CertCities.com -- The Ultimate Site for Certified IT Professionals
Free CertCities.com Newsletter via E-mail Share share | bookmark | e-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story: IE8: Behind the 8 Ball

Tech-Ed: Let's (Third) Party!

A Secure Leap into the Cloud

Windows Mobile's New Moves

SQL Speed Secrets

CertCities.com
Let us know what you
think! E-mail us at:
 
 
...Home ... Editorial ... Tips ..Tips Article Friday: April 4, 2014


My Top 10 Tips For Preparing and Passing the CISSP Exam
Insights, tips and tricks from a CISSP for putting your best foot forward when you sit this grueling, six-hour security theory exam.

by Tony Bradley

7/20/2005 -- The Certified Information Systems Security Professional (CISSP) certification from The International Information Systems Security Certification Consortium [(ISC)2] is arguably the most sought-after and widely accepted certification in the information security industry. It’s become established as the standard baseline for demonstrating knowledge and proving expertise in this sphere.

Compared with most other technical certification exams, the CISSP exam is quite long. Passing the test requires not only the prerequisite knowledge to answer the questions correctly, but the stamina and mental fortitude to get through the six-hour, 250-question paper-based exam. For an information security professional, preparing for the CISSP exam is a little bit like a runner preparing to race in a marathon.

Don’t fret, though. It can be done. There are plenty of CISSPs out there in the world as proof that you can pass the exam. Here are 10 tips I recommend to prepare for this challenge and give yourself the best possible chance of success.

Tip #1: Hands-On Experience
One of the requirements for being awarded the CISSP certification is a certain amount of time in the industry and hands-on experience: three to four years of full-time work, depending on your educational background. Even if it wasn’t a requirement, hands-on experience is a valuable means of learning about computer security.

Note: If you don’t have three to four years of experience, that doesn’t mean you can’t sit the CISSP exam. (ISC)2 will allow those who pass the exam without meeting the experience requirements to become Associates of (ISC)2, and then award them the CISSP title after the experience requirement has been met.

Many people simply learn and retain information better when they actually do it instead of just reading about it. You can listen to seminars and read books about various aspects of information security, but until you do it yourself and experience it firsthand, it’s just theory. In most cases, nothing teaches faster than actually doing it and learning from your own mistakes.

Another way to get hands-on experience, especially in areas you’re not currently focused on at work, is to set up your own mini lab. Use old or virtual computers to experiment with different operating systems and security configurations.

Tip #2: Begin Studying in Advance
The CISSP certification demonstrates that you know a little bit about a lot of different information security topics. Even if you work in the information security industry, odds are that you don’t focus on all 10 core bodies of knowledge (CBKs), or subject matter areas covered by the CISSP, on a day-to-day basis. You may be expert in one or two areas, and very familiar with a handful more, but there are probably at least one or two CBKs that you’ll almost have to teach yourself from scratch to pass the examination.

Don’t expect to start studying the week before your exam and think you can pick up enough about subjects you’re not familiar with to pass. The scope of the information covered is huge, which you’ll need to study and learn over a long period of time, so don't expect to just cram the night before. I suggest you start studying at least three months before your exam date and draw up a schedule for yourself to ensure you dedicate at least an hour or two a day studying. It’s not unheard of for CISSP candidates to begin preparing six to nine months out.

Tip #3: Use a Study Guide, if Not More Than One
There are a number of excellent books you can use to help you prepare for and pass the CISSP exam. Study guides and exam preparation books can help boil down the mass amounts of information and assist you in keying in on the critical components you need to remember to pass the exam.

The sheer volume of information covered in the exam makes it difficult, if not impossible, to learn about everything in depth. Rather than trying to learn in a vacuum, so to speak, and not knowing which components of a given subject area are truly important, checking out some CISSP exam guides can help you key in on the specific information within the CBKs that matters most for passing the exam.

CISSP preparation books will certainly not make you an expert in subjects you’re not already an expert in. But, for the subject areas you know little or nothing about, a CISSP book, such as the “CISSP All-In-One Exam Guide” by Shon Harris, provides you clues and guidance about what the important information from those subjects is when it comes to passing the exam.

