How Stephanie Cracked Her CISSP Exam
On 12th November 2020, I faced the beast for the first time and slayed it with 100 questions in around 2 hours. Like what everyone said, it looked very different from any test engines that are available. It really tests your understanding of concepts.
My work experience,
- audit and compliance
- IT project/program management, risk and controls, IT governance , IT operations
- systems and database technical hands on in my early years
These are the materials I used
1) Sybex - CISSP official study guide, 8th edition - use this as your main textbook. Read it page to page and make sure you understand every concept.
2) Official ISC2 Student Guide from ISC2 training provider bootcamp - read page to page
3) CBK - I recommend that you read this page to page to know what ISC2 wants you to know. I had instructors advising there was no need to read the CBK at all, which I find this is wrong advice
4) Shon Harris all-in-one : I only used it as reference for technical concepts that I don’t understand in Sybex. Personally I don’t like Shon’s style.
5) CISSP dummies - I didn't find it useful.
6) NIST - 800-30, 37,88, 53, 12, 34, 115, 77 - I spent quite some time reading various NIST docs. More for interest as it relates to my work too. You don’t have to read page to page, just the intro and selected sections
7) Luke’s book - Think Like a Manager. It teaches you how to analyze the questions with the right mindset. You should get it.
These are the test sources I used:
1) Sybex Official Practice test - these qns will test your understanding of the contents in Sybex and help u know your weak areas. I did every question and make sure I understand why I got it wrong.
2) Luke’s SNT tests- these are tough but it helped you to think. I never score beyond 68% with the worst at 38%. But don’t get discouraged with the score but focused on understanding the concepts
4) Shon’s practice tests - I don’t like Shon’s materials and only do selected qns which I think are useful
5) pocket prep- I find these are too simple, but it helps you to test your knowledge
Unlike most, I did not do a breadth of questions, but redo the above limited test questions again and again to make sure I understand and remember concepts.
I watched videos on concepts that I don’t understand from the books or did not have experience.
1) Luke’s SNT videos- Luke’s videos are great as he has a way to make complex concepts simple to understand. I highly recommend you subscribe to his paid content
2) Computerphile (Mike Pound) - I was Super confused about some
Cryptography concepts in the books which I find this chap is able to explain it very well
3) Destination Certification - great videos to understand an overall view of the domains
4) Kelly Handerhan’s ‘Why you will pass CISSP’ - it helps you for some questions - think like a manager. But I find that I shouldn’t apply it to all questions as some questions are really asking for technical concepts
5) ITdojo QOTD
- the exam has several easy questions straight from the books. That’s why you really need to study the books page to page. There is no shortcut to pass the exam. Only hardwork will pay off. Some folks asked me if there are brain dumps, but I would advise to cover ‘all grounds’ by studying everything and make your own notes. I kept on reading and writing and made pages of notes. Towards the last few days before the exam, I was just revising my notes and redoing the practice questions from Sybex and Luke’s Members Portal.
- read NIST to understand industry practices
- towards the last two weeks before the exam, I try to ask ‘what does ISC2 want us to know from the domain’ before I start revising that domain. You need to get into the CISSP mindset and understand how the concepts apply to the real world .
- read up on GDPR, PCI DSS and PII from the Internet
- there are some technical questions which are one level deeper than all the books. It will have to depend on your experience and judgement to know the right answers
The actual exam:
- expect to see questions that are phrased in a completely different way from all the tests engines
- the questions are all very well-written and really tests your concepts and knowledge
- it will test your understanding on all those processes - change/config, SDLC, incident response. Perhaps these are in the 101- 150 questions which I didn’t get there as my exam stopped at 100. It kept whacking me on IAM domain which it might have assessed it to be my weak domain. Well, I didn’t know I am weak in IAM until during the exam.
- there are questions which I cannot narrow down to any correct answer. Either all 4 options look correct or totally wrong. I just have to make my best guess based on People safety, Cost or Senior Management as the option.
- throughout the exam, I could not assess if my answers were correct. You just have to base on your understanding of CISSP concepts and experience to choose the best choice. In the end, it gave me a pleasant surprise - I passed !
Lastly, the secret ingredient to pass the exam are
1) study hard, there are no short cuts
2) subscribe to Luke’s SNT to see how others pass. Luke is a fantastic coach who can guide you on your journey.
For me, I would not have passed without God’s blessings and friends/colleagues who encouraged, supported me and believed that I will pass !
Go for it! Don’t give up.