Check out this valuable feedback provided by Thomas on his CISSP experience!
I passed the CISSP exam this afternoon, phew!
Word of advice from me:
Read the question.
Read ALL the answers!
Then read the question again!
I only had a few questions on cryptography and no questions on law and the different acts. Several questions on disaster recovery, business continuity and a hell of a lot of practical questions about specific ports and attacks.
I didn’t have a single “negative”-trick question with two times “not” (else I didn’t notice :-)).
I’ve been studying on and off for the last two months. I studied based on “OFFICIAL (ISC)² CISSP TRAINING SEMINAR ONDEMAND” (https://learning.isc2.org/…/official-isc%C2%B2-cissp-traini…) and “CISSP: Certified Information Systems Security Professional Study Guide, Seventh Edition” (ISBN: 9781119042716). If I were to do it again, I would actually stick to just the “CISSP: Certified Information Systems Security Professional Study Guide”-book which I find much better written and easier to read than the high-level training from ISC2.
I took a bunch of tests from skillset.com aswell, but to be honest I never managed to take that many tests due to time constraints.
Since each test is unique, it’s pretty difficult to give a lot of dumps on the content and you sign a NDA before starting the test, that you will keep tight…and so I will. My best tips are above, keep calm, study and work with it. I have to say that if you don’t have a clue about general networking, security and Unix, this test is pretty harsh. There’s a reason you need years of experience to call yourself “certified”.
A few additional things you can add to the notes: – Think security first. While this shouldn’t come as a surprise, I took this as the foundation of my thinking throughout the questions. Forget about system availability, redundancy, scaleability and all the techie things that we use to care about and try to respond to the questions from the security point of view only. – Like I didn’t have any trick-questions where things were negated, I also didn’t have any questions formulated like “Which of the following are NOT blah blah…”….it was all based on identifying the answers with MOST accuracy.