CISSP Tips
You have just decided to take the plunge and seek certification as a CISSP. The first thing you should do is visit the ISC2 web site. ISC2 is the organization that is in charge of the certification, and they have a lot of details on their web site about minimum requirements, the steps toward the certification, etc.
https://www.isc2.org/cgi-bin/content.cgi?category=97
While on the ISC2 web site, visit the following page to get a copy of the Study Guide for the CISSP. The study guide is a small PDF document that tells you what is included within each of the domains of the CBK. It is free. You simply have to fill out a small form to get it.
https://www.isc2.org/cgi-bin/request_studyguide.cgi
https://www.isc2.org/cgi-bin/content.cgi?category=97
While on the ISC2 web site, visit the following page to get a copy of the Study Guide for the CISSP. The study guide is a small PDF document that tells you what is included within each of the domains of the CBK. It is free. You simply have to fill out a small form to get it.
https://www.isc2.org/cgi-bin/request_studyguide.cgi
Study Preparation
The CISSP certification demands a lot of study and preparation. Do not under estimate the challenge ahead of you. This level of difficulty is NOT because the test has great depth, but because it covers a lot of concepts across multiple domains of expertise that you might not have touched in your career so far. Most people will be familiar with three to five domains of the CBK. The other domains will demand more study.
It would be advisable to let your better half, people around you, and your friends know that you are getting into serious study mode and that you might not have much time to dedicate to them for a little while. Having support from the family and friends is quite important.
It would be advisable to let your better half, people around you, and your friends know that you are getting into serious study mode and that you might not have much time to dedicate to them for a little while. Having support from the family and friends is quite important.
Common Body of Knowledge (CBK)
The Common Body of Knowledge (CBK) is the term used by ISC2 for the set of topics and content that may be drawn upon in writing questions for the CISSP exams. The CBK has 10 domains. The exam has 250 questions based on the 10 domains. You may not get an equal number of questions for each of the domains. There are some domains that are more important than others. You definitively have to master Access Control, Security Management, and Telecommunications. They are the three most important domains. The least important domain, as far as the number of questions on the exam, is Physical Security. The second least important is Cryptography. The other domains fall somewhere in between. So DO ENSURE that you have fully mastered the three most important domains listed above.
Study Plan
Write out a study plan, and keep to it. I recommend that you visit the www.cccure.org web site. Under the CISSP menu you will find a link to the online Quizzes. Take a 125-question (or preferably a 250-question) quiz on the 10 domains to give you a good indication about which domains you need to work the most.
While studying, work on what YOU DO NOT KNOW. By this I mean, push aside the domains that you have fully mastered. Keep notes on the questions that you have missed on your practice quizzes, perhaps copying them into a word document. Later, try these questions again. Those are the ones you must work on. Find out why you had them wrong and why the answer you selected was the best answer.
On many occasions, people ask me which study path they should select. The choice will be driven by a few factors such as your personal ability, your time, your self discipline, your budget, and your geographical location. The choices are many today, some of the most popular choices available out there today are:
a. Boot Camp
A live class with an instructor is one of the most successful ways to prepare for and pass the exam. You must ensure that the instructor is a master of the CBK and has taught this class dozens of times in the past. The five- or six-day class you will take should not be your first exposure to the exam CBK. It should be a final refresher before you attempt the exam. If you do show up at your Boot Camp without any prior preparation, your brain will hurt after a few days. You might at become overwhelmed, as there is just so much you can cram before your brain can no longer take it. Passing rate for live classes are usually around 90% for training delivered by reputable schools such as Vigilar. However, the downside of this method is the cost. Training sponsored by your company works well with this type of approach. If you do not have an employer willing to pay the course, the methods below might be more appropriate for you. Live classes are definitively the answer if you tend to procrastinate or simply cannot discipline yourself to follow your study plan.
b. Live Online Classes
The live online classes are also an interesting option. They are delivered by a live instructor (not recording), and they usually have a flexible schedule and cost a lot less. You get the same content as you get from a Boot Camp, but do not have to leave your home. There is significant saving that you can get on travel and accommodations. The success rate of people attending live online classes is around 88% to 90%.
c. CBT tutorial
There are now some well developed CISSP computer-based tutorials that cover the same material as live and online classes. They vary in quality and content. My preferred one is the Shon Harris DVD package, and this is why I have it for sale on the site at the best price you can find anywhere on the net. See the following link for the details as to why I believe it is the best: CISSP DVD Tutorial by Shon Harris
d. MP3 audio files
A few companies are now selling MP3 audio files that you can listen to while commuting to work or while driving in your car. Some people are NOT visual and they will remember a lot better using audio only. This would be another option to use that is not very expensive and very flexible.
e. Self Study
The last method in the list, but not the least, is doing it on our own. This is a valid option if you have many years of experience in the security field and/or you can discipline yourself into following the study plan that you have developed. Hundreds of people have followed this path with success. The passing rate of people who do self study tends to be a bit lower. You MUST prepare well or else you might crash and burn. Do ensure you score consistently around 80% on the pro questions from this website before you feel good about taking the exam.
