MY PERSONAL CISSP STUDY RESOURCES & GUIDE!

Although there are TONS of hits when you search for CISSP resources, there are very few sites that list resources that were actually used to prepare for the exam. And even less resources that detail the process of preparing and taking the exam.

Essential Books (most come with CDs that have soft copy and practice tests)


Free CISSP Online Resources


Downloadable Files

  • 7 Types of Hard CISSP Exam Questions and How To Approach Them I got this free somewhere...it is accurate.
  • An Excel "Scan Tron". Print this along with a practice test for a more authentic simulation of the real CISSP exam.
  • This is a cheat sheet that I created. The idea was to memorize this to the point where I could write it out as much as I could from memory. I did, but I never refered to it-nothing was presented on my test that was directly answerable from this cheat sheet. I guess this is an example of what not to memorize. It is still good to know.

Practice, Practiced, Practice

In my opinion taking practice tests are essential. How do you know if you are processing the info you are studying? How do you know where the CISSP focus is? How can you prepare to read poorly written questions (and there were some terribly worded questions on the real exam)? PRACTICE TESTS! The practice tests help you determine where your weaknesses and strengths are and help you get a feel for what the questions will be like (although the actual exam was much more difficult that any practice questions that I have found so far, by far). Most of the texts and websites mentioned above have practice questions. My boss also bought 300 of the ISC2 CISSP questions for $300-great idea, but again, not on the same difficulty level as the real exam. It wasn't a waste of money, but it is not a fair representation of questions that will be on the real exam.

Read a section, take a short test. Read a chapter, take a longer test. Watch a video take a test. Listen to a lecture, take a test! Repeat tests for domains you studied a couple of weeks ago.

It is also important to identify questions you are getting consistently wrong and unlearn why you are picking the wrong answer.

Here are my tips:
  • Time yourself. Get a feel for how long it takes you to take different number and different levels of tests.
  • Work up to 250 questions SLOWLY. Start with 10 rookie questions from a domain or all domains. Then go to 25, then 50, etc. Then go up a level and do the same. The important thing is that you are testing while you are initially learning.
  • Don't be afraid to quit a test in the middle. Note how many you answered then note how many you got right in the results.
  • Review the questions you got right! Did you guess or did you really know it? If you guessed learn it!
  • Be encouraged with your progress and don't be discouraged when you fail. NOW YOU KNOW WHERE YOU NEED TO FOCUS!! Focus your study to your problem areas.
  • Don't take the real exam until you are scoring into the 90 percent range.
  • Remember that you only need 70% for the real exam, but the real exam is much harder than any tests I practiced.

My recommendation is to study through all of the domains and build up to this:
  • Generate 250 (or max) questions on each domain at each level (rookie, easy, medium, hard and Pro). This would be 10 domains times 5 levels or 50 different tests.
  • Generate 250 questions from across all domains at each level (rookie, easy, medium, hard and Pro). This would be 5 tests of 250 questions.
  • Always choose these settings: "closely related", uncheck "Shuffle answers in questions", uncheck "Review only incorrect answers", uncheck "Activate timer"
I also strongly recommend simulating the real test as much as possible. You don't have to do this in the core of your studying, but after you have gone through the domains a time or two focus on paper tests and a paper "scan tron" answer sheet. After generating a test select all, copy it into notepad, print it out. Submit answers for grading (without answering any) and copy the answers into notepad, print it out. Finally download and print the 250_Answer_Sheet.xls above. Here are some tips:
  • WRITE ON THE TEST. Write notes. Notate confidence level for an answer. Cross out wrong answers. Circle key words. Write the corresponding letter (answer) ON THE TEST. I went through 3 pencils on the real exam (they provide pencils, no highlighters allowed, no scratch paper allowed, there is a blank page on the inside of the test). Another good reason to write the answer on the test is if you get messed up and off on the answer sheet, you can always refer to the written letter answers on the test to fix.
  • Transfer answers one page at a time to the "scan tron" answer sheet. Pay careful attention when transferring to select the right answer.
  • Review your answers. When you are finished with the test go back and review your answers, look for questions that you identified as unsure. It is rarely good to second guess yourself, so skip over questions that you felt pretty good about and focus on the questions you struggled with.
  • TAKE BREAKS! You can take breaks on the real exam, so practice that too!
  • Pay attention to what makes you comfortable and uncomfortable, posture, breaks, drinks, etc.
  • TAKE YOUR SWEET TIME! The real exam is 6 hours. I used up 5 solid hours, took 3-4 breaks, ate 2-3 chocolate granola bars, went through 2-3 20 oz Pepsis.
  • Be mindful of the times you take the tests versus results. We took many practice tests at 7 or 8 at night. We usually did a little worse. Thankfully the real exam is at 9 in the morning.

My Personal Experience

We had two groups of folks prepare and take the CISSP exam from my team. The first group of 3 (including my boss) started off with a boot camp, studied for about 10 weeks and then traveled to a different city and stayed in a hotel and took the exam. They felt very unsure after teh test and thought that they either barely passed or barely failed. They all passed. So the pressure was on! They studied about 500 hours.

There were 4 guys from my team that made up the second group (including me). I started out with just the AIO Shon Harris book (Fourth Edition) and the online searchsecurity.com site that is extremely introductory but has some short Shon Harris videos (basically just introduces each domain). Shortly after I added a SANS audio/slides series, Eric Cole is the Instructor. This is audio and slides from a 1-week CISSP boot camp sponsored by SANS. And then I took some tests (http://www.freepracticetests.org/quiz/quiz.php). And failed miserably! I had to switch gears!

