.

CISSP Test

<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sat Jul 18, 2009 10:55 pm

CISSP Test

For those you who have taken the CISSP test what were you thoughts on it?

I am going through the CBT Nuggets (thanks EH.net, I won it here) and I was wondering about the test.

How much studying did you do, if any?
How comfortable did you feel going in?
Did you pass your first time?
Do you normally take tests well?
Any random thoughts you want to add?
Last edited by timmedin on Sat Jul 18, 2009 11:47 pm, edited 1 time in total.
twitter.com/timmedin | http://blog.securitywhole.com
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sun Jul 19, 2009 12:02 am

Re: CISSP Test

Tim, I thought it was a very thorough and challenging test.  It is completely true what they say.  It is a mile wide, and an inch deep.  To answer your questions:

1. I studied for about 6 months, on and off.  I used the Sean Harris book, cccure.org website, official ISC^2 study guide, and Transcender exam prep. 

2. I felt pretty comfortable going in with the concepts and my level of experience in the security industry.  I did a fair amount of studying as well.

3.  I passed on my first try, however, that was a surprise.  I didn't think that I passed when I left the exam room.  I also had no desire to go back and take it again  :D  Much of what I studied wasn't on the test. I believe that the study materials were designed to get you to about 70%.  The rest should come from your experience and common sense.  This is what made the test challenging to me. 

4.  I usually don't fail tests, but I hate taking them.  I don't know if I test well.  Honestly, that's a difficult assessment for me to make.

One word of caution, schedule your test when you think you are getting ready.  The test is administered at few locations and you have to schedule in advance.  Once you are ready, you don't want to wait another month to take the exam and risk forgetting something.