Tip #4: Make Use of Free Resources
When the economy dips and budgets get tightened, one of the first things to go from corporate spending is training. There are plenty of courses, boot camps and cram sessions that promise to prepare you for the CISSP exam, but they are exceptionally expensive. As much as possible, for your own benefit, you should look for resources that are free.

Experience is an excellent teacher, but it doesn’t always have to be your own personal experience. By joining online forums, mailing lists or local user groups, you can associate with others working in information security and learn from their mistakes and examples. Exchanging stories, issues and solutions among your peers will provide you with invaluable real-world scenarios to learn from rather than just theoretical book knowledge. Check out the many CISSP study groups on the Web, or look to join a local one with other candidates in your area.

Search online and you can find various study guides and practice exams or articles (such as this one) available for free. Here’s some links to get you started:

  • SearchSecurity.com’s “Security School: Training for CISSP Certification” Webcast training series by Shon Harris
  • Free study guides straight from the source -- (ISC)2.
  • CCCure.org
  • About.com’s Web page on the (ISC)2 CISSP certification.

Tip #5: Practice Makes Perfect
Even if you’re confident that you have sufficient knowledge across all 10 areas of subject matter to pass the exam, you should take some sample or practice exams before you go take the real test. Practice exams will enable you to assess your knowledge and also prepare you for the types of questions you might see so you aren't caught off-guard on test day.

Many of the study guides and CISSP preparation books come with a CD containing a practice exam or some sort of practice test. You can also get practice questions from each of the ten CBKs in the Web cast training sessions mentioned above. Longer practice exams that mimic the CISSP in terms of length and scope are available from some providers, like Boson and Transcender. Also stop by CCCure.org and check out its online quiz engine.

Tip #6: Read Carefully
When you first start the exam, you might be excited just to find out you actually understand the questions. The terms used and information covered may seem to be exactly what you’ve prepared for, and you could become a tad cocky or be lulled into a false sense of security.

No matter how familiar the information may seem or how easy the questions sound at first glance, it’s imperative you take a deep breath, slow down just a bit and make sure you read every word of every question to make sure you’re answering the question being asked.

Test writers like to use double-negatives or slide words in to change the meaning of the question. Missing the word "not" in a sentence can be catastrophic.

Tip #7: Watch the Clock
Time management is essential for the CISSP. You have six hours to complete the CISSP exam, which might seem like an eternity to take one test. It’s not.

Do the math: With 250 questions, you have less than 90 seconds per question in that six-hour time span. If you spend five minutes pondering one question, you need to answer three other questions in under 20 seconds to stay on track to finish within the allotted time. And you still have to read each question carefully, as pointed out in the previous tip; keep your eye on the clock as well to make sure you’re making sufficient progress to finish on time.

You should be able to answer many questions in the blink of an eye, so you’ll have some time to spare to dedicate to questions that stump you. However, you aren’t going to suddenly learn information you don’t know if you stare at the question long enough. Give yourself enough time to think about the question and try to remember the answer, but after a couple minutes just pick your favorite answer and move on. Better to take your chances on getting one question wrong than to devote so much time to that one question that you run out of time and never get a chance to answer a handful of easier questions.

Tip #8: Stretch and Relax
It’s difficult enough to think under pressure without adding discomfort. Six hours is a long time to sit in one place. If your mind is too stressed or tense, or you’re physically uncomfortable, it’s difficult to focus and think straight.

Yes, I did just got done writing about how little time you have to devote to each question in the first place. For many people though, a short break to stand up, stretch and relax will prove invaluable. Stretching your muscles and giving your brain a few seconds of serenity will help you to concentrate on the questions in front of you and think clearly about the answers, rather than focusing on how uncomfortable the chairs are or getting so stressed out that you can’t think straight.

Tip #9: Get Some Sleep!
No, there won't be any entertainment during the test and the questions are not that engaging. To make sure you don't fall asleep or disrupt your neighbor's concentration with your growling stomach, make sure you get a solid night of sleep and eat a good, healthy breakfast before testing. Being well rested and getting the proper nutrition the day of the exam will serve you much better than pulling an all-night cram-session.

