The CISSP CAT Exam Experience

By

I wrote a blog post in the month of December where I detailed about the new CISSP CAT format being launched by the (ISC)2. The post gave details about the new exam – what would it be all about, what does the new exam mean for you and important points to consider. Well, since I had passed the exam way back in July, there was no way, I would decide to sit for this difficult exam again. Luckily, few of my friends gave the CISSP CAT exam and passed it, so I spoke to them to understand their experience with this new exam format and decided to write about it. So here it goes…

The Study Material

The first question that comes to everyone’s mind is – Do I need to look for a new study material since the exam format has changed. The answer is NO. The CISSP study material remains the same. My friends referred to the following material, but this is not an exhaustive list in any way. My recommendation would be to stick to one particular book and get to know every word and line of it. It is extremely important to understand the concepts rather than focus on gathering 50 different books or videos and getting confused in the end.


Choose whatever suits you best in terms of understanding, writing style.

The Preparation

The new format does not bring any changes to the preparation for this exam from a course material or study perspective. You would have to read, understand and revisit every concept of information security. Yes, the new format may affect some candidates mentally. Study well and take time and learn at your own pace. One of my friends took around six months to prepare for this exam, while the other one just gave it a shot within 5 weeks. So take your time as everyone is different.

Revise every concept again and again. We generally tend to focus on concepts which we are comfortable with. Remember, CISSP has 8 domains and you cannot be an expert in all of them. So make the strong concepts stronger and the weaker ones as strongest. Another piece of advice during preparation is to practice as many questions as you can. Well, you will never be able to get the same difficulty level quotient as the real exam, however, the practice tests, as well as the mock exam, will help give direction to your grey cells to understand as to how could a concept be questioned.

The Exam Time

The formalities remain the same as the previous exam format. You can refer the details in the blog post “Quick tips for the CISSP exam”. Let’s focus on the exam experience. All of the people to whom I spoke to assured me that the exam is a difficult one. The difficulty level has not been compromised with. When you sit in front of the computer screen, you are presented with an NDA which you need to sign within the next 5 minutes. Failure to sign the NDA will result in the cancellation of the exam. Noticeably, there are a few changes – the timer for the exam now shows 180 minutes instead of 360 minutes. Some of you may really feel disappointed that the “Review” & “Review & Flag” options have died in this shift which has occurred.
There is no option to go back and hence you would need a strategy change. Most of them followed a simple strategy – Focus on getting the answers right early in the exam. This is because your estimated ability is shaped significantly by early questions. If you perform poorly on initial questions, your estimated ability will drop below the passing threshold. When that happens, it will be difficult for you to raise your estimated ability above a passing level.

So even if you spend an extra minute early in the exam and get your answer right, you would be able to gain an extra edge early in the exam and it would be worth the time spent. There are 180 minutes and say 100 questions, so you need around 1.8 minutes for each question. So plan accordingly.

You may find it strange, but all my friends ended with a different number of questions in the exam. You will be presented with a maximum of 150 questions and a minimum of 100 questions. Some of them received 112 questions while another one’s ended with a century. Irrespective of the number of questions you receive, there will be 25 questions which will not be graded. You will find all types of questions in the exam – drag and drop type, multiple choice, scenario-based, so be ready for all.
As per Infosec Institute, to receive a pass/fail result, the candidate must answer a minimum of 75 scored questions and a maximum of 125 scored questions. You will get a score the moment you finish the exam.

I’m tired and I need a break, Oh yes! you can. You will be able to take a break whenever you want during the exam, however, the timer will continue its run. 
Well, if it’s your first time for the exam and you are stressed out, you may like to read “How to pass the CISSP exam in first attempt”.

Final thoughts.
  1. Never lose hope. Everyone finds the exam difficult. You may find it too. But that does not mean, you will lose hope and falter wondering whether you would be able to clear it or not.
  2. Read the questions as well as the choices very carefully. Either the question is extremely difficult or the choices are.
  3. Calm yourself by taking a break if you feel things are out of hand. Take a deep breath and go back.
  4. No one is sure about the result. I have spoken to so many of the test takers. Not even a single one claimed that he was 100% sure that he/she would pass the exam. So fight it out, give it your best and leave it to luck too.
  5. Even though you may find the choices to be inappropriate to the question asked, pick the best choice. 
Finally, all the best for the future exam takers. Hope this post helped. If you have given the exam recently, do post your comments to make this post an experience repository in itself.