SO, the first thing I did was start a study group. I really think this is key. If you can get a study buddy then DO IT! We added a video series by Shon Harris. I also made some study cards based on a boot camp that centers around the Shon Harris book. The first group of 3 guys went through that actual boot camp, they traveled and went through a week of hell. They said it was a waste of money. It wasn't sponsored by ISC2, but still a waste (in their opinion).

We conned our boss into buying 300 practice questions from ISC2. They are pretty good questions, but nowhere near the difficulty level of the real exam. And we focused on the freepracticetests.org site. We generated questions on each domain individually and focused on the pro questions. But then we discovered later on that the pro (the hardest) doesn't give you much of the easy/medium/hard, but pads with the rookie questions. So then we went back and generated 250 (or the max) for each level (Rookie, Easy, Medium, Hard & Pro) across all domains. If I had a chance to do it again (and I just might!) I would do each level for each individual domain. I came up with the idea of a cheat sheet. I started to create a cheat sheet (link above) that I wanted to memorize so that when I sat down for the test I could just begin to write these notes on paper and create a cheat sheet from memory! And lastly once we generated the questions we copied/pasted into note pad or text pad, printed the questions off, created a scan tron sheet (link above) and we practiced taking the real test with the questions from the freepracticetests.org. So we did all of that and were scoring in the mid to upper 80s to lower 90s. We made it a practice to write on the test. Write the answer (A, B C or D). Cross off the wrong answers. Make notes. Circle or underline key words. Mark questions that you were unsure or not confident about, etc.

One of the guys on our team used the Official ISC2 book and we also have an Exam Cram book and Exam Cram practice test book, we mostly used these as a reference along with wikipedia. I estimated that I studied around 300 hours-just me.

The exam that we registered for was in our metro area, but about 45 minutes away. We conned our boss into letting us stay in the hotel that was hosting the exam the night before the exam. No worries about traffic or travel. We relaxed the night before, did a little bit of last-minute testing and cramming and we felt pretty darn good. We visited the conference room where the exam would be held-nothing too special, but still building up our confidence. We made sure that we woke up 2 hours before the test and we were ready to go when the doors opened a half hour before the instructions were given. The room was packed-about 40 testers, most seemed to be there for the CISSP.

And then there was the taking of the real test. Holy hell. I was proud of myself, before I even looked at a question I scribbled my notes on the inside of the first page. I made a half a page of notes. The OSI model, reserved IP range, Bell LaPadula, Biba and Clark Wilson model and some notes. And a few others. I never used any of it! I had one question on the OSI model and it was about an optical cable...physical layer. About 3 pages in I had to close the test to make sure I was actually taking the CISSP test. There were a couple of other tests being offered at the same time. I had the right test. I will say this, about 3-4% of the questions I knew the answer before I saw the answers, but there were about the same amount that I didn't have a freaking clue, as in I totally and completely guessed-but only 5-7 questions. MOST of the questions I was able to cross off 2 of the 4 answers and make a pretty good decision about the final answer-as in I felt pretty good about the answer I picked. Some questions took up a half or a whole page. It took me 5 solid hours. I took 2-3 bathroom breaks. I had 2-3 plastic 20oz bottles of Pepsi. I had a few chocolate granola bars. I went through 3 pencils (that they provided). It was brutal. I planned to review the questions I didn't feel too good about, but just didn't have it in me-plus I went a tad slower and was pretty comfortable with the answers I chose. 2 of the others in my group also took a solid 5 hours and one took about 3. I am very unsure of how I did. I THINK I guessed OK most of the time.

I had 3 immediate thoughts durring and right after the test

  1. Inch deep mile wide my ass! I wrote this on the inside cover of the exam booklet.
  2. My boss got ripped off on the 300 ISC2 questions! The exam simply wasn't like the practice test questions.
  3. I'm gonna have words with my co-workers who said that the test questions we were studying are an accurate representation of the real exam.

Most of the others on my team that took the exam were almost sure that they failed. The first group of 3 that took the exam last summer felt the same way, were sure they failed and were on pins and needles waiting for the results. They all passed. They too expressed frustration with the practice questions they studied. There is only 1 on the team that took the exam with me that is pretty confident that he passed. He has been in the telecom and tech industry for 20 years, and honestly, he is the smartest person I know. I am sure he passed. The other 3 of us just flat out don't know. IF I failed then I think I only missed the mark by a little-I doubt I got less than 60%. And I am very confident that I can switch gears and study another month or 2 and pass no problem.

My co-worker keeps asking if I think I got 75 questions wrong-that is about how many you can miss and still pass. The questions are weighted so that is not completely accurate. ISC2 throws out 25 that they use to just test the waters. 70% of 250 would mean one could miss 75 questions, but 250 minus 25 is 225, 70% of that is about 67 questions.

I really don't know how I did! I sure could have missed 75 questions! I just don't know. Hopefully I will know before Christmas.

I took the test December 5th, 2009. It is my understanding that they just wait until they have "enough" exams and then they grade them all. So I don't know when they will grade them or when I will get the results.

I will let you know ASAP! And I will be honest about the results.

Check HERE for the rest: http://inchdeepmilewide.wordpress.com/

Peace,
-Durk-