WIXLIB

CISSPexam tipsFrom students and instructors

Pass your CISSP exam with tipsfrom those in the trenchesThe CISSP is one of the most challenging certifications to earn, and its examhas been described as an inch deep and a mile wide due to the sheer amountof material CISSP holders are required to understand. That’s why earning aCISSP is the “gold standard” for many security professionals.As of January 2021, there are more than 92,000 CISSP holders in the U.S. andmore than 147,000 worldwide — many of which have been Infosec instructors,students and community members. Collected here are some of the mostcommon tips and strategies gathered from more than 17 years of IT andsecurity instruction and thousands of individuals who have taken and passedthe CISSP exam.Tips from CISSP instructorsTips from CISSP studentsStudy hard, and good luck!Tips from the InfoseccommunityEarn your CISSP, guaranteed!Get Pricing

Understanding the new CAT exam formatIn December 2017, the English-language CISSP exam switched froma traditional computer based testing (CBT) format to a computeradaptive testing (CAT) format, meaning:»The exam is now tailored to your ability — the difficulty andnumber of questions change based on your previous answers»Initial test questions are easier and establish a baseline;later questions are designed to have a 50% chance of youanswering correctly»Your grade is based on the difficulty of the questions youanswered, not the total number of questions answeredcorrectlyCISSP exam changes:CBT vs. CATFrom (ISC)²:Why change the exam?»A more precise and efficient evaluation of acandidate’s competencyExam time reduced from 6 hours to 3 hours»More opportunities for examination administration»Questions reduced from 250 to between 100-150»Shorter test administration sessions»25 of the questions remain unscored and used toevaluate future tests»Enhanced exam security»Same content, different format»Earn your CISSP, guaranteed!Get Pricing

Every question is thefirst questionPerhaps the biggest change with the new CAT exam is that you can nolonger review previous questions or change previous answers. Since eachquestion is used to create a baseline for your CISSP knowledge — andto provide a question you have a 50% chance of answering next — thereis no going back. As Infosec instructors like to say, it’s as though everyquestion is the first question.The CAT format can be particularly difficult for test takers who are usedto marking questions for review and returning to them later with ideas orthoughts that were sparked by other questions.Advice from thetrenches“The new CAT format is designed to hone inon your weaknesses. A single question cantouch on multiple domains, so a broad levelof understanding is important.”Gil OwensInfosec alum“Unlike the PMP and CBAP exams, the CISSPexam didn’t give an option to bookmark andgo back to previously answered or skippedquestions. Surprisingly, I found this to be agood thing. It ensured that I gave due respectto each question.”Infosec community member“I preferred the CAT format over the longformat. It’s intimidating, but suffering forthree hours max seems a heck of a lot betterthan six.”Infosec community memberEarn your CISSP, guaranteed!Get Pricing

Calm your nerves andstart strongThe first few questions of your exam will help to establish your baseline,so it’s important to start strong. As (ISC)² states, the first question you getshould be “well below the passing standard.” If you get answers correct,the subsequent questions will become more challenging. With the newformat “each item presented will feel challenging,” (ISC)² warns.Many test takers have commented on the awkward wording of certainquestions, but that may be intentional. One Infosec community membersaid the questions mimicked the real-world situation of someonerelaying information in a panic — and it was up to the test taker tochoose the least bad out of four bad options. Test takers also frequentlyreported settling into a groove after the first 15-30 minutes as they got afeel for the exam’s wording and logic.Advice from thetrenches“You must read the questions entirely andthen read them again to understand what isbeing asked.”Infosec community member“Stay calm. You will be nervous the firstfew questions, and you may never feelcomfortable. I sure didn’t. Read the question,re-read the question — if you have to, breakdown the sentences to smaller sentences.Then, start weeding out bad answers.”Infosec community member“You can expect to miss about half of thequestions on the exam. If you pass, thatmeans you missed really hard questions.”Joe WausonInfosec alumEarn your CISSP, guaranteed!Get Pricing

Have a strategy forapproaching each questionUnderstanding the eight CISSP domains is the most fundamental aspectof passing the CISSP exam, but don’t underestimate the importance ofsmart test taking skills. One Infosec professor has a system for examiningeach question:Break the question down into important partsLook for any keywords, such as MOST, BEST, NOT orLEAST, and then read the question again to determineexactly what is being askedReview each answer for errors and inconsistencies ratherAdvice from thetrenches“There were almost always two answers Icould immediately rule out. I would literallydraw four circles on my laminated sheet andcheck off those I knew were incorrect. Thishelped me out a lot since you can’t exactly dothat on the computer screen.”Infosec community member“The questions I encountered on the testjumped around a lot between domains andvery few were just straight definitions. Beprepared to put on your critical thinking hatand work through the problems.”Infosec community memberthan correctnessIdentify and remove the worst answers, then beginlooking for the right answer“Often there are several right answers,but you need to pick the answer that ismost correct. It requires a deeper level ofunderstanding — not just memorization.”Gil OwensInfosec alumEarn your CISSP, guaranteed!Get Pricing

