I love hearing from the silent participants of this blog after they pass their CISSP.
A big congratulations AND a big thank you Ziyang for sharing your study experience with everyone else.
I passed CISSP exam two days ago, just share a few feedback.
(1) How to start CISSP preparation
CISSP is not an easy exam, the book is very thick. Easily fall sleep after reading for one hour. The tip is start something easy to finish:
– Start with cybrary.IT video. Can finish in several days.
– Read Syngress.CISSP Study Guide, 3rd Edition. 500 pages. Finish in 2 to 3 weeks.
– Read Sybex.CISSP Official Study Guide, 7th Edition.
This one is 1,000 pages.
– Read MGH.CISSP All-In-One Exam Guide, 7th edition. This one is 1,300 pages.
So start from easy one, then proceed to difficult one.
(2) How to study books
The PDF reader has functions of highlighting text with yellow color and add comments. That is your friend.
Highlight the key points in first round reading. Later you only need run through those highlighted parts.
(3) What books to read
Sybex.CISSP Official Study Guide, 7th Edition
Syngress.CISSP Study Guide, 3rd Edition
MGH.CISSP All-In-One Exam Guide, 7th edition
Try use the latest edition, because the new content such as cloud, federated identity etc are not covered in old book.
Many people can pass using only one of book. Decide yourself.
I read the following as well due to my personal weakness in certain domains:
MGH.CompTIA Security+ Certification Bundle, 2nd Edition
Cisco.CCNA Network Fundamentals
(4) What to remember
a) The detailed technical spec parameter / number is not tested.
b) CISSP is international exam, law that only pertain to US is not covered.
c) Propitiatory technique is unlikely tested.
d) know pros and cons of each common techniques
– comparison of symmetric and asymmetric encryption
– comparison of Radius/TACACS+/Diameter
– Comparison of PPTP/L2TP/IPSec
– Comparision of hosted IDS and network based IDS
(5) Practice exam
Sybex.CISSP Official (ISC)2 Practice Tests
Questions in textbook
I did CCCure as well (one month subscription, pro mode, no repeat, average score 84.5%).
At least 2,000 is recommended.
Doing practice exam serve several purpose:
– Make sure you answer each question is 70 seconds on average.
– Find your weak domain.
– Train your mind to be sensitive on key words such as primarily/most/least/best
Notes is best import for last few days before exam. I use two notes:
Combined CISSP notes downloaded from another CISSP study group:
Slides from cybrary.IT (the official one is not complete, I do my own one by capture screenshot of the videos)
a) Some practice exam may have wrong / questionable answers, partly due to the controversial items
b) different people come from different background. Some people may pass the exam after one month preparation. Those people may already own SSCP/CISA/Security+ cert and more then 15 years of experience.
So no need to compare. Take your time and do a full preparation, and try to pass in first round.