EH-Net

For those you who have taken the CISSP test what were you thoughts on it?

I am going through the CBT Nuggets (thanks EH.net, I won it here) and I was wondering about the test.

How much studying did you do, if any?
How comfortable did you feel going in?
Did you pass your first time?
Do you normally take tests well?
Any random thoughts you want to add?

Tim, I thought it was a very thorough and challenging test.  It is completely true what they say.  It is a mile wide, and an inch deep.  To answer your questions:

1. I studied for about 6 months, on and off.  I used the Sean Harris book, cccure.org website, official ISC^2 study guide, and Transcender exam prep.   

2. I felt pretty comfortable going in with the concepts and my level of experience in the security industry.  I did a fair amount of studying as well.

3.  I passed on my first try, however, that was a surprise.  I didn't think that I passed when I left the exam room.  I also had no desire to go back and take it again  :D  Much of what I studied wasn't on the test. I believe that the study materials were designed to get you to about 70%.   The rest should come from your experience and common sense.  This is what made the test challenging to me. 

4.  I usually don't fail tests, but I hate taking them.  I don't know if I test well.  Honestly, that's a difficult assessment for me to make.

One word of caution, schedule your test when you think you are getting ready.   The test is administered at few locations and you have to schedule in advance.  Once you are ready, you don't want to wait another month to take the exam and risk forgetting something.

From reading your posts on this forum, it seems like the CISSP materials should be fairly natural to you.  Good luck and let me know if I can help.

Since you're not asking about specific questions (which would be a violation of our cert), and you're asking about generalities of the exam process itself, then I think my old article will help you:

Luck, Career Goals and a CISSP Boot Camp (http://www.ethicalhacker.net/content/view/176/24/)

Or at least I hope so,
Don

The best videos for the CISSP are the Shon Harris ones. Use them along with her book, and you'll be prepared.
It is a difficile test to pass. Belive me, after finnishing the exam you'll pray God to pass it because you'll not want to study again for it. It is very broad, the questions are very smart, and you really have to understand the principles. There are some realtively easy questions but there are many of them very tricky.

Just to have an ideea you have here some questions from the internet:

1 (relatively easy one)
Acceptable risk is achieved when:
A. residual risk is minimized.
B. transferred risk is minimized.
C. control risk equals acceptable risk.
D. residual risk equals transferred risk.

2  Which of the following is the MOST effective in preventing attacks that exploit weaknesses in operating systems?
A. Patch management
B. Change management
C. Security baselines
D. Acquisition management

3 (you'll see many "BEST" questions like these ones)
Access to a sensitive intranet application by mobile users can BEST be accomplished through:
A. data encryption.
B. digital signatures.
C. strong passwords.
D. two-factor authentication.

4 (very probable one)
The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed is to:
A. simulate an attack and review IDS performance.
B. use a honeypot to check for unusual activity.
C. review the configuration of the IDS.
D. benchmark the IDS against a peer site.

Anyway, the opinins about this examn differs according to the level of expertise and the level of education of peers. Study well, use cccure's questions, level pro and you'll pass.

Good luck!

For those you who have taken the CISSP test what were you thoughts on it?
I found the exam brutal (mostly because of the length), you need to really concentrate and understand the questions and choose the "best" answer. I used the full 6 hours and only had one bathroom break and a 10 min food break. Definitely did not want to repeat that exam, I thought to myself that if I fail I'd probably not do it again but after a few days rest I changed my mind and thought that I've come so far so I would have taken it again if I failed.

I am going through the CBT Nuggets (thanks EH.net, I won it here) and I was wondering about the test.

How much studying did you do, if any?
A lot! Daily studying around 6 hours a day weekdays and around 10 hours per weekend day for roughly 3 months. I read the Shon Harris All in One Exam Guide mostly, cccure.org, NIST docs and other resources on the Internet.

How comfortable did you feel going in?
Relatively comfortable. However, the exam is very different to any of the practice tests that I used.