Think like a manager,not a technicianMany CISSP exam questions don’t have a “right” answer. Instead, yourgoal is to choose the “best” answer from a managerial point-of-view.One Infosec instructor often poses a question to his students to helpdrive home this concept: what is the best way to prevent data loss?Technical students may focus on a solution such as encryption; however,the best is answer is much more straightforward — simply do not collectany data at all.Advice from thetrenches“I feel what really held me back was not beingable to think like a manager. I kept trying to fixthe problem as a technical analyst, which waswhere a lot of my experience was at the time.”Infosec community member“If in doubt, pick the answer that is mostconcerned with management principles. Thinkabout how frameworks relate to standards,how policies relate to programs, how infosecprograms relate to business.”Infosec community member“The CISSP exam isn’t about all the technicaldefinitions you know. It proves youunderstand security concepts, theories andhow to apply them in business scenarios toachieve a common goal.”Julian TangInfosec alumEarn your CISSP, guaranteed!Get Pricing

Fail one domain, fail allYou must score above the proficiency level in all eight CISSP domains inorder to pass the CISSP exam, according to (ISC)². The eight domains andtheir weights, which will be updated in May 2021, include:1. Security and Risk Management — 15%Advice from thetrenches“Comments to the CISSP exam being an ‘inchdeep, mile wide’ are very true.”Infosec community member2. Asset Security — 10%3. Security Architecture and Engineering — 13%4. Communication and Network Security — 13%5. Identity and Access Management (IAM) — 13%“The identity and access management domainis one of the top causes of failure from what Ihear anecdotally.”6. Security Assessment and Testing — 12%Ken Magee7. Security Operations — 13%Infosec Instructor8. Software Development Security — 11%Don’t make the mistake of thinking your strongest domains will carry youto a passing grade. Instead, focus on improving your weak areas.“I think the common theme from people whodon’t pass the CISSP is they tested beforethey were ready. They knew they were weakin some domains, and then got a bunch ofquestions on those domains they weren’tprepared to answer.”Gil OwensInfosec alumEarn your CISSP, guaranteed!Get Pricing

Build your three pillarsAlthough there are a lot of helpful tips and suggestions from thosewho have taken the exam, nothing is more valuable than yourown knowledge, experience and preparation. If one of those threefundamental support legs is missing, your chances of failing increasesdramatically.Every CISSP hopeful has their favorite method of learning — includinglive instruction, recorded videos, practice exams, books, group studysessions and more — but we’ve found that those that take advantageof the wide variety of resources available to them and have a solidfoundation of knowledge, experience and preparation are much morelikely to pass their CISSP exams on the first attempt.Advice from thetrenches“Explain the concepts to someone, or if noone is around just speak out loud as if youare teaching a class. If you can’t explain it, youdon’t know it.”Infosec community member“In addition to attending class, I used theSybex book provided as part of my courseand reviewed the video material in the InfosecFlex Center. Before attending your boot camp,I recommend going through all the videos inthe Flex Center and getting familiar with thematerial. If you have the time, also take a fewof the practice tests.”Julian TangInfosec alum“I spent quite a bit of time replayingrecordings from the boot camp. This was oneof the things that drew me to Infosec — theability to replay recordings of class after thecourse ended. I found this extremely helpfuland cannot emphasize this enough.”Gil OwensInfosec alumEarn your CISSP, guaranteed!Get Pricing

Prepare for every possibilityNo matter how knowledgeable, experienced and prepared you are,there’s always a chance you may not pass your CISSP exam on the firsttry — maybe it’s due to stress, having an off day or a number of otherreasons.That’s why Infosec CISSP Boot Camps come with an Exam PassGuarantee. If you don’t pass your exam on your first try, you’ll get asecond attempt for free — along with the ability to re-sit your boot campfor up to one year.After your boot camp, you’ll get extended access to 100s of other ondemand courses, so you can start earning CPEs, building new skills orworking towards your ISSEP, ISSAP or ISSMP specialization.Why trainwith InfosecImmediate access to Infosec Skills— including a bonus boot campprep course — from the minute youenroll to 90 days after your bootcampSix days of expert, live CISSPtraining, plus a day to take the exam90-day extended access to all bootcamp video replays and materialsUnlimited CISSP practice examattemptsCISSP exam voucherLearn by doing with hundreds ofadditional hands-on courses andlabs100% Satisfaction GuaranteeExam Pass Guarantee (onlinestudents)Learn More AboutCISSP TrainingEarn your CISSP, guaranteed!Get Pricing

About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fightagainst cybercrime. We help IT and security professionals advancetheir careers with a full regimen of certification and skills training. Wealso empower all employees with security awareness training to staycybersecure at work and home. Driven by smart people wanting to dogood, Infosec educates entire organizations on how to defendthemselves from cybercrime. That’s what we do every day — equippingeveryone with the latest security skills so the good guys win.Learn more at infosecinstitute.com.