CISSP First Attempt Preparation and Afterthoughts
Preparation
There are 8 domains that the CISSP tests on:
- security and risk management
- asset security
- security architecture and engineering
- communication and network security
- identity and access management
- security assessment and testing
- security operations
- software development security"
Favorite way to study is use study mode and go through practice exams (Boson) and make my best guess at the right answer and then check if im right and if not I read the description as to why. I go through every single question that way and it takes a while but it helps reassuring myself especially when or if I was not confident in my guess.
Since there are so many questions it helped to do this multiple times and then shuffle the questions so I could make sure I wasn’t just memorizing answers in order.
Then since the test requires a 700/1000 to pass I went through then without checking my answers and stopped myself at various points like 130/140/150/160 marks and graded how I performed to see how I was doing. I had to scale the “passing score” to how many I would need right to pass since the practice test grades out of 175 regardless of how many you answer, even though it was likely I was not going to have all 175 questions in the actual exam. I needed about a 123 to “pass” and I thought if I could score that by answering several sets of practice tests at various lengths I would feel pretty confident in my ability to perform well on the day of my real test.
It provided a solid baseline for me to understand how I was doing in comparison to taking the full exams as well as insight into which categories I could use more review on since I know roughly how many are in each category from my initial full runs of the practice tests.
I also will/did use exams C and D when stopping myself to ensure the tests would be the first time I see that set of questions. Each practice exam has the option for randomization, however I did not choose to use this function.
Afterthoughts
I did not obtain a passing score this time around, which was a bit of a bummer. I definitely believe I would have performed better with more time to prepare. Lots of major life events occurred for me the past year making it difficult to dedicate the time to study. Also, taking it about a week and a half after taking the CompTIA Sec+ had both positive and negative affects. For that test I did about two to three weeks of intensive studying, reviews, and practice tests and did so only for that exam, which sadly meant I had significantly less time to apply a similar studying methodology to the CISSP. Unfortunately, with the voucher I had and when it expired, today (1.13.23) was the only date available this month for me to be able to take it without paying full price. But on a positive note, I think I got really good understanding of how to do better next time after having taken it the first time. I think I would like to try again later this year, perhaps late summer, early fall.
Some of the things I struggled with was how they do the scoring of the test. There was no opportunity to flag questions to come back to or return to a question once it was answered. I understand since the exam doesn’t have a “set” amount of questions and everyone might have a different number depending on how they answered the previous questions. I am pretty proud of how I did despite not passing. I was about 3/4 of the way through the 175 questions at about 130 before my exam stopped to inform me I did not pass. Given that there are 175 questions, 123 correct would constitute the “700” score needed to pass, which means if you got all questions, you could get AT MOST 52 incorrect responses. Since I got stopped early and did not pass it is safe to assume I answered 53 incorrectly which would eliminate the possibility of me passing even if all 175 questions were presented to me. This would mean I still got about 77 questions correct. Which for a first attempt, with not a lot of study/practice time, I am pretty proud of my ability to answer more questions right then wrong despite not passing. Upon completion, they gave me a printout stating I did not meet the passing score minimum as well as a breakdown of how I performed in each of the knowledge domains. Unfortunately, it does not say how many questions I was given in each domain so far nor how many I got (in)correct of the ones I was given. I think that would have been a nice metric to be included to really understand the breakdown of your performance.