What to expect in CISSP exam?

By

It’s the D-Day and you are nervous… Your heart is beating fast or you are extremely calm. You are just having nice thoughts or extremely petrified as to what will happen in the exam. Everyone faces unique challenges in preparing for the exam. Now that you have done the preparation and revision and are ready to face the beast; read on to find out what ammunition you need to slay this beast… 

Know Your Enemy

Much is available on blogs and ISC2 website detailing what will be the CISSP exam all about. You will have 250 questions to be answered in 6 hours. Many argue that CISSP is not that tough as people portray it. It's only who has experienced this exam can share the real challenges of this exam. 

So here are the real challenges which I faced:

Vastness – It is rightly said “CISSP is an inch deep and mile wide” exam. The enormity of the domains and the material associated with is huge. But hey, you have already prepared and are appearing for the exam. So why to talk about it now? The enormity creates a problem in mind sometimes. Remain calm. There is no substitute for going with a calm mind and coolly slaying the beast.

6 Long Hours – Let do a mathematical calculation here to explain to you that 6 long hours are not so long. 250 questions in 360 minutes. 1 question in 1.44 minutes. Sounds fun? If you take a break, say, 10 minutes (2 times), it becomes 1.36 minutes or just 96 seconds.

Nerves of Steel – You need to have nerves of steel as concentrating for 6 long hours is not a child’s play. The first 2-3 hours are tolerable, but after that, the fatigue starts creeping in. My simple advice – Don’t be harsh on yourself. Take breaks of even 5 minutes after regular intervals to come with a fresh mind again.

Cost – The CISSP exam costs around 599USD or around 39000 in INR. Spending this money for an exam is no joke, so there is always a pressure on you that in case you get killed yourself by this beast, the money goes down the drain. 

No Similarity to any Mock Exam – The questions in the real exam do not have even an iota of similarity to the practice exams available on any website or book(s). The play of words by ISC2 will surely trick you, so the trick is to understand what the question actually asks and which choice is the best one.

Take a break? Kit Kat? – Although you should take regular breaks, but remember, the time goes on. So don’t start having lunches or music breaks in there. Thinking long on the toilet seat can also cost you dearly. So best is to take small breaks…and munch a KitKat and come back. You can enjoy after you have cleared the exam.

Know your center – CISSP exam is scheduled at a Pearson Vue Center. It is recommended that you visit the center once before the exam to find out its real location. Don’t depend on Google Maps or something else. On the D-Day, this surely helps. Reach the center early. Don’t come crashing with papers flying around at the last moment begging them to allow you in the exam hall.

Party’s Started

So now you have given your palm prints and photograph and are sitting in front of the exam screen. What to do now? Read on to find out.

It’s a personal choice as to how you want to attempt this exam. I am sharing my exam strategy with you. The point I wish to make here is you should aim for attempting all the questions and flag and review it.

Some pointers before that:
1. There is no negative marking in this exam. So attempt all the questions.
2. If you have even an iota of doubt in your answer. FLAG IT. No extra cost in that!

So the strategy now:

Answer & Flag – Glance through every question as soon as possible and if you know it, answer it. If you have a doubt, flag it. Try to answer all the questions or just glancing it in around 120-150 minutes. Time is very important.

Review Flagged – You have finished viewing all the questions. Now it’s time to review all the flagged ones. Take your time and read it again and again. Try to understand the question and more importantly the choices presented to you. 
I found this activity extremely helpful as it helped me answer a lot of questions.

Review ALL – I know you are tired. But it’s time for that final blow. If you have time, review all of them. If you have a doubt even at the last moment, not to worry. Read it again and try to understand what made you think about this alternate choice.
Checking, double checking and triple checking your answers will help you to squeeze every mark you can out of the exam, and it could be one question that makes all the difference between a pass and a fail!

I highly recommend reading “Quick Tips for the CISSP exam” to help you better understand how to overcome the challenges listed above.

If you are still preparing for this exam, read “How to pass the CISSP exam in First Attempt”.

Remember, it’s a difficult exam no matter whatever people say and hence staying focused and calm will be the key to slaying this beast and come out victorious.

Would love to hear your experiences in the comment(s) section below. Sharing is Caring :)

If you like this blog, please share and subscribe for more updates.

Comments

Post a Comment

You may also like to read...

Identification, Authentication, Authorization, and Accountability

By
Image
The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many confuse or consider that identification and authentication are the same, while some forget or give the least importance to auditing. These are four distinct concepts and must be understood as such. Identification Whenever you log in to most of the websites, you submit a username. In case you create an account, you are asked to choose a username which identifies you. This username which you provide during login is “Identification”. It is simply a way of claiming your identity. From an information security point of view, identification describes a method where you claim whom you are. If you notice, you share your username with anyone. Your email id is a form of identification and you share this identification with everyone to receive emails. This means that identification is a public form of information. Authentication So now you have entered you
Continue Reading...

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

By
Image
Identity and Access Management is an extremely vital part of information security. An access control model is a framework which helps to manage the identity and the access management in the organization. There are 5 main types of access control models: discretionary, rule-based, role-based, attribute-based and mandatory access control model. Every model uses different methods to control how subjects access objects. While one may focus on rules, the other focus on roles of the subject. As a security professional, we must know all about these different access control models. While one company may choose to implement one of these models depending on their culture, there is no rule book which says that you cannot implement multiple models in your organization. These models are built into the core or the kernel of the different operating systems and possibly their supporting applications. Every operating system has a security kernel that enforces a reference monitor concept, whi
Continue Reading...

How to Pass SSCP Exam in the First Attempt

By
Image
Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2 . When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.  Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP? You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are
Continue Reading...

Understanding Security Modes - Dedicated , System high, Compartmented , Multilevel

By
Image
Imagine a system that processes information. This information is classified in nature. When we say, its classified, it means that the information has been labeled according to the data classification scheme finalized by the organization. This scheme can be company specific, such as public, internal and confidential or military/government specific such as Confidential, Top Secret, Secret, Public. As a general user or a security professional, you would want that proper controls to be implemented and the system to be secure that processes such information. Imagine a scenario where such a malicious user tries to access this information. What clearance must this person have? Will he/she have access to all classified levels? Hey!!, stop imagining. Let’s discuss something else now. Hold on, I know, I had asked you to imagine the scenario above. But answers to all your questions would follow, so keep on reading further. We need to learn and understand a few terms before we are ready
Continue Reading...

Cloud Computing - The Logical Model

By
Image
At a high level, both cloud and traditional computing adhere to a logical model that helps identify different layers based on functionality.  The four layers are : Infrastructure: The core components of a computing system: compute, network, and storage.The foundation that everything else is built on. The moving parts. Metastructure: The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration. Infostructure: The data and information. Content in a database, file storage, etc. Applistructure: The applications deployed in the cloud and the underlying application services used to build them. For example, Platform as a Service features like message queues, artificial intelligence analysis, or notification services. The security at different levels is mapped to the different layers. The application security is managed at the applistructure layer while the data sec
Continue Reading...