If you really like the post, do share it as sharing is caring :)

Comments

  1. UnknownFebruary 17, 2018 at 10:47 PM

    Hi, Can you please suggest best CISSP question bank... Again I am not expecting exam dump... But realistic practice questions answers

    Thanks

    ReplyDelete
  2. Mayur PahwaFebruary 19, 2018 at 6:26 PM

    Hi Vinay, honestly speaking, there is no mock or practice exam available in the market which has the same difficulty quotient as the real exam.

    Still, I would suggest trying Sybex Practice Questions. They will surely help you.Practice as many as you can.

    ReplyDelete
  3. David YoungJuly 27, 2018 at 5:02 PM

    Wow, thank you for this article.It is Very useful and increase my knowledge about certification it help me to Learn More About exam dumps candidates Like me Can prepare Easily with the Help of your Article.

    ReplyDelete
  4. David YoungJuly 27, 2018 at 5:03 PM


    Wow, thank you for this article.It is Very useful and increase my knowledge about This certification help me to Learn More About exam dumps candidates Like me Can prepare Easily with the Help of your Article.

    ReplyDelete
  5. Mayur PahwaAugust 18, 2018 at 11:21 AM

    Thank you for your kind words David.

    ReplyDelete
  6. Aliza johnzJanuary 4, 2019 at 12:38 PM

    awesome source of information

    ReplyDelete
  7. Shane LowneyMay 27, 2019 at 2:26 PM

    You can ask more questions about CISSP Cat exam from students and experts teachers at Q&A. This is the best platform for students to collect more information.

    ReplyDelete
  8. DavidMay 29, 2019 at 11:31 AM

    Thanks, for sharing this post with us.

    ReplyDelete

Post a Comment

You may also like to read...

Identification, Authentication, Authorization, and Accountability

By
Image
The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many confuse or consider that identification and authentication are the same, while some forget or give the least importance to auditing. These are four distinct concepts and must be understood as such. Identification Whenever you log in to most of the websites, you submit a username. In case you create an account, you are asked to choose a username which identifies you. This username which you provide during login is “Identification”. It is simply a way of claiming your identity. From an information security point of view, identification describes a method where you claim whom you are. If you notice, you share your username with anyone. Your email id is a form of identification and you share this identification with everyone to receive emails. This means that identification is a public form of information. Authentication So now you have entered you
Continue Reading...

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

By
Image
Identity and Access Management is an extremely vital part of information security. An access control model is a framework which helps to manage the identity and the access management in the organization. There are 5 main types of access control models: discretionary, rule-based, role-based, attribute-based and mandatory access control model. Every model uses different methods to control how subjects access objects. While one may focus on rules, the other focus on roles of the subject. As a security professional, we must know all about these different access control models. While one company may choose to implement one of these models depending on their culture, there is no rule book which says that you cannot implement multiple models in your organization. These models are built into the core or the kernel of the different operating systems and possibly their supporting applications. Every operating system has a security kernel that enforces a reference monitor concept, whi
Continue Reading...

How to Pass SSCP Exam in the First Attempt

By
Image
Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2 . When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.  Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP? You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are
Continue Reading...

Understanding Security Modes - Dedicated , System high, Compartmented , Multilevel

By
Image
Imagine a system that processes information. This information is classified in nature. When we say, its classified, it means that the information has been labeled according to the data classification scheme finalized by the organization. This scheme can be company specific, such as public, internal and confidential or military/government specific such as Confidential, Top Secret, Secret, Public. As a general user or a security professional, you would want that proper controls to be implemented and the system to be secure that processes such information. Imagine a scenario where such a malicious user tries to access this information. What clearance must this person have? Will he/she have access to all classified levels? Hey!!, stop imagining. Let’s discuss something else now. Hold on, I know, I had asked you to imagine the scenario above. But answers to all your questions would follow, so keep on reading further. We need to learn and understand a few terms before we are ready
Continue Reading...

Cloud Computing - The Logical Model

By
Image
At a high level, both cloud and traditional computing adhere to a logical model that helps identify different layers based on functionality.  The four layers are : Infrastructure: The core components of a computing system: compute, network, and storage.The foundation that everything else is built on. The moving parts. Metastructure: The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration. Infostructure: The data and information. Content in a database, file storage, etc. Applistructure: The applications deployed in the cloud and the underlying application services used to build them. For example, Platform as a Service features like message queues, artificial intelligence analysis, or notification services. The security at different levels is mapped to the different layers. The application security is managed at the applistructure layer while the data sec
Continue Reading...