The Ethical Hacker Network

timmedin

Sr. Member

Offline

Posts: 469

CISSP Test

« on: July 18, 2009, 10:55:48 PM »

For those you who have taken the CISSP test what were you thoughts on it?

I am going through the CBT Nuggets (thanks EH.net, I won it here) and I was wondering about the test.

How much studying did you do, if any?
How comfortable did you feel going in?
Did you pass your first time?
Do you normally take tests well?
Any random thoughts you want to add?


« Last Edit: July 18, 2009, 11:47:16 PM by timmedin »	Logged

twitter.com/timmedin | http://blog.securitywhole.com

Ketchup

Hero Member

Offline

Posts: 1021

Re: CISSP Test

« Reply #1 on: July 19, 2009, 12:02:12 AM »

Tim, I thought it was a very thorough and challenging test. It is completely true what they say. It is a mile wide, and an inch deep. To answer your questions:

1. I studied for about 6 months, on and off. I used the Sean Harris book, cccure.org website, official ISC^2 study guide, and Transcender exam prep.

2. I felt pretty comfortable going in with the concepts and my level of experience in the security industry. I did a fair amount of studying as well.

3. I passed on my first try, however, that was a surprise. I didn't think that I passed when I left the exam room. I also had no desire to go back and take it again Cheesy

Much of what I studied wasn't on the test. I believe that the study materials were designed to get you to about 70%. The rest should come from your experience and common sense. This is what made the test challenging to me.

4. I usually don't fail tests, but I hate taking them. I don't know if I test well. Honestly, that's a difficult assessment for me to make.

One word of caution, schedule your test when you think you are getting ready. The test is administered at few locations and you have to schedule in advance. Once you are ready, you don't want to wait another month to take the exam and risk forgetting something.

From reading your posts on this forum, it seems like the CISSP materials should be fairly natural to you. Good luck and let me know if I can help.


