Saturday, January 30, 2016

Conquering the CISSP

Background
After about four months of studying on and off, I passed the CISSP certification exam. This test contains content that is one-inch deep and a mile wide. You are given six hours to complete an extremely long 250-question exam. Although the test is long and questions are wordy, it is very fair with only a few tricky questions.

Study Materials
The most important resource I used was the Cybrary.it videos and best of all it’s FREE. Kelly Handerhan KNOWS her stuff. She will cover all the content areas with the correct depth of information. Also, she will help you to know all the most important areas to focus on to pass the exam.

The next few of resources I used were: the All-in-one CISSP Study Guide by Shon Harris, CISSP Practice Exams- Shon Harris, and McGraw-Hill Practice Tests. For your information, Shon Harris wrote all of these resources. The all-in-one book goes into a HUGE amount of unnecessary depth on all the topics. I read it cover-to-cover and took all the tests. However, you might be able get away with focusing on all the definitions. As for all of practice tests, they were all more technical but just as wordy as the actual exam.  Using these test questions, I was able to practice deciphering wordy questions and my testing strategy given in the TIPS section of this blog post.

Lastly, I used 11th hour CISSP study Guide - Eric Conrad for my final review. This book does a great job describing the application of concepts. However, I would not recommend only using this book because the depth may be too shallow to be successful on the exam. It really helps with tying together things you already know.

Exam
The test took me a little over 4 of the 6 hours. One of the most important things I learned in my study was that not all domain areas are created equal. If I had to rank the groups by prevalence it would be:
1. Information Security & Risk
2. Business Continuity
2. Access Control
4. Telecommunications
4. Software Dev
6. Crypto
7. Security Architecture
8. Legal
9. Physical
10. Operations
Note: There are significantly more of the top 5 domains than the remaining ones.

Tips
  • Set a test date at a reasonable distance away and work to that date. Without the exam cost hanging over your head, it is likely you won’t ever feel “ready”.
  • Focus on the high level topics and their application like a manager would. Do not focus in the nitty-gritty technical things or in-depth standard memorization. In this exam, you are there to point out problems and not to fix them.
  • Nine times out of ten if answer has more bureaucracy, it will be the correct one.
  • Don't get psyched out if questions are hard or weird. Those may just be beta questions that won't count against your score.
  • Due to the wordiness of the questions, it is better to eliminate incorrect answers than to find the correct one. In most questions, you can eliminate two incorrect answers, giving you now a 50/50 chance. Statistically, if you change 1000 possible answers to 500 in 250 questions, even if you guess, you will be guessing close to 75%. This tool totally worked for me!
  • TAKE CARE OF YOUR BODY! It will be much more important to get a good night’s sleep the night before, than to cram more information into your head. This is a LONG test that if you need to have endurance to pass. Make sure you are well-fed with light nutritious meals so you won’t be sleepy.

Hope all of these hints and tips help. Good Luck!