While studying, work on what YOU DO NOT KNOW. By this I mean, push aside the domains that you have fully mastered. Keep notes on the questions that you have missed on your practice quizzes, perhaps copying them into a word document. Later, try these questions again. Those are the ones you must work on. Find out why you had them wrong and why the answer you selected was the best answer.
On many occasions, people ask me which study path they should select. The choice will be driven by a few factors such as your personal ability, your time, your self discipline, your budget, and your geographical location. The choices are many today, some of the most popular choices available out there today are:
a. Boot Camp
A live class with an instructor is one of the most successful ways to prepare for and pass the exam. You must ensure that the instructor is a master of the CBK and has taught this class dozens of times in the past. The five- or six-day class you will take should not be your first exposure to the exam CBK. It should be a final refresher before you attempt the exam. If you do show up at your Boot Camp without any prior preparation, your brain will hurt after a few days. You might at become overwhelmed, as there is just so much you can cram before your brain can no longer take it. Passing rate for live classes are usually around 90% for training delivered by reputable schools such as Vigilar. However, the downside of this method is the cost. Training sponsored by your company works well with this type of approach. If you do not have an employer willing to pay the course, the methods below might be more appropriate for you. Live classes are definitively the answer if you tend to procrastinate or simply cannot discipline yourself to follow your study plan.
b. Live Online Classes
The live online classes are also an interesting option. They are delivered by a live instructor (not recording), and they usually have a flexible schedule and cost a lot less. You get the same content as you get from a Boot Camp, but do not have to leave your home. There is significant saving that you can get on travel and accommodations. The success rate of people attending live online classes is around 88% to 90%.
c. CBT tutorial
There are now some well developed CISSP computer-based tutorials that cover the same material as live and online classes. They vary in quality and content. My preferred one is the Shon Harris DVD package, and this is why I have it for sale on the site at the best price you can find anywhere on the net. See the following link for the details as to why I believe it is the best: CISSP DVD Tutorial by Shon Harris
d. MP3 audio files
A few companies are now selling MP3 audio files that you can listen to while commuting to work or while driving in your car. Some people are NOT visual and they will remember a lot better using audio only. This would be another option to use that is not very expensive and very flexible.
e. Self Study
The last method in the list, but not the least, is doing it on our own. This is a valid option if you have many years of experience in the security field and/or you can discipline yourself into following the study plan that you have developed. Hundreds of people have followed this path with success. The passing rate of people who do self study tends to be a bit lower. You MUST prepare well or else you might crash and burn. Do ensure you score consistently around 80% on the pro questions from this website before you feel good about taking the exam.
Exam Booking
Schedule your exam far enough out that you have enough time to prepare.
Register early with ISC2 for your exam to save money on the exam fees. ISC2 has a special price for early registration. Of course, if you decide to cancel or change your exam date later on, you will be required to pay a cancellation fee.
Be aware that lots of exam locations are selling out. If you do not guarantee your seat early, you might have the disappointing news that there is no space left and the registration for the specific exam has been closed. It is something to keep in mind.
The exam is as much a physical endurance test as it is a knowledge and skill test. So, pace yourself—both in your studying and while taking the exam. One of the key skills to develop is reading.
Register early with ISC2 for your exam to save money on the exam fees. ISC2 has a special price for early registration. Of course, if you decide to cancel or change your exam date later on, you will be required to pay a cancellation fee.
Be aware that lots of exam locations are selling out. If you do not guarantee your seat early, you might have the disappointing news that there is no space left and the registration for the specific exam has been closed. It is something to keep in mind.
The exam is as much a physical endurance test as it is a knowledge and skill test. So, pace yourself—both in your studying and while taking the exam. One of the key skills to develop is reading.