Aside from these two imperatives, though, how you prepare the night before or the morning of the exam is a personal choice. Some people may want to read their notes, take another exam simulation test or cram down to the very last second. Personally, I woke up and played Tetris all morning. I find it gets my brain in gear while also taking my mind off of the stress of the exam.

Tip #10: Don't Be Intimidated
Some people can take almost any test cold and still pass. Others may have dedicated themselves to studying and learning everything they possibly can for months, and freeze up on test day. If you have the above tips you should be prepared and have no problem passing the exam. Don't let the 250 questions or the six hours intimidate you.

It’s a long exam to earn a valuable certification which may have an impact on your career and your future. But when exam day comes, you either know the information or you don’t. Have faith in yourself that you’ve done all you can to prepare for and pass the CISSP exam and don't pop a blood vessel trying to second-guess yourself.

Best of luck to all of you on your path to the CISSP!

Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the editor of About.com's Guide for Internet/Network Security, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions, visit Essential Computer Security.
More articles by Tony Bradley:

There are 90 CertCities.com user Comments for “My Top 10 Tips For Preparing and Passing the CISSP Exam”
Page 1 of 9
7/20/05: Clement Dupuis from Deep Woods of Quebec, Canada says: Just wanted to say that this is a great article with key tips that will make a huge difference between passing or failing. I like number 10 a whole lot. You must attempt to treat the real exam just as anonther one of your practice exam. If you stress, start panicking, you will be in trouble. Remember you could get a questions that is totally funky and that you have never heard of before, it is probably one of those 25 questions that are being tested and do not count on your final score. I have seen too many great professional who have failed not because they did not know the CBK but more because they fail to follow the tips above. Keep up the great work Best regards Clement Dupuis, CD [email protected] Maintainer of the www.cccure.org site
7/21/05: David Soede from Sydney, Australia says: Poor article. Those tips are so generic and could be applied to almost any test, IT or otherwise. The 2 practice exams I've done so far I've finished in half the time with >90%, and I've done only 2 years in the IT security field. CISSP to it's credit tests real-world abilities pretty closely - and who gets time in the real world to do all that prep for their job? My advice to Tony? You are not writing for a cornflakes packet, get detailed and specific and provide far more references for practice exams, CBK articles etc. You are writing for technical professionals here.
7/21/05: Anonymous says: Wowser, yet another article that stresses basic test taking skills. I'm starting to wonder if this exam is anything to worry about or not. So far, from my studying, it's surprisingly basic. We'll I'm using 5 of the more popular books (6 total) and a video series. I'm focusing on one domain at a time, which seems to help me actually make progress studying. I'm going to assume that all of these CISSP articles are true, and that the exam is actually doable with a resonable amount of study. For you people postponing your test, if you've taken a medium difficulty college course then I think you can handle this. Of course, we'll see when I take this....
7/22/05: Anonymous from United States says: I agree with David, a little. The advice is somewhat "generic" and could be applied to almost any test on any subject for the most part. However, I completely disagree that it makes it a "poor article". I think it simply underscores that good study habits and test preparation are fairly universal and that there isn't any "magic bullet" shortcut. More specific advice might have changed the article from a Top 10 study tips to just another exam cram notes or practice quiz. Applying these 10 tips will surely help readers achieve CISSP certification.
7/25/05: Joe Werner from Lansing, Michigan says: This article contains good, basic advice about taking a test -- especially a paper, 6-hour, 250 question, high-stakes test, which is what the CISSP is. It's a brutal test. Having just passed it, I recommend everything said here, plus one more: Remember you can write in the test booklet, even though what you write there won't be scored. I like to answer questions in the booklet, then at the end of the page, transfer them to the answer sheet. This breaks up the monotony a bit. (But be careful to record your answer by the correct question number!) Writing in the test booklet permits another trick that you can use to manage time better: I like to circle in the test booklet the number of any question that I am going to need extra time to think seriously about. Answer all the questions you are sure of, circle the question number if you need more time, and PRESS ON! Get as many questions answered quickly as you can, then come back and answer the ones that you circled. That way, you get the questions you know out of the way, and you also may pick up some hints and reminders about how to approach the ones you passed by on your first pass. With the CISSP, I needed three passes, but I finished with plenty of time still on the clock. GOOD LUCK to everyone. (Oh, wait a minute. I didn't mean luck. I meant skill.)
7/26/05: Tanveer Ahmad Bhatti from Abu Dhabi says: is there any training center for CISSP here in UAE or any where outside UAE ? Is there any Schollarship scheme for CISSP? Thanks
7/27/05: Clement from Deep woods of Quebec says: The CISSP certification is definitively NOT a technical certification. It is NOT an in depth certificaion on a specific subject. It is very broad and covers about 400 different concepts through 10 domain. The exam does not garantee that you will ge an expert in the 10 domains. I do not know anyone who could be an expert in all of the domains. The exam is to give you a basic understanding of the different areas of information security. It is to allow you to interact with your peers and understand what they are talking about. It is a foundation and vendor neutral cert. I have seen many people who scored above 90% on practice tests, only to fail the real exam because they ignore the soft side and the tips given above. Best of luck to all Clement Dupuis www.cccure.org
7/27/05: Clement Dupuis from Deep woods of Quebec says: As far as training centre in the United Arab Emirates, I do not know of any but I do know of some in neighbour countries such as Kuwait and Saudi Arabia. I do not want this to become a marketing area. If you are interested, contact me offline directly and I will give you the pointers. Best regards Clement [email protected]
7/28/05: ITDefPat from itdefpat.blogspot.com says: Good commentary!I am a CISSP, and recently was a testing overseer. The biggest problem is not the questions, but the test-taking skills. Remember, I not only took the test, I've watched people while they were taking it. Remeber that you don't have to be an expert in any one domain, but if you are, that might help you through. I saw a comment above about someone that had several books. That is also a good idea. I had two, and the prep tests from two authors were very different. Get as many prep tests and study guides as possible. And do anything else Clement says. I'm also happy that no one has said anything about boot camps. I wonder about them, and seriously think that they offer very little benefit for a lot of money.
8/8/05: Anonymous says: My experience is buy CISSP testking in www.PrometricVUE.com (only $7.99 VS testking 69.99, same quality) and I have a lot of question in my test.
First Page   Next Page   Last Page
Your comment about: “My Top 10 Tips For Preparing and Passing the CISSP Exam”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   

