questions. Good practice exams will give you much-needed practice in carefully considering each choice. If you get stuck, re-read the question. Look for key phrases that might give you a clue as to which choice might be better.
- Don't rush. Pace yourself. You've got 180 minutes to get through 100-150 questions, so it's totally doable. And don't panic if it takes you 2-3 minutes to get through a lengthy question. There will likely be some short ones that you can answer within seconds.
- Adaptive exams can feel brutal! If you're doing well, the exam will challenge you with tougher questions, and it will seem like you don't know anything. Don't panic, because that will just make you lose focus. If the exam gets tough, this might be a GOOD sign that you're doing well.
- If you go past question 100, DON'T PANIC. Stay focused. Doing well in the last 50 questions is vital. As long as the exam keeps giving you questions, you might not have passed yet, but you also haven't failed! Don't give up. Keep doing all the things I mentioned earlier.
Hopefully this info will help to give you the confidence and skills to be able to conquer this exam. I've included links below to Boson offerings to help prepare your for the CISSP exam.