The Hal Tipton Slides
Hal Tipton is the father of the CISSP Certification. He is still maintaining the CBK today and is someone I very highly regard and respect. I sincerely hope that I will still be as active as he is at his age. Hal has generously contributed two sets of slides that walk you through the 10 domains. I would recommend you quickly read through to give you a feel for the exam.
http://www.cccure.org/Documents/Hal_Tipton/Intro1.pdf
http://www.cccure.org/Documents/Hal_Tipton/Intro2.pdf
http://www.cccure.org/Documents/Hal_Tipton/Intro1.pdf
http://www.cccure.org/Documents/Hal_Tipton/Intro2.pdf
The Actual Exam
The exam is paper-based. You have an answer sheet on which you must mark your answers. Be careful that the number of the question on the answer sheet matches the number in the question booklet.
There are different colors for the cover of the exam booklet. Each of the colors represents a different rendition of exam. Each of the colors is of an equivalent level of difficulty. The persons sitting to your left and right will most likely get a different color or a different exam. This is to prevent fraud and copying between students.
The exam is as much a physical endurance test as it is a mental test. You must rest well the night before the exam or else you might run out of energy on exam day. Do not CRAM late the night before, by 21:00 hrs you should be done studying and you should be relaxing.
The exam has 250 questions. Each of the questions is weighted, which means that one question might be worth 1 point while the next one might be worth 3 points. The more difficult the question, the more points you get. It is not indicated in your question book how many points a question is worth.
Among the 250 questions, there are 25 questions that do not count toward your score. These 25 questions are being tested before they are introduced in future exams. They are not marked as beta questions, so you do not know which ones they are. If you run into a question on a subject that you have never heard of before, it might very well be one of those test questions. Do not panic.
Sometimes people tell me, “Clement, all of my questions were on Cryptography and you told me that Cryptography was NOT one of the most important domains on the exam.” This could very well happen. The 25 questions being tested are usually all on one or two domains of the CBK. This is why at times it seems that you had a lot of questions about one specific domain. Also, the domain you are weakest in, could seem to have the most questions.
When you receive your exam from the proctor, read it through once to build your confidence. Then, answer first all the questions you are sure of. Pay close attention to keywords, such as greatest, could, would, may, not.
As I have mentioned above: Reading is a key skill. Do take the time to read and understand the question. Take the time that you need. Six hours gives you plenty of time.
Bring some energy food or snack to take a break when you start to feel tired. It will definitively help you out. Only one person at the time is allowed outside of the classroom. You will be escorted by a proctor when you leave the room. They are very strict on this.
For the smokers: there is no guarantee you will be able to step out for a smoke. I would recommend you ingest your dose of nicotine before the exam.
Ensure that you get to the exam site early. The last thing you want is to get stuck in traffic and stress before your exam. If you show up late, you WILL NOT be admitted into the exam room. Do not even try.
There are different colors for the cover of the exam booklet. Each of the colors represents a different rendition of exam. Each of the colors is of an equivalent level of difficulty. The persons sitting to your left and right will most likely get a different color or a different exam. This is to prevent fraud and copying between students.
The exam is as much a physical endurance test as it is a mental test. You must rest well the night before the exam or else you might run out of energy on exam day. Do not CRAM late the night before, by 21:00 hrs you should be done studying and you should be relaxing.
The exam has 250 questions. Each of the questions is weighted, which means that one question might be worth 1 point while the next one might be worth 3 points. The more difficult the question, the more points you get. It is not indicated in your question book how many points a question is worth.
Among the 250 questions, there are 25 questions that do not count toward your score. These 25 questions are being tested before they are introduced in future exams. They are not marked as beta questions, so you do not know which ones they are. If you run into a question on a subject that you have never heard of before, it might very well be one of those test questions. Do not panic.
Sometimes people tell me, “Clement, all of my questions were on Cryptography and you told me that Cryptography was NOT one of the most important domains on the exam.” This could very well happen. The 25 questions being tested are usually all on one or two domains of the CBK. This is why at times it seems that you had a lot of questions about one specific domain. Also, the domain you are weakest in, could seem to have the most questions.
When you receive your exam from the proctor, read it through once to build your confidence. Then, answer first all the questions you are sure of. Pay close attention to keywords, such as greatest, could, would, may, not.
As I have mentioned above: Reading is a key skill. Do take the time to read and understand the question. Take the time that you need. Six hours gives you plenty of time.
Bring some energy food or snack to take a break when you start to feel tired. It will definitively help you out. Only one person at the time is allowed outside of the classroom. You will be escorted by a proctor when you leave the room. They are very strict on this.
For the smokers: there is no guarantee you will be able to step out for a smoke. I would recommend you ingest your dose of nicotine before the exam.
Ensure that you get to the exam site early. The last thing you want is to get stuck in traffic and stress before your exam. If you show up late, you WILL NOT be admitted into the exam room. Do not even try.
We hope that Mister Exam has been useful for your exam preparation. If you would like to leave us a note, please write to us here.