General CISSP Advice

Here is what I can tell you about the CISSP exam: 

Don’t just memorize the different block and key sizes of symmetric encryption, understand them.

Don’t just memorize the different evaluation levels of the TCSEC and Common Criteria, be able to understand why they were created.  

Don’t just memorize the different WAN technologies and protocols, relate them to why we use them to communicate.

The exam is not to test the strength of your memory, but to gauge your level of understanding of information security concepts.  It is a hard test, but it is not a hard test.  It all depends on how much you dedicated to study for it.  It might sound ridiculous, but after leaving the testing center, I actually respected the exam for what it is.  The questions are truly unlike any practice exam questions you can find on the Internet.  The questions are on a completely different echelon.  Yet, it is not impossible.

Key factors in passing:

Read Shon Harris book cover to cover – 3 times.

Read Sybex 7th Edition book cover to cover – 3 times.

Read Eric Conrad’s CISSP Study Guide 3 months/weeks/days before the exam – 5 times.

The exam has 250 questions, take at least 5,000 practice exam questions before even sitting for the exam.  Why? Not because you will know the answers, but you will start to “see” a pattern. You will start to see how the exam wants you to answer, you will see what concepts the ISC wants you to take away as a CISSP.

For example, I took at least 700 practice exam questions on the Cryptography domain.  I received only about 3 cryptography questions.  But you know what, I needed to take 700 practice cryptography questions in order to answer those 3 questions correctly.  Frustrating? You bet.

Try these practice exam questions:

The key is to take as many practice exam questions as possible.  50% study should be books, and 50% study should be practice exam questions.  To take full advantage of these questions, you should not only try to get the answer right, but also realize why the other answers are wrong.

The best way to know if you’re ready for the exam is to open up a study guide book, point to any word on a random page, and be able to explain it thoroughly.

There is one phrase that really sums up how to approach the exam, Amat Victoria Curam.  It translates to Victory Loves Preparation.

Please let me know if you have any other questions, without anymore studying to do, I’m all yours.  If any of you are going to take the exam soon and would like to know how I prepared the night before or my strategy during the exam, feel free to ask.

  • Shrikanth

    After reading this post and suggested key points my understanding is, CISSP professional should be concerned more about WHY>HOW>WHAT and not much as on HOW>WHAT>WHY of different concepts and technologies. Hope I am correct!

    • studynotesandtheory

      That’s a good way tot look at it !