Cissp Exam Preparation
Chloe Sarnoff
LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.
Certified Information Systems Security Professional (CISSP) certification is considered a gold standard in cybersecurity profession. Many mid- to senior-level security professionals consider achieving this certification at some point in their career.
Recently, I passed the #CISSP exam. This time I tried to keep notes of preparation timeline for each domain and topic covered in the exam. In this article I will share my experience of preparing for and successfully completing the CISSP exam.
The exam has two formats. For people who take the exam in English, it is a Computerized Adaptive Test (CAT). The test will adapt to your ability to answer the questions, meaning the complexity of each subsequent question is determined by the result of the previous questions. The goal of the test is to accurately measure your proficiency in a short period of time.
As the complexity of the test increases, there may come a time when you could receive a question that requires a lot of time to think, or you may not have a clear answer to it. This does not mean the testing process is trying to fail you. You should take this as a positive sign that you have done well up to that point. Also keep in mind that to pass the exam you need to score 700 out of 1000. The questions are also scaled, meaning as you answer more difficult questions, you are scoring more points and getting closer to completing the objectives.
During the exam, you may also be presented with some unscored questions. These are experimental questions to be included in some future exams. The questions will not have any indication if they are operational (mandatory) or unscored and they do not count towards measurement of proficiency. Instead of worrying about possible wrong answers to previous question, keep moving forward with confidence.
The maximum length of the English CAT exam is four hours. During this time, you will be required to answer between 125 and 175 multiple-choice questions. You may be able to finish the test earlier than four hours if the test determines you have proven the required competence in all domains of the exam. The adaptive nature of the test gives the individual opportunities to answer questions correctly until it determines the individual will not be able to prove the required competence.
As with most tests, it is helpful to consult a variety of resources to ensure you are covering all domains sufficiently in your preparation. The exam questions are prepared by multiple people and each person has a unique style of presentation. This means that a question about one topic could be asked in different ways using different terminology. Using different resources exposes you to a variety of points of views and explanations for the same topic.
I started by reading each chapter in the CISSP Study Guide. The book has 21 chapters spanning over 1115 pages. Depending on your current knowledge of the topics, you will be able to cover some of the chapters faster than others. My personal recommendation would be to not skip any topic. You may know the subject but reading through them will provide you with a deeper context. Based on the questions I saw in the exam, I feel that it is essential to have additional knowledge about the topics. One may know the high-level concepts of the topic, but the exam may present you with different terminologies, acronyms, etc. that you may not have seen before.
After completing the Official Study Guide, LinkedIn courses, and domain practice tests, I moved on to taking the full practice tests offered in the Official Practice Tests book. There are four tests with 125 questions each. The scores of these practice tests start giving an indication of the level of your preparation. Based on my personal experience, a score of 80% in each practice test would put you in a comfortable position.
Based on the scores from practice tests, make a note of the domains and topics that you still need help with. You will need to go back to the study guide or CBK to read those topics again until you are comfortable with the subject.
In this age of Generative AI, ChatGPT played an interesting part in preparation for the CISSP exam. There were a few subjects that I needed some help with. Instead of talking to some person about those subjects, I decided to use ChatGPT as the instructor.
My final review of all the domains was the CBK reference book to reinforce what I had studied so far. It provided a different point of view of the topics and helped in covering some minor topics that were not present in the Official Study Guide.
Prepare yourself for a four-hour focused mindset. The questions will be contextual and the answer will be based on that context only. You may find that all options are viable answers, however the correct answer is the one that best fits the context and scenario presented.
There may be questions where all options could look wrong to you. Keep in mind that the exam has asked you to pick the best option from the options presented to you in each scenario. It is similar to a real-life scenario in which you are presented with choices you may not like but you must make lemonade from the lemons offered to you.
Pay very close attention to the negative questions where you are asked to pick an option that is NOT the best choice. I have personally made mistakes for these scenarios during practice tests. You may face some double negative questions as well. Keep an eye on the word NOT in the question and in the options.
The CISSP certification is worth the time and effort. It is not just about getting the certificate. You will learn a lot about cybersecurity along the way. From my personal experience I can say there are topics I thought I knew very well, but I learned many new things about those topics during the preparation.
The views expressed herein are the views and opinions of the author and do not reflect or represent the views of Charles River Associates or any of the organizations with which the authors are affiliated.
You want to take the CISSP exam with the hopes of getting ISC2 Certified Information Systems Security Professional (CISSP). So, what are the best ways to prepare for this exam? People prepare and learn differently. You may prefer a study guidebook, you may test your skills through on-demand courses and quizzes, or maybe you prefer preparation through a full instructor-led training course. Whatever your preference, this article will provide you with some of the tools and materials that you can use for your exam preparation.
Though this exam references U.S. government frameworks and methodology for cybersecurity, the knowledge gained through preparing for this exam is transferable to other country governments and within private industry. The basis of this exam is to have the exam candidate begin to go through the thought process that is required from a C-level position within an organization.
The requirement for obtaining the certification is five years of experience working within two or more of the CISSP domains. If you do not have this experience, you will be named an ISC2 Associate for the credential until you can attest to the required experience.
Even if you do not have the required experience, the CISSP exam is worth taking for anyone that is involved in cybersecurity design, implementation, and operations. If you are involved in security and privacy controls, the knowledge gained through preparing for this exam is transferable to your profession.
There are options that you can consider when preparing for the CISSP exam. Since ISC2 exam success does carry a considerable amount of respect within the industry, you want to do your best to ensure success. You should take your preparation seriously and utilize the resources that are available. All relevant documentation is available online at no cost and is a great place to start your preparation. Lists to these free resources are listed at the end of this article. While preparing for your exam, you can connect with others in the ISC2 Study Group on Community. ISC2 has provided some great tools that are fiscally responsible for you as the candidate. These are outlined below.
Skill Builders are a new method for accelerating your skills. ISC2 has the Cybersecurity Leadership Skill Builders to build CISO skills for the CISSP exam. Anyone can access the Skill Builder courses and ISC2 Members can complete these courses at no charge. The Skill Builder courses are new and are continuing to be added to the ISC2 training catalog.
ISC2 launched the professional certificate programs in early 2023. These courses provide CPE credits for completion and are an on-demand method for preparing for exams. The CISO Leadership certificate program covers information that will help you to think like a CISO as you prepare for the CISSP exam. The interactive nature of this certificate path is very well done and creates an interactive experience.
Existing credential holders will receive CPE credit for completing these courses, and everyone that completes the courses and passes the final quiz with a 70% or higher will receive a Credly badge for each course.
The CISO Leadership courses provide NIST documentation and interactive scenarios that can be applied to your CISSP preparation. Finishing the CISO Leadership certificate path helps you prepare for the CISSP exam while also allowing you to earn badges and certificates to increase your credibility.
You may not have the time or ability to attend a live or virtual training. ISC2 has an on-demand course that is delivered by ISC2 Authorized Instructors. This on-demand course is the same material that you would receive with a live course, but you can take it at your own pace. The same student guide, exercises, flashcards, and assessments are included in the on-demand course.
93ddb68554