General security

8 Tips for CISSP Exam Success

Claudio Dodt
October 26, 2017 by
Claudio Dodt

CISSP certification is one of the most desired information security credentials, and for good reason. With an exam length of 250 questions, a six-hour testing window and a variety of topics spanning the eight domains of the CISSP Common Body of Knowledge (CBK), the CISSP exam is one of the most challenging certifications to secure. Combined with a five-year work experience requirement, a CISSP certification proves to employers you can design, engineer, implement and run an information security program. This certification is a rite of passage for infosec professionals, and can be a true career game changer.

While challenging, you can achieve CISSP certification with the right preparation and effort. Here are eight tips to help you prepare for your CISSP exam.

  1. Get to Know Your Exam

This may sound overly simple, but your first step to success is knowing the challenge you are going to face. The (ISC)2 website will help you find basic information on the CISSP certification exam. It will also provide links to a lot of useful information, such as official training providers, exam topics, practice tests and study material.

The (ISC)2 official exam guide contains essential details such as an overview of the certification and the exam, including its prerequisites, how many and what type of questions you are about to face, time allotted for examination and the passing mark.

It also provides detailed information on the topics covered in the examination, including the percentage of questions dedicated to each subject. This helps a lot, especially in constructing your study plan.

  1. Create Your Own Custom Study Plan
  2. The CISSP’s CBK spans eight domains covering a variety of different subject areas. You must make sure you have enough time to go through the entire CBK at least once; this includes not only studying, but also completing mock exams, visiting online forums and spending extra time reviewing areas that need improvement.

    Without adequate planning, your chance of success will drop. Creating a study plan that fits your personal needs is essential; even a simple to-do list can help a lot. For your custom study plan, you should consider factors such as:

    • How soon do you intend to take the examination? Create an account on the Pearson VUE website to find a time and location that works for you.
    • How much time can you devote to your study efforts? If you are already working, or have other commitments, make sure you can dedicate sufficient time to the basics, such as covering all exam topics, taking practice tests and reviewing exam simulations.
    • How much can you spend on preparation material and training courses? Look for official, certified study materials and training to make sure you have a thorough understanding of each topic covered in the exam. A great option is getting the official pre-study book and reading it early on; this will create a solid basis for further skill development using your choice of training methodology.
    • What training method best suits you? Some people prefer self-learning, while others think there is no substitute for the classroom. Other candidates find online training helps them study on-the-go, at any time. Use your past learning experiences to help you pick the method to help you prepare best.
    • How well acquainted are you already with the exam subjects? Even very experienced professionals, with good knowledge about the certification subject, can have a hard time during the examination. Your personal experience can save you some studying time, but you should take into consideration factors such as the exam length and question logic. Relying too much on experience alone is a poor strategy that will likely lead to bad results.

    1. Get Involved In an Exam Prep Course
    2. Deciding to use a self-study-only approach may seem like a bold decision, but it may not be the best strategy. It is important to understand achieving exam success requires in-depth knowledge of several different subjects, even for entry level certs. The definitions and understanding of some of these topics may vary, depending on the point of view of whatever certification body was responsible for developing the exam. In practice, this means even if you have firsthand knowledge, some of it may not apply since the certification body’s view may be quite different from the tasks professionals are used to doing in the field.

      Going through a certification preparation course lets candidates spend some time with an experienced instructor, with actual knowledge on how to beat the exam. It is an excellent opportunity to get all your questions answered, share experiences and strategies, and even network if it is in-person training. This results in a greater success rate on any certification exam.

      1. Take Practice Exams
      2. No CISSP candidate should approach the exam without the help of practice questions. The CISSP exam contains 250 questions that must be answered in six hours, or just 1.44 minutes per question! This means you must be at your best, not only in terms of knowledge of the CBK, but also in terms of time management and stress control.

        Many online question databases are intended to be a “carbon copy” of the CISSP exam, promising to reduce exam difficulty through question memorization. Unless you are blessed with an eidetic memory, the CISSP exam covers too much information for simple memorization. And with new questions added every year, it’s unlikely the database includes all possible exam scenarios. The best approach is to use mock exams to identify your strengths and weaknesses, and then direct your study efforts accordingly. Also, every candidate should try a full-length simulation at least a few times before attempting the exam (meaning 250 questions total, spanning topics from the eight CISSP domains).

        When selecting your question database provider, official CISSP-prep materials from (ISC)2 are a good place to start. Another option is InfoSec Institute’s practice test service, SkillSet.

        As for practice exam test results, do not be discouraged. Unless you are an experienced test taker, it is quite common for things to go sour during the first round of questions, especially if you are not done with your reading and certification prep course. Take your time to study and use every resource available to clarify any doubts. By the end of your study plan, you will see consistent results in practice exams.

