top of page

How Ganna Cracked Her CISSP Exam!

Warning: long read!

First of all, I would like to thank (I know, cheesy) the Study Group for their contribution to my success. Although I have not been a member for a long time, and have not had the time to contribute a lot, the discussions on the Facebook page have helped me to understand certain concepts and answers. Second, thanks to the people who have helped me, have been patient with me during my preparation and have been understanding to the lack of social participation (Especially since I’ve passed my exam on the 30th of December 2016, and my Christmas revolved mostly around CISSP).

Study Materials – CISSP Official Study Guide 7th edition – Official ISC2 Practice Tests – Cybrary: Kelly Handerhaan videos – Sybex Test Banks

I have read the Official Study Guide almost twice. The first time was 4 months before the exam. The second time was one month before the exam, where I focused on the chapters/domains I scored weakly on the practice tests on Sybex. The book forms a good basis for understanding and learning the concepts. The Official ISC2 Practice Tests helped me to apply the concepts. The explanations of the questions were, for me, that what helped me the most. I only watched the Cybrary videos on the domains where I scored weak to get more understanding. I did two of the complete practice tests online, and one from the book. I found that the book questions represented the real exam questions more closely, compared to the questions from Sybex.

Study Read, Read, Read. Everything you already know might help, but you really need to follow the way ISC2 wants you to remember things: work experience does not tell you anything (it might help ofcourse). I do believe that the Official Study Guide forms the best basis for the exam. I started reading the book approximately 4 months before I took the exam. Just reading the chapters and making the practice questions from each chapter.

After reading the book, I neglected my studying for a few weeks. But when I got the Official Practice Tests book, I started to learn again. This is also the moment I planned my exam, as having a deadline makes me more motivated. I set the date for the 30th of December and began learning again in November. I started out by making 100 practice questions per domain. This gave insight in my knowledge per domain. The domains which I had trouble with, I read the chapters again in the Study Guide. Per domain, I read all the answers in the back of the book, even the ones I did answer correctly. I have to say that this part of the study helped me the most in understanding concepts. I came across certain definitions, which I missed completely in the book. I also noticed that I almost skipped the whole software development part in the book, neglecting the models and database. After finishing the 800 question on the 8 domains, I started watching Kelly Handerhaan on Cybrary. She just has a way of explaining the concepts, in which I could understand them more and remember them. I did not watch all of her videos, but only the ones in the areas I had trouble with. In this phase I started making notes on all that I did not know yet. This helped me get an overview on what I needed to give more attention before the exam.

The last day of my studying, I practiced full tests and scored around 70%. I read every wrong answer and then the correct one, writing down where I went wrong. In the evening before the exam, I learned my cheat sheet. I learned what I wanted to write down, the moment I would sit down for the exam on the paper they give you. I looked online at what others called there cheat sheet, and asked a colleague for his sheet. The most important elements were, of course, the OSI model, TCP/IP, the formulas and authentication (type1-3).

The Examination Starting the exam, I was really nervous. Once the first question popped up, I immediately had no idea what I was reading or doing. But I calmed myself down, used the earplugs to drown out the sounds around me and tried to understand what they were asking me. I noticed that in every question the key word was in capital letters (MOST, LEAST, BEST). After 50 questions I took a long break in which I ate and just took some time for myself. Going back in, I was determined to do the next 100 questions. These seemed to be somewhat easier. I had come into a flow in understanding the questions. Firstly I really tried to understand what they wanted to know from me in the question.

Once you understand this, most of the times you can eliminate 2 answers already. Choosing from the other two answers is just really knowing your stuff, remembering that people always come first, or taking a management’s perspective. As a lot of people before me already said, most of the times the management answer is the best answer over any technical based answers.

After 150 questions I took a quick break again. Once returning, I finished the exam in 4 hours. I took almost 1 hour to review my question. I bookmarked a lot of question (mostly in the beginning, when I was nervous).

At first, I thought that I would just go and review every question: reading them again and debating my answer. After doing that with the first 10 questions, I realized that it would take a very long time, and that the answers are always debatable if you are questioning yourself. I switched to only reviewing my bookmarked questions. To be honest, I did change a few answers. Some of my initial answers were just not correct, when viewing them the second time. Sometimes I was like: ‘How on earth can I be that stupid’? To answer that question: probably I just got overwhelmed at times and wasn’t focused enough (that’s what the breaks are for!). But after one hour of reviewing, I finished and submitted my answers. In my head, I already prepared myself to take the exam again in January, when they told me I passed. I have almost never felt such relieve, as I felt then. I sat in my car for 30 minutes, just calling my parents, sister, partner and everybody who was just as nervous as I was.

On the exam, I got a lot of questions on Risk Management, BCP/DRP, Software development, Database and federated identity. The questions were doable, as long as you do know your concepts and understand how they work.

Tips – It may sound weird, but I’ve read it a couple of times on the Study Group and elsewhere, but believing is doing. The night before the exam I told myself I was able to pass the exam. This does create some confidence and puts you in the right mindset before you go up for the examination. – Read the questions and understand what they want to know exactly from you. – When you get scenario questions, make sure the question or explanation does not change. – Plan your exam. This way you have something to live towards and a deadline. – Make notes. Making notes will give you an overview on what is still challenging you. Writing stuff down also helps in the learning process. – Try to explain the concepts to yourself. Do you really understand what federated identity is and how it works? – Please take breaks when taking the exam. Reviewing the questions made me see that due to lack of breaks, I answered wrongly. – Always go for the management’s perspective or the people first answer. – You really can do it! Please do believe in yourself! Good luck to all who still need to do their exam.


bottom of page