From reading your posts on this forum, it seems like the CISSP materials should be fairly natural to you.  Good luck and let me know if I can help.
~~~~~~~~~~~~~~
Ketchup
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sun Jul 19, 2009 1:55 am

Re: CISSP Test

Since you're not asking about specific questions (which would be a violation of our cert), and you're asking about generalities of the exam process itself, then I think my old article will help you:

Luck, Career Goals and a CISSP Boot Camp

Or at least I hope so,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Sun Jul 19, 2009 2:14 am

Re: CISSP Test

The best videos for the CISSP are the Shon Harris ones. Use them along with her book, and you'll be prepared.
It is a difficile test to pass. Belive me, after finnishing the exam you'll pray God to pass it because you'll not want to study again for it. It is very broad, the questions are very smart, and you really have to understand the principles. There are some realtively easy questions but there are many of them very tricky.

Just to have an ideea you have here some questions from the internet:

1 (relatively easy one)
Acceptable risk is achieved when:
A. residual risk is minimized.
B. transferred risk is minimized.
C. control risk equals acceptable risk.
D. residual risk equals transferred risk.

2  Which of the following is the MOST effective in preventing attacks that exploit weaknesses in operating systems?
A. Patch management
B. Change management
C. Security baselines
D. Acquisition management

3 (you'll see many "BEST" questions like these ones)
Access to a sensitive intranet application by mobile users can BEST be accomplished through:
A. data encryption.
B. digital signatures.
C. strong passwords.
D. two-factor authentication.

4 (very probable one)
The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed is to:
A. simulate an attack and review IDS performance.
B. use a honeypot to check for unusual activity.
C. review the configuration of the IDS.
D. benchmark the IDS against a peer site.

Anyway, the opinins about this examn differs according to the level of expertise and the level of education of peers. Study well, use cccure's questions, level pro and you'll pass.

Good luck!
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

Data_Raid

User avatar

Full Member
Full Member

Posts: 165

Joined: Fri Nov 09, 2007 5:55 am

Post Mon Jul 20, 2009 5:56 am

Re: CISSP Test

For those you who have taken the CISSP test what were you thoughts on it?
I found the exam brutal (mostly because of the length), you need to really concentrate and understand the questions and choose the "best" answer. I used the full 6 hours and only had one bathroom break and a 10 min food break. Definitely did not want to repeat that exam, I thought to myself that if I fail I'd probably not do it again but after a few days rest I changed my mind and thought that I've come so far so I would have taken it again if I failed.

I am going through the CBT Nuggets (thanks EH.net, I won it here) and I was wondering about the test.

How much studying did you do, if any?
A lot! Daily studying around 6 hours a day weekdays and around 10 hours per weekend day for roughly 3 months. I read the Shon Harris All in One Exam Guide mostly, cccure.org, NIST docs and other resources on the Internet.

How comfortable did you feel going in?
Relatively comfortable. However, the exam is very different to any of the practice tests that I used.

Did you pass your first time?
Yes, I didn't feel that I did after taking the exam but I've heard from numerous people that this is the norm, most people feel that they failed after taking the exam.

Do you normally take tests well?
Normally yes depending on the exam, but the CISSP is nothing like I have taken before. The exam tests your reasoning, experience, concepts and more. It's the type of exam that I would read a question and think to myself that I wasn't even sure what they were asking and would have to re-read some questions twice or even three times!

Any random thoughts you want to add?
There are plenty of good CISSP resources out there, cccure.org is highly recommended especially to watch the CISSP exam overview and practice tests. There is also a LinkedIN group for CISSP study materials created by Shon Harris, I'm not a member of the group though, only found out about it after I did my exam. I also purchased the PrepLogic CISSP Lecture series audio training package which was a total waste if money, it's only 2 hours long and is very basic in content.

HTH
Last edited by Data_Raid on Mon Jul 20, 2009 5:59 am, edited 1 time in total.
All men by nature desire knowledge.

Aristotle
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Tue Nov 10, 2009 2:03 pm

Re: CISSP Test

My little experience with the CISSP..

I took the CISSP at Chicagocon 2007 Boot-Camp (I was also a speaker at the con) and used the Shon Harris book but I was not so disciplined as most and only studied about a month. After 5.5 hours I finished the test and was sure I failed but I passed the test some how. I was also the lucky guy that got audited and it took 2 months to finish the Audit due to alot of my past employers where DoD contractors that no longer exists so verifying experience was a bit of a challenge for the auditor. I have to say I normally feel I am good with taking test but the CISSP has been the most difficult test I have taken. Anyway I would highly recommend studding more than a month and maybe if you can afford it take a boot-camp.

My 2 cents,

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sun Nov 15, 2009 11:35 am

Re: CISSP Test

slimjim100 wrote:After 5.5 hours I finished the test and was sure I failed but I passed the test some how.


I hear that is a pretty common feeling.
twitter.com/timmedin | http://blog.securitywhole.com
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Sun Nov 15, 2009 3:14 pm

Re: CISSP Test

I found a bunch of sample questions on the internet and made my own quiz engine in php/mysql.  I did a 5 day course for the knowledge, and then never touched that content again.  I took the sample questions and my test thing, and got used to the feel of the questions, and picking the "best" answer (which is always the one that makes sense in the business context). 

After that, I took the test.  I ended up taking the test about 1.5 months after i took the 5 day course.  I finished in about 2 hrs, then went to take a nap in the car while my friend finished.  I had no idea how I did, and I didn't go back and check any answers. 

So.. my feelings are something like this:  You will walk in knowing a certain amount, but not everything.  If you are used to answering the questions with the "best" answer, about 3/4 of the questions you have no idea about you will probably get right.  If you over think it, you will probably miss it if you have a deep knowledge of security topics. 
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sun Nov 29, 2009 12:14 am

Re: CISSP Test

apollo, that is the best response on it I have recieved. I have heard so many people mention that they felt they were going to fail but passed. Thanks for the insight as to why people get that feeling.
twitter.com/timmedin | http://blog.securitywhole.com
<<

dark_north

User avatar

Newbie
Newbie

Posts: 15

Joined: Tue Jun 02, 2009 11:03 am

Post Wed Jan 06, 2010 10:40 am

Re: CISSP Test

i took a 6-day boot camp and studied the material they provided along with the ccure.org quizes.  the test is totally different that any practice test you will see.  i am not sure why that is.  i took the whole six hours myself and had a positive attitude after leaving but unsure of results.  i took the exam and filled in the bubbles then retook the exam circling in the book, see if my answers were consistent.  i had to change about 12 answers.  you need to read each question slowly and accurately...then read the question again.  bring snacks and water, you will need it.

i am awaiting my results (crossing fingers and holding breath)
A computer once beat me in a game of chess but was no match for my drinking skills
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Wed Jan 06, 2010 11:28 am

Re: CISSP Test

dark_north wrote:i took a 6-day boot camp and studied the material they provided along with the ccure.org quizes.  the test is totally different that any practice test you will see.  i am not sure why that is.


Here's what I tell my students in my boot camp:

The questions on most CISSP testing engines and those online, such as cccure.org, are designed to test your knowledge of the material. When you take the test, ISC2 is testing your application of that knowledge. (All) Boot camps are designed to give you everything you need to know going into the test; but once you're actually taking the test, you have to engage your mind in order to pass - the CISSP is anything *but* a rote-memorization exam.

Hope that makes sense, and I wish you good fortune with your results!!

- Tom Wilhelm
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

Bane

Post Thu Jan 07, 2010 6:31 pm

Re: CISSP Test

I took a 5 day boot camp and took the exam on the last day. I finished in 45 minutes even after double checking all my answers. I can honestly say that none of the questions surprised me. If you have a few years of experience, a couple times through the exam guide should be plenty to get you familiar with the not so common terms like the "Bell Lapadula Model", etc.

I personally think the exam was over rated in regards to its difficulty. the only people I see having issues with it are people that major issues taking exams and people that are pretending to be knowledgeable in security.
<<

dark_north

User avatar

Newbie
Newbie

Posts: 15

Joined: Tue Jun 02, 2009 11:03 am

Post Mon Jan 18, 2010 1:44 pm

Re: CISSP Test

got my results 682  >:(  I know that I changed some answers and I have asked them to manually score my exam.  They will do that (7 day turnaround).  I am not sure that will make a difference but, I calculate that is about 3 questions I missed
A computer once beat me in a game of chess but was no match for my drinking skills
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Jan 19, 2010 10:52 am

Re: CISSP Test

Hey dark_north,

With what training company did you do your boot camp? Some of them have retake policies if you fail after taking one of their courses. Look into it. You may just need to go over the material a couple more times and try it again. And if they have a retake policy, you may just be able to do it on their dime.

Keep pressing forward,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Tue Jan 19, 2010 10:58 am

Re: CISSP Test

Keep your hopes up.  I know first hand that the manual grading does come out positive in some peoples favor.  Do not let the grade get you down.  You are so close that you need to review the sections you did not score well in and retake it as soon as possible!

I saw your study plan was the boot camp, their study materials, and some questions on CCCURE.ORG.  You may want to go to your local library and see if they have the Shon Harris AIO (or just buy it used), and use that to study your weak points.

This is too important to let it slip!
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
Next

Return to General Certification

Who is online

Users browsing this forum: No registered users and 3 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software