        1. Join the Online Community
        2. Since the CISSP is one of the most desired information security certifications, it has spawned a lively and strong online community. A simple Google search can find several forums, wikis and personal websites where both candidates and certified professionals share their experiences.

          As usual, it is important to verify the credibility of any source you are using, including your chosen CISSP online community. For instance, if you are looking for a formal definition of a concept that is covered in the exam, the best approach is using official material, e.g., books, guidelines and other official publications. But, if you are looking for general advice, posting your question to an online forum such as reddit or TechExams can be quite helpful.

          Many candidates visit online forums and search for “CISSP success.” This can serve as both preparation and motivation for the upcoming exam. If you are feeling confident, searching “CISSP failure” posts may also give you some important advice, as learning from the mistakes of others is way less painful than from your own.

          A word of advice: Unless you have time to help others, stay away from toxic people and posts. Many unfortunate exam takers go online to vent their frustration and this can be discouraging.

          1. Have an Exam-Day Preparation Plan
          2. Finally, the big day is about to happen. Your primary focus should be on not exhausting yourself and being at your best during the exam.

            A few things to remember:

            • Is your exam kit ready? Check the Pearson VUE website to make sure you have everything you need for the day of your CISSP exam. This may sound silly, but some candidates fail to even attend the test for not fulfilling basic requirements like adequate identification. Make sure you check the exam guide to see what is required. You may also want to call to your test center to verify you understand the requirements.
            • Are you calm and well rested? Believe me, this tip may be as important as any regarding your study plan. Many candidates fail because of physical and mental exhaustion. Staying up late doing a final round of study may sound tempting, but last-minute reading is usually not a good thing, and may even leave you anxious. If you think it is important to do a final review, do a selective reading instead. Also, do not focus solely on weaknesses. If you have not mastered a specific topic until now, you may prefer to focus on enhancing the areas where you’re good. A great tool for selective reading is using summaries or glossaries, which have lots of important information, some of which you may have missed during your study sessions. As for the physical side, ingesting (even small amounts) of alcoholic beverages is a really bad idea. If your exam is during the morning, having a balanced breakfast and drinking plenty of water is a very helpful way to make sure you are at your best. If it is during the afternoon, eat a light lunch.
            • Did you make the necessary arrangements to be on time at the test site? Many certifications have a strict time table. Candidates may not be admitted to the site if they are late. If you are using public transportation, double check the best routes; if you are driving to the exam site, make sure to know where to park beforehand.

            1. Clear Your Mind
            2. That’s it, your time to shine has arrived! Take a deep breath and remember that you put in the time and are prepared to succeed.

              Here are some last-minute tips:

              • Be aware of time. During the exam, you may reach a high level of concentration I like to call “the zone.” This means a greater focus, which is good for problem solving, but can cause you to lose track of time. What may seem like seconds can be precious minutes; hours tend to pass at a very fast rate, so make sure you have time to go through every question on the exam and complete answer key forms if required.
              • Take your time reading the questions. Even with limited time, it is important not to rush. Take your time, pay attention to each question and answer option and make sure you understand what is being asked. Watch for distractors (options that are obviously false) in multiple-choice questions that can be quickly eliminated. It is also important to pay close attention to terms such as MOST, LEAST, NOT, ALL, NEVER and ALWAYS, since they can entirely change a sentence. Remember, questions that ask you to pick the “best answer” may have more than one correct option. You must be able to understand and select the most suitable answer for the given situation. This is yet another reason why I emphasize using the official question database of practice exams whenever possible.
              • Try to relax. Remember to stretch and relax your muscles during the exam. A relaxed mind can help you solve difficult questions.
              • Remember, there is no reason to panic. Remaining calm will improve your concentration. If you followed your study plan correctly, your results will likely be great; if not, you will have a lot more experience during the next try!

              1. Submit Your Endorsement & Keep Learning
              2. You will find out if you passed your CISSP immediately after completing the exam. If you pass, your next step is to complete the (ISC)2 endorsement process. This must be completed within nine months following your certification.

                In the end, it is important to understand that even if you were not successful on your first try, you have learned from your efforts, and your skills and knowledge have advanced to a higher level. That is quite an accomplishment in itself. You can use this as motivation for trying again with a greater chance of success.

                Also, if you are willing, this would be a good time to share your story with peers to give something back to the community.

                Looking for a great CISSP course? Fill out the form below for pricing details.

                What should you learn next?

                What should you learn next?

                From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

                A Final Word

                All in all, the CISSP is a top-level certification that requires adequate experience and commitment. But with a solid plan, quality resources and dedication to exam preparation, any candidate has a good chance for success.

                Claudio Dodt
                Claudio Dodt

                Cláudio Dodt is an Information Security Evangelist, consultant, trainer, speaker and blogger. He has more than ten years worth of experience working with Information Security, IT Service Management, IT Corporate Governance and Risk Management.