Did you pass your first time?
Yes, I didn't feel that I did after taking the exam but I've heard from numerous people that this is the norm, most people feel that they failed after taking the exam.

Do you normally take tests well?
Normally yes depending on the exam, but the CISSP is nothing like I have taken before. The exam tests your reasoning, experience, concepts and more. It's the type of exam that I would read a question and think to myself that I wasn't even sure what they were asking and would have to re-read some questions twice or even three times!

Any random thoughts you want to add?
There are plenty of good CISSP resources out there, cccure.org is highly recommended especially to watch the CISSP exam overview and practice tests. There is also a LinkedIN group for CISSP study materials created by Shon Harris, I'm not a member of the group though, only found out about it after I did my exam. I also purchased the PrepLogic CISSP Lecture series audio training package which was a total waste if money, it's only 2 hours long and is very basic in content.

HTH

My little experience with the CISSP..

I took the CISSP at Chicagocon 2007 Boot-Camp (I was also a speaker at the con) and used the Shon Harris book but I was not so disciplined as most and only studied about a month. After 5.5 hours I finished the test and was sure I failed but I passed the test some how. I was also the lucky guy that got audited and it took 2 months to finish the Audit due to alot of my past employers where DoD contractors that no longer exists so verifying experience was a bit of a challenge for the auditor. I have to say I normally feel I am good with taking test but the CISSP has been the most difficult test I have taken. Anyway I would highly recommend studding more than a month and maybe if you can afford it take a boot-camp.

My 2 cents,

Brian

I hear that is a pretty common feeling.

I found a bunch of sample questions on the internet and made my own quiz engine in php/mysql.  I did a 5 day course for the knowledge, and then never touched that content again.  I took the sample questions and my test thing, and got used to the feel of the questions, and picking the "best" answer (which is always the one that makes sense in the business context). 

After that, I took the test.  I ended up taking the test about 1.5 months after i took the 5 day course.  I finished in about 2 hrs, then went to take a nap in the car while my friend finished.  I had no idea how I did, and I didn't go back and check any answers. 

So.. my feelings are something like this:  You will walk in knowing a certain amount, but not everything.  If you are used to answering the questions with the "best" answer, about 3/4 of the questions you have no idea about you will probably get right.  If you over think it, you will probably miss it if you have a deep knowledge of security topics. 

apollo, that is the best response on it I have recieved. I have heard so many people mention that they felt they were going to fail but passed. Thanks for the insight as to why people get that feeling.

i took a 6-day boot camp and studied the material they provided along with the ccure.org quizes.  the test is totally different that any practice test you will see.  i am not sure why that is.  i took the whole six hours myself and had a positive attitude after leaving but unsure of results.  i took the exam and filled in the bubbles then retook the exam circling in the book, see if my answers were consistent.  i had to change about 12 answers.  you need to read each question slowly and accurately...then read the question again.  bring snacks and water, you will need it.

i am awaiting my results (crossing fingers and holding breath)

Here's what I tell my students in my boot camp:

The questions on most CISSP testing engines and those online, such as cccure.org, are designed to test your knowledge of the material. When you take the test, ISC2 is testing your application of that knowledge. (All) Boot camps are designed to give you everything you need to know going into the test; but once you're actually taking the test, you have to engage your mind in order to pass - the CISSP is anything *but* a rote-memorization exam.

Hope that makes sense, and I wish you good fortune with your results!!

- Tom Wilhelm

I took a 5 day boot camp and took the exam on the last day. I finished in 45 minutes even after double checking all my answers. I can honestly say that none of the questions surprised me. If you have a few years of experience, a couple times through the exam guide should be plenty to get you familiar with the not so common terms like the "Bell Lapadula Model", etc.

