How to Pass the CISSP Exam in First Attempt

By


You may read multiple posts on various blogs and websites where you are given tips as to how to pass the exam in the first go, refer to which books, and solve which questions. In this blog post, I’m not going to bombard you with those details. Instead, I’m going to share my journey and experience from preparing to passing the CISSP exam on the first attempt.
What is CISSP?

CISSP stands for Certified Information Systems Security Professional. Congratulations and all the very best to you, if you have decided to opt for the Gold Standard Certification. The exam is offered by ISC2 and contains around 250 questions. You have to book an appointment for the CISSP exam through the ISC2 website where you are then redirected to a Pearson Vue website when you register for the exam. The exam costs around 599 USD.

Phase 1: Deciding

It is very important for you to finalize which certification you want to do. Try to research the pros and cons of a certification. Do not just start preparing for a particular certification only because the entire world told you to do so. Instead look at your work profile, your strengths, weaknesses, and most importantly your interest in the field.

I had cleared the SSCP exam offered by ISC2 in 2014 and hence CISSP was a natural progression for me. I have been working in the field of information security for the past 5 years with an experience in most of the domains of CISSP.
Once you have decided to go for the CISSP exam, it is very important to be focused on your study.

Phase 2: Preparation

There are multiple books available for preparing for the exam. Irrespective of the book you choose to study, keep 1 book as your primary source of study. The most important point to focus on during preparation is to make your concepts clear. Do not just learn the various definitions without understanding the basics of the concept.

Remember you will not be tested on your cramming abilities in this exam. The exam is structured in such a way that only your basics and clear concepts will come to your rescue for a confusing question.
I prepared from Shon Harris, AIO Guide, 6th edition. Some of you may say that this is an old edition and the domains have changed from 10 to 8. However, I can assure you that even the sixth edition will cover 90% of the course. The remaining 10% was covered by referring to the ISC2 Sybex CISSP guide.

I also read the CISSP CBK, 4th edition.
The preparation part of the exam should not be given more than 2 weeks of time. However, if you are not confident, take more time.

Phase 3: Revision & Practice Tests

Revision, Revision, and only revision is the key to passing this exam. If you have allotted 8-9 weeks of study for the CISSP exam like I did, you must spend 6-7 weeks only doing the revision. There is a way to revise for this exam.

You will not gain anything if you just read every chapter every day and feel confident that you have prepared for the exam. Instead, follow this way: Read and understand a chapter. Learn some points if you have to. Now solve the practice questions given at the end of the chapter of any book you are referring to. This will help you gauge your current level of understanding of the concepts.

Now after completing the test, study the chapter again. Now try to do as many questions for this chapter. The more questions you do, the more your concepts become clear and you feel more confident.


I did not refer to CCCure or Skillset as advised by many.
In my opinion, there is a lot of material available free of cost on the Internet which you can refer to and easily pass the exam. I also referred to the videos offered by Cybrary.

Phase 4: Polish yourself

You feel confident after solving the questions and reading the concepts; wait; don’t feel overconfident now. It is perfectly natural for us to solve the questions after we read a particular concept.
It is important to understand that a question in the CISSP exam is made of multiple concepts from different domains. Hence doing mock 250-question exam tests will help you to prepare accordingly.
Revise the concepts which you still feel are weak at this phase.

Phase 5: One day before the exam

Relax and enjoy this day. You have worked hard. I watched a movie on this day. It is important that you relax your mind. Do not take any stress of any kind for this exam.
Now it’s time for you to give the exam. All the very best and God bless.

Do share your experiences and suggestions in the comment(s) section below.

Comments

  1. AnonymousJune 12, 2019 at 3:11 PM

    Hi

    Update it relevant to todays syllabus

    ReplyDelete
  2. Mayur PahwaJune 12, 2019 at 8:47 PM

    Hi ,

    You may like to refer to the updated version too - The CISSP CAT experience.
    Link - https://www.mayurpahwa.com/2018/02/the-cissp-cat-exam-experience.html

    ReplyDelete

Post a Comment

You may also like to read...

Identification, Authentication, Authorization, and Accountability

By
Image
The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many confuse or consider that identification and authentication are the same, while some forget or give the least importance to auditing. These are four distinct concepts and must be understood as such. Identification Whenever you log in to most of the websites, you submit a username. In case you create an account, you are asked to choose a username which identifies you. This username which you provide during login is “Identification”. It is simply a way of claiming your identity. From an information security point of view, identification describes a method where you claim whom you are. If you notice, you share your username with anyone. Your email id is a form of identification and you share this identification with everyone to receive emails. This means that identification is a public form of information. Authentication So now you have entered you
Continue Reading...

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

By
Image
Identity and Access Management is an extremely vital part of information security. An access control model is a framework which helps to manage the identity and the access management in the organization. There are 5 main types of access control models: discretionary, rule-based, role-based, attribute-based and mandatory access control model. Every model uses different methods to control how subjects access objects. While one may focus on rules, the other focus on roles of the subject. As a security professional, we must know all about these different access control models. While one company may choose to implement one of these models depending on their culture, there is no rule book which says that you cannot implement multiple models in your organization. These models are built into the core or the kernel of the different operating systems and possibly their supporting applications. Every operating system has a security kernel that enforces a reference monitor concept, whi
Continue Reading...

How to Pass SSCP Exam in the First Attempt

By
Image
Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2 . When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.  Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP? You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are
Continue Reading...

Understanding Security Modes - Dedicated , System high, Compartmented , Multilevel

By
Image
Imagine a system that processes information. This information is classified in nature. When we say, its classified, it means that the information has been labeled according to the data classification scheme finalized by the organization. This scheme can be company specific, such as public, internal and confidential or military/government specific such as Confidential, Top Secret, Secret, Public. As a general user or a security professional, you would want that proper controls to be implemented and the system to be secure that processes such information. Imagine a scenario where such a malicious user tries to access this information. What clearance must this person have? Will he/she have access to all classified levels? Hey!!, stop imagining. Let’s discuss something else now. Hold on, I know, I had asked you to imagine the scenario above. But answers to all your questions would follow, so keep on reading further. We need to learn and understand a few terms before we are ready
Continue Reading...

Cloud Computing - The Logical Model

By
Image
At a high level, both cloud and traditional computing adhere to a logical model that helps identify different layers based on functionality.  The four layers are : Infrastructure: The core components of a computing system: compute, network, and storage.The foundation that everything else is built on. The moving parts. Metastructure: The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration. Infostructure: The data and information. Content in a database, file storage, etc. Applistructure: The applications deployed in the cloud and the underlying application services used to build them. For example, Platform as a Service features like message queues, artificial intelligence analysis, or notification services. The security at different levels is mapped to the different layers. The application security is managed at the applistructure layer while the data sec
Continue Reading...