	Logged

~~~~~~~~~~~~~~
Ketchup

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4165

Editor-In-Chief

Re: CISSP Test

« Reply #2 on: July 19, 2009, 01:55:21 AM »

Since you're not asking about specific questions (which would be a violation of our cert), and you're asking about generalities of the exam process itself, then I think my old article will help you:

Luck, Career Goals and a CISSP Boot Camp

Or at least I hope so,
Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

alucian

Full Member

Offline

Posts: 225

Re: CISSP Test

« Reply #3 on: July 19, 2009, 02:14:53 AM »

The best videos for the CISSP are the Shon Harris ones. Use them along with her book, and you'll be prepared.
It is a difficile test to pass. Belive me, after finnishing the exam you'll pray God to pass it because you'll not want to study again for it. It is very broad, the questions are very smart, and you really have to understand the principles. There are some realtively easy questions but there are many of them very tricky.

Just to have an ideea you have here some questions from the internet:

1 (relatively easy one)
Acceptable risk is achieved when:
A. residual risk is minimized.
B. transferred risk is minimized.
C. control risk equals acceptable risk.
D. residual risk equals transferred risk.

2 Which of the following is the MOST effective in preventing attacks that exploit weaknesses in operating systems?
A. Patch management
B. Change management
C. Security baselines
D. Acquisition management

3 (you'll see many "BEST" questions like these ones)
Access to a sensitive intranet application by mobile users can BEST be accomplished through:
A. data encryption.
B. digital signatures.
C. strong passwords.
D. two-factor authentication.

4 (very probable one)
The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed is to:
A. simulate an attack and review IDS performance.
B. use a honeypot to check for unusual activity.
C. review the configuration of the IDS.
D. benchmark the IDS against a peer site.

Anyway, the opinins about this examn differs according to the level of expertise and the level of education of peers. Study well, use cccure's questions, level pro and you'll pass.

Good luck!


	Logged

CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP

Data_Raid

Full Member

Offline

Posts: 165

Re: CISSP Test

« Reply #4 on: July 20, 2009, 05:56:18 AM »

For those you who have taken the CISSP test what were you thoughts on it?
I found the exam brutal (mostly because of the length), you need to really concentrate and understand the questions and choose the "best" answer. I used the full 6 hours and only had one bathroom break and a 10 min food break. Definitely did not want to repeat that exam, I thought to myself that if I fail I'd probably not do it again but after a few days rest I changed my mind and thought that I've come so far so I would have taken it again if I failed.

I am going through the CBT Nuggets (thanks EH.net, I won it here) and I was wondering about the test.

How much studying did you do, if any?
A lot! Daily studying around 6 hours a day weekdays and around 10 hours per weekend day for roughly 3 months. I read the Shon Harris All in One Exam Guide mostly, cccure.org, NIST docs and other resources on the Internet.

How comfortable did you feel going in?
Relatively comfortable. However, the exam is very different to any of the practice tests that I used.

Did you pass your first time?
Yes, I didn't feel that I did after taking the exam but I've heard from numerous people that this is the norm, most people feel that they failed after taking the exam.

Do you normally take tests well?
Normally yes depending on the exam, but the CISSP is nothing like I have taken before. The exam tests your reasoning, experience, concepts and more. It's the type of exam that I would read a question and think to myself that I wasn't even sure what they were asking and would have to re-read some questions twice or even three times!

Any random thoughts you want to add?
There are plenty of good CISSP resources out there, cccure.org is highly recommended especially to watch the CISSP exam overview and practice tests. There is also a LinkedIN group for CISSP study materials created by Shon Harris, I'm not a member of the group though, only found out about it after I did my exam. I also purchased the PrepLogic CISSP Lecture series audio training package which was a total waste if money, it's only 2 hours long and is very basic in content.

HTH


« Last Edit: July 20, 2009, 05:59:18 AM by Data_Raid »	Logged

All men by nature desire knowledge.

Aristotle

slimjim100

EH-Net Columnist
Sr. Member

Offline

Posts: 385

Re: CISSP Test

« Reply #5 on: November 10, 2009, 01:03:26 PM »

My little experience with the CISSP..

I took the CISSP at Chicagocon 2007 Boot-Camp (I was also a speaker at the con) and used the Shon Harris book but I was not so disciplined as most and only studied about a month. After 5.5 hours I finished the test and was sure I failed but I passed the test some how. I was also the lucky guy that got audited and it took 2 months to finish the Audit due to alot of my past employers where DoD contractors that no longer exists so verifying experience was a bit of a challenge for the auditor. I have to say I normally feel I am good with taking test but the CISSP has been the most difficult test I have taken. Anyway I would highly recommend studding more than a month and maybe if you can afford it take a boot-camp.

My 2 cents,

Brian


	Logged

CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP

timmedin

Sr. Member

Offline

Posts: 469

Re: CISSP Test

« Reply #6 on: November 15, 2009, 10:35:18 AM »

Quote from: slimjim100 on November 10, 2009, 01:03:26 PM

After 5.5 hours I finished the test and was sure I failed but I passed the test some how.

I hear that is a pretty common feeling.


	Logged

twitter.com/timmedin | http://blog.securitywhole.com

apollo

Full Member