I personally think the exam was over rated in regards to its difficulty. the only people I see having issues with it are people that major issues taking exams and people that are pretending to be knowledgeable in security.

got my results 682  >:(  I know that I changed some answers and I have asked them to manually score my exam.  They will do that (7 day turnaround).  I am not sure that will make a difference but, I calculate that is about 3 questions I missed

Hey dark_north,

With what training company did you do your boot camp? Some of them have retake policies if you fail after taking one of their courses. Look into it. You may just need to go over the material a couple more times and try it again. And if they have a retake policy, you may just be able to do it on their dime.

Keep pressing forward,
Don

Keep your hopes up.  I know first hand that the manual grading does come out positive in some peoples favor.  Do not let the grade get you down.  You are so close that you need to review the sections you did not score well in and retake it as soon as possible!

I saw your study plan was the boot camp, their study materials, and some questions on CCCURE.ORG.  You may want to go to your local library and see if they have the Shon Harris AIO (or just buy it used), and use that to study your weak points.

This is too important to let it slip!

the boot camp i went through was Intense school which closed its does end of December, they did have a gurantee.  i am retaking the exam 1/30 and I do have the shon harris book.  i am reviewing everything i have and trying to take more practice tests.  any other helpful hints??

I didn't know that Intense School shut down. I went to them, too, but only after studying for about 4 months. I was pretty confident from my own reading and use of cccure, but then the in-laws decided to surprise me and buy the boot camp for me (a little insurance).
Larry Greenblatt was my instructor, and I thought he was one of the best I've had. Could I have passed without the camp? Probably. Was it worth it for the added confidence? Absolutely. I kept in touch with about 20 of the 30 folks from my class, and all but one passed on the first try. The ones who claimed to have had the hardest time were the ones who'd been in the business the longest. That whole real world vs. ideal world conflict in the brain.

Good luck on the retest. I'm not a huge fan of certs in general...at least as a way of flaunting what you (claim to) know, but having it has certainly opened doors for me. Living in the Baltimore/DC area, all the gov't contractors want folks with letters after their names.

I work with Larry Greenblatt and came across this posting. 

I know that Larry was affected financially also when Vigilar shut Intense suddenly over the holidays.  Instead of getting all pissed off about Intense, he was more concerned about the January CISSP students that were supposed to his CISSP class through Intense.  He actually donated his time and delivered both Jan 4 and Jan 18 CISSP classes out of his own pocket for over 20 plus students that would have no place to go after paying for the class.

He is now running his own bootcamp directly through his own company, InterNetwork Defense.  He is honoring all ex-Intense students who are stuck (re-sits or otherwise). Just check his website for more details.

Well that kind of generosity deserves at least a link:

http://www.internetworkdefense.com/

Thanks for letting us know.

Don

wish i had seen his site earlier.  i travelled to Colorado to take the CISSP, there were 3 others taking it.  I felt pretty good this time around.  Will wait for the results....

I know that guy!  he was helping a few students out in the hotel lobby (that were not his students)   That guy is very passionate about this stuff.  I would go to him in a heart beat!

I got my results from the CISSP exam.  I PASSED!!!! :)

Congratulations! What next? ;)

going after C|EH

Congratulations!!!!

Good luck with CEH! (I am thinking about it too)

Congrats on the pass.  Now onto the endorsement.

I did the CEH right after my CISSP and it was easy breezy compared

Dark

Did you hear back? I just requested a manual score on my exam today. I got a 691.

BUMP

Anyone else been through this process?

the manual scoring will not yield better results.  they told me they have a 100% scoring method and is enforceable in court.  I wish you the best but I'd start cramming and scheduling another exam.

I studied for 3 months.
I read the Shon Harris book cover to cover.
I read many of the documents referenced in the Shon Harris book, especially in areas where I was not already quite familiar with the material.
I read/watched whatever I could find for free online
I read most of the Official Guide To The CISSP CBK (first edition)
I took a 1 week review seminar at deloitte, taught by John Birdie, one of the authors on the Official Guide To The CISSP Exam (out of print)

Going in I was fairly confident that I knew enough to pass, but still quite nervous.