-- advertisement (story continued below) --

top
Home | Microsoft® | Cisco® | Oracle® | A+/Network+" | Linux/Unix | MOS | Security | List of Certs
Advertise | Contact Us | Contributors | Features | Forums | News | Pop Quiz | Tips | Press Releases | RSS Feeds RSS Feeds from CertCities.com
Search | Site Map | Redmond Media Group | TechMentor Conferences | Tech Library Webcasts
This Web site is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc., Microsoft Corp., Oracle Corp., The Computing Technology Industry Association, Linus Torvolds, or any other certification or technology vendor. CiscoÆ and Cisco SystemsÆ are registered trademarks of Cisco Systems, Inc. Microsoft, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corp. OracleÆ is a registered trademark of Oracle Corp. A+Æ, i-Net+T, Network+T, and Server+T are trademarks and registered trademarks of The Computing Technology Industry Association. (CompTIA). LinuxT is a registered trademark of Linus Torvalds. All other trademarks belong to their respective owners.
Reprints allowed with written permission from the publisher. For more information, e-mail
Application Development Trends | Campus Technology | CertCities.com | The Data Warehousing Institute
E-Gov | EduHound | ENTmag.com | Enterprise Systems | Federal Computer Week | FTPOnline.com | Government Health IT
IT Compliance Institute | MCPmag.com | Recharger | Redmond Developer News | Redmond | Redmond Events | Redmond Channel Partner | Redmond Report
TCPmag.com | T.H.E. Journal | Virtualization Review | Visual Studio Magazine | VSLive!
Copyright 1996-2009 1105 Media, Inc. See our Privacy Policy.
1105 Redmond Media Group