Wednesday, February 20, 2013

Tips on Passing the CISSP Examination

If I had to summarize the Certified Information System Security Professional exam in one word, I would use the word "challenging".  The CISSP can be described as the most coveted certification in the computer security industry.  Prior to taking the exam, I researched what many people had to say about it.  After hearing many contrasting stories, I decided to share my thoughts, incites and opinions on CISSP examination. 

What materials did you use?


Official (ISC)2 Guide to the CISSP -

The Official Guide to the CISSP was my primary source when it came to study materials.  I recommend this book on the sole fact that if officially covers every question on the exam.  This book is very comprehensive but also very dry.  If I had to study for this test over again, I would first check out the Shon Harris All-In One Exam Guide.  I heard the reading in the All-In One Exam Guide is a little more light.


CCCure.org
CCCure.org is an online quiz engine tailored for tests like the CISSP and the Certified Ethical Hacker.  Although the website layout appears to be a bit dated, the quiz engine works like a charm.  The CCCure.org quiz engine has a database full of questions and provides statistics on how well you did in certain areas.  I found this to be the most beneficial!  There is a free limited version of the quiz engine, but I highly recommend the paid version.


What strategies did you use to study?

Study, Study, Study - 

This goes without saying.  Unfortunately there are no short-cuts when it comes to studying.  As long as you have good study material, you should set aside at least one hour a night for 3-5 months.  Schedule yourself an ample amount of time before the exam.  It is important to not study too feverishly or else you will burn yourself out on the abundant amount of facts you will be trying to memorize.  It is also important to take a night off once in a while to drink a beer (if in fact that is what you are into).

Utilize What You Are Studying -
It is very beneficial if you have IT job that allows you to apply your new found knowledge.  Try and apply what you studied to your daily job routine.  For example, if you are studying access control, what access control mechanisms interact with on a daily basis.  Can these access controls be improved or refined? 

What are some good tactics when taking the test?


Use the Process of Elimination -
And use it well! I felt that many of the questions on the CISSP exam were very vague.  I felt that throughout the 80% of the exam I used the process of elimination.

Be Comfortable with the 10 Domains - 
I feel that if you can categorize an uncertain question into one of the 10 domains, you may have better incite when choosing an uncertain answer.  Just for reference, the 10 domains to know are:
  • Access Control
  • Telecommunications
  • Information Security Governance and Risk Managment
  • Software Development Security
  • Cryptography
  • Security Architecture and Design
  • Operation Security
  • Business Continuity and Disaster Recovery Planning
  • Legal, Regulations, Investigations and Compliance
For a more verbose list, click here.

Flag the Questions you Feel Doubtful On -
Now that the CISSP is computerized, it is quick and easy to flag a question for review.  I unfortunately flagged the first 100 questions or so.  Don't do this. It didn't help me.  Only flag the questions you feel very uncertain about.  But by all means, if you have extra time at the end of your exam, skim and review every question possible.

Time Management - 
When taking the exam, you have 6 hours to answer 250 questions.  After the first 100 questions you feel a little brain dead.  Find a way to pace yourself.  Don't spend too much time on one single question.  Flag it and move on, you may have a better grasp on the answer the second time through. 

Pre-Exam Preperations - 
Make sure that you get a solid 7-8 hours of rest the night before.  If possible try to warm your brain up with some practice questions before you start the test.  I didn't but it might help you.  Eat food with fiber and complex carbohydrates.  I prefer oatmeal.  Also, many people say that you shouldn't use cafiene do to the crash, but I dont listen to that because...

I LOVE COFFEE!!!


Conclusion 

The test is challenging, but not impossible by any means.  Many poeple never feel prepared enough going into the exam, but then again I don't think you are supposed to.  The test is very broad and sometimes theoretical.  If you spend a hearty amount of time studying and take some interest in what you are learning, most likely you will be fine. 

No comments:

Post a Comment