CISSP Journey

| Ağustos 10, 2021 |

I would like to share my experience, how to prepare CISSP exam in 30 days, and what are the books and resources I used. I passed this exam at the first time.

The CISSP certification is different than any other IT certifications in the industry and the reason is that the CISSP certification program is very very wide.

There are a lot of topics to cover and I really needed to rely on your previous work experiences, and because there are 8 domains and I had to have big hands-on experience at least on 3 or 4 of them. This means that there are going to be a lot of domains that might be challenging for me. That is why I had to have a proper CISSP exam studying plan and a timeline (one months for example).

I have a big chance in this journey, that is to have experience in different disciplines of security area like penetration test, network security, risk officier, security architecture and incident response in my professional carrier.

According to my experience I couldn’t find any shortcuts to pass the CISSP exam, however I define a strategy to pass the exam in a short dedicated time.

Study plan is the most important part of this journey. I made a mistake and I directly started to solve the sample questions and practice exams with a big self-confidence. After 3rd practice exam, I realised that I have to study the exam with a book, because I had issue on the topics like legal, standards, evidence types, security model names (I know them in theory, but not know their names), and software development cycle.

Then I decided to make a study plan and I started to read the full book of CISSP Study Guide by Eric Conrad (auteur), Seth Misenar (auteur), Joshua Feldman (auteur). Then I watched the all videos of CISSP training updated on May 1, 2021 at the Pluralsight training portal. Combination of these 2 study materials really helped me to prepare the CISSP exam. I want to share a quick hint that I took notes for important points and I read several times of my notes during all journey.

During the above studying, I solved each domain questions on the below question banks. I created trial account on O’reilly and I used Kaplan Learning platform via Pluralsight training. These question banks are more focusing to measure memorizing skills. For example; which cryptography algorithm is providing 128 bits blocks and adjustable key lengths between 128-256 bits and 16 rounds? The answer is Twofish. There was no question in real CISSP exam based on my experience but it was useful to learn the details of the technics. I would recommend to take a look at the below links at least one time.

Then I bought the 2 books that are official study guide and practice tests via amazon.nl Especially official practice tests book was very useful to prepare the real exam and to understand the approach of (ISC)2. The questions are more similar with real CISSP exam questions. This official books also are providing an online interactive learning environment via Sybex. I only needed to register my books to Wiley portal at the link. This online portal is including all questions in the book and also offering flashcards. In addition to this, it providing some nice features like only showing wrong answered questions or customizing practice exams etc.

The CISSP Exam grants a maximum of three hours to take the exam. If you run out of time before achieving a passing rank, you will automatically fail. The CISSP-CAT does not allow you to return to a previous question to change your answer. Your answer selection is final once you leave a question.

No matter how well I prepared, I was shocked with the CISSP actual questions I saw in the exam. So I would suggest you to practice on solving as much questions as you can (at least 1000 questions) to learn how to get the mentality of answering so many questions in less time (you get average of 1.2 minute per question) and how to master the art of eliminating the wrong choices. In my case, I believe I did 2000 to 3000 questions before taking the exam. Nonetheless I was surprised in the exam.

In the exam, all choices were correct based on the different situations but the questions were asking BEST, MOST valuable answer in the case explained at the beginning of the question. So to understand the case and your role in the case are really important. For example; the company is small or big, bank or government agency; your role is security administrator, CISO or senior manager. Also is there any thing about the cost/budget or not? The answer can be changed according to this.

  1. What is the MOST important goal and top priority of a security solution?
    A. Preventing disclosure
    B. Maintaining integrity
    C. Maintaining human safety
    D. Sustaining availability

The correct answer for this sample question is C because the human safety is always the first priority.

Tips and Tricks

  • Schedule your exam date, then you will have enough motivation to study this exam
  • Your goal should be to only answer 100 questions, but do not become discouraged if you have to answer more.
  • Once you answer a question, avoid losing focus on the next question by thinking about a previous answer. Answer the question, clear your mind, and move on.
  • Do not panic during the test. I did. Once I hit question 85 and realized I had maybe not enough time to solve the remaining questions (65 questions), I panicked. I told myself “it is over” but then I motivated again myself by thinking how how to study this exam. When I answered the question 100, the exam was over and I passed it.

I hope that this post will help you for your journey. If you have any question, please drop a comment under this post and I will reach out to you.



    Anın Sözü

    Takip etmesi daha kolay