Offline

Posts: 146

Re: CISSP Test

« Reply #7 on: November 15, 2009, 02:14:45 PM »

I found a bunch of sample questions on the internet and made my own quiz engine in php/mysql. I did a 5 day course for the knowledge, and then never touched that content again. I took the sample questions and my test thing, and got used to the feel of the questions, and picking the "best" answer (which is always the one that makes sense in the business context).

After that, I took the test. I ended up taking the test about 1.5 months after i took the 5 day course. I finished in about 2 hrs, then went to take a nap in the car while my friend finished. I had no idea how I did, and I didn't go back and check any answers.

So.. my feelings are something like this: You will walk in knowing a certain amount, but not everything. If you are used to answering the questions with the "best" answer, about 3/4 of the questions you have no idea about you will probably get right. If you over think it, you will probably miss it if you have a deep knowledge of security topics.


	Logged

CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+

timmedin

Sr. Member

Offline

Posts: 469

Re: CISSP Test

« Reply #8 on: November 28, 2009, 11:14:24 PM »

apollo, that is the best response on it I have recieved. I have heard so many people mention that they felt they were going to fail but passed. Thanks for the insight as to why people get that feeling.


	Logged

twitter.com/timmedin | http://blog.securitywhole.com

dark_north

Newbie

Offline

Posts: 15

Re: CISSP Test

« Reply #9 on: January 06, 2010, 09:40:03 AM »

i took a 6-day boot camp and studied the material they provided along with the ccure.org quizes. the test is totally different that any practice test you will see. i am not sure why that is. i took the whole six hours myself and had a positive attitude after leaving but unsure of results. i took the exam and filled in the bubbles then retook the exam circling in the book, see if my answers were consistent. i had to change about 12 answers. you need to read each question slowly and accurately...then read the question again. bring snacks and water, you will need it.

i am awaiting my results (crossing fingers and holding breath)


	Logged

A computer once beat me in a game of chess but was no match for my drinking skills

Grendel

Full Member

Offline

Posts: 241

Re: CISSP Test

« Reply #10 on: January 06, 2010, 10:28:50 AM »

Quote from: dark_north on January 06, 2010, 09:40:03 AM

i took a 6-day boot camp and studied the material they provided along with the ccure.org quizes. the test is totally different that any practice test you will see. i am not sure why that is.

Here's what I tell my students in my boot camp:

The questions on most CISSP testing engines and those online, such as cccure.org, are designed to test your knowledge of the material. When you take the test, ISC2 is testing your application of that knowledge. (All) Boot camps are designed to give you everything you need to know going into the test; but once you're actually taking the test, you have to engage your mind in order to pass - the CISSP is anything *but* a rote-memorization exam.

Hope that makes sense, and I wish you good fortune with your results!!

- Tom Wilhelm


	Logged

- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:

http://HackingDojo.com

Author:

Professional Penetration Testing
Ninja Hacking
Penetration Tester's Open Source Toolkit
Metasploit Toolkit for Penetration Testing
Netcat Power Tools

Bane

Guest

Re: CISSP Test

« Reply #11 on: January 07, 2010, 05:31:22 PM »

I took a 5 day boot camp and took the exam on the last day. I finished in 45 minutes even after double checking all my answers. I can honestly say that none of the questions surprised me. If you have a few years of experience, a couple times through the exam guide should be plenty to get you familiar with the not so common terms like the "Bell Lapadula Model", etc.

I personally think the exam was over rated in regards to its difficulty. the only people I see having issues with it are people that major issues taking exams and people that are pretending to be knowledgeable in security.


	Logged

dark_north

Newbie

Offline

Posts: 15

Re: CISSP Test

« Reply #12 on: January 18, 2010, 12:44:21 PM »

got my results 682 Angry

I know that I changed some answers and I have asked them to manually score my exam. They will do that (7 day turnaround). I am not sure that will make a difference but, I calculate that is about 3 questions I missed


	Logged

A computer once beat me in a game of chess but was no match for my drinking skills

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4165

Editor-In-Chief

Re: CISSP Test

« Reply #13 on: January 19, 2010, 09:52:59 AM »

Hey dark_north,

With what training company did you do your boot camp? Some of them have retake policies if you fail after taking one of their courses. Look into it. You may just need to go over the material a couple more times and try it again. And if they have a retake policy, you may just be able to do it on their dime.

Keep pressing forward,
Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

unsupported

Sr. Member

Offline

Posts: 318

Unofficial Newbie Moderator

Re: CISSP Test

« Reply #14 on: January 19, 2010, 09:58:52 AM »

Keep your hopes up. I know first hand that the manual grading does come out positive in some peoples favor. Do not let the grade get you down. You are so close that you need to review the sections you did not score well in and retake it as soon as possible!

I saw your study plan was the boot camp, their study materials, and some questions on CCCURE.ORG. You may want to go to your local library and see if they have the Shon Harris AIO (or just buy it used), and use that to study your weak points.

This is too important to let it slip!


	Logged

-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP

Pages: [1] 2 Go Up

« previous next »