Top 10 Tips For Preparing and Passing the CISSP Exam

Insights, tips and tricks from a CISSP for putting your best foot forward when you sit this
grueling, six-hour security theory exam.

7/20/2005 -- The Certified Information Systems Security Professional (CISSP)

certification from The International Information Systems Security Certification
Consortium [(ISC)2] is arguably the most sought-after and widely accepted certification
in the information security industry. It’s become established as the standard baseline for
demonstrating knowledge and proving expertise in this sphere.

Compared with most other technical certification exams, the CISSP exam is quite long.
Passing the test requires not only the prerequisite knowledge to answer the questions
correctly, but the stamina and mental fortitude to get through the six-hour, 250-question
paper-based exam. For an information security professional, preparing for the CISSP
exam is a little bit like a runner preparing to race in a marathon.

Don’t fret, though. It can be done. There are plenty of CISSPs out there in the world as
proof that you can pass the exam. Here are 10 tips I recommend to prepare for this
challenge and give yourself the best possible chance of success.

Tip #1: Hands-On Experience

One of the requirements for being awarded the CISSP certification is a certain amount of
time in the industry and hands-on experience: three to four years of full-time work,
depending on your educational background. Even if it wasn’t a requirement, hands-on
experience is a valuable means of learning about computer security.

Note: If you don’t have three to four years of experience, that doesn’t mean you can’t sit
the CISSP exam. (ISC)2 will allow those who pass the exam without meeting the
experience requirements to become Associates of (ISC)2, and then award them the
CISSP title after the experience requirement has been met.

Many people simply learn and retain information better when they actually do it instead
of just reading about it. You can listen to seminars and read books about various aspects
of information security, but until you do it yourself and experience it firsthand, it’s just
theory. In most cases, nothing teaches faster than actually doing it and learning from your
own mistakes.

Another way to get hands-on experience, especially in areas you’re not currently focused
on at work, is to set up your own mini lab. Use old or virtual computers to experiment
with different operating systems and security configurations.

Tip #2: Begin Studying in Advance

The CISSP certification demonstrates that you know a little bit about a lot of different
information security topics. Even if you work in the information security industry, odds
are that you don’t focus on all 10 core bodies of knowledge (CBKs), or subject matter
areas covered by the CISSP, on a day-to-day basis. You may be expert in one or two
areas, and very familiar with a handful more, but there are probably at least one or two
CBKs that you’ll almost have to teach yourself from scratch to pass the examination.

Don’t expect to start studying the week before your exam and think you can pick up
enough about subjects you’re not familiar with to pass. The scope of the information
covered is huge, which you’ll need to study and learn over a long period of time, so don't
expect to just cram the night before. I suggest you start studying at least three months
before your exam date and draw up a schedule for yourself to ensure you dedicate at least
an hour or two a day studying. It’s not unheard of for CISSP candidates to begin
preparing six to nine months out.

Tip #3: Use a Study Guide, if Not More Than One

There are a number of excellent books you can use to help you prepare for and pass the
CISSP exam. Study guides and exam preparation books can help boil down the mass
amounts of information and assist you in keying in on the critical components you need
to remember to pass the exam.

The sheer volume of information covered in the exam makes it difficult, if not
impossible, to learn about everything in depth. Rather than trying to learn in a vacuum, so
to speak, and not knowing which components of a given subject area are truly important,
checking out some CISSP exam guides can help you key in on the specific information
within the CBKs that matters most for passing the exam.

CISSP preparation books will certainly not make you an expert in subjects you’re not
already an expert in. But, for the subject areas you know little or nothing about, a CISSP
book, such as the “CISSP All-In-One Exam Guide” by Shon Harris, provides you clues
and guidance about what the important information from those subjects is when it comes
to passing the exam.

Tip #4: Make Use of Free Resources

When the economy dips and budgets get tightened, one of the first things to go from
corporate spending is training. There are plenty of courses, boot camps and cram sessions
that promise to prepare you for the CISSP exam, but they are exceptionally expensive. As
much as possible, for your own benefit, you should look for resources that are free.

Experience is an excellent teacher, but it doesn’t always have to be your own personal
experience. By joining online forums, mailing lists or local user groups, you can associate
with others working in information security and learn from their mistakes and examples.
Exchanging stories, issues and solutions among your peers will provide you with
invaluable real-world scenarios to learn from rather than just theoretical book knowledge.
Check out the many CISSP study groups on the Web, or look to join a local one with
other candidates in your area.
Search online and you can find various study guides and practice exams or articles (such
as this one) available for free. Here’s some links to get you started:

• SearchSecurity.com’s “Security School: Training for CISSP Certification”

Webcast training series by Shon Harris
• Free study guides straight from the source -- (ISC)2.
• CCCure.org
• About.com’s Web page on the (ISC)2 CISSP certification.

Tip #5: Practice Makes Perfect

Even if you’re confident that you have sufficient knowledge across all 10 areas of subject
matter to pass the exam, you should take some sample or practice exams before you go
take the real test. Practice exams will enable you to assess your knowledge and also
prepare you for the types of questions you might see so you aren't caught off-guard on
test day.

Many of the study guides and CISSP preparation books come with a CD containing a
practice exam or some sort of practice test. You can also get practice questions from each
of the ten CBKs in the Web cast training sessions mentioned above. Longer practice
exams that mimic the CISSP in terms of length and scope are available from some
providers, like Boson and Transcender. Also stop by CCCure.org and check out its online
quiz engine.

Tip #6: Read Carefully

When you first start the exam, you might be excited just to find out you actually
understand the questions. The terms used and information covered may seem to be
exactly what you’ve prepared for, and you could become a tad cocky or be lulled into a
false sense of security.

No matter how familiar the information may seem or how easy the questions sound at
first glance, it’s imperative you take a deep breath, slow down just a bit and make sure
you read every word of every question to make sure you’re answering the question being
asked.

Test writers like to use double-negatives or slide words in to change the meaning of the
question. Missing the word "not" in a sentence can be catastrophic.

Tip #7: Watch the Clock

Time management is essential for the CISSP. You have six hours to complete the CISSP
exam, which might seem like an eternity to take one test. It’s not.

Do the math: With 250 questions, you have less than 90 seconds per question in that six-
hour time span. If you spend five minutes pondering one question, you need to answer
three other questions in under 20 seconds to stay on track to finish within the allotted
time. And you still have to read each question carefully, as pointed out in the previous
tip; keep your eye on the clock as well to make sure you’re making sufficient progress to
finish on time.

You should be able to answer many questions in the blink of an eye, so you’ll have some
time to spare to dedicate to questions that stump you. However, you aren’t going to
suddenly learn information you don’t know if you stare at the question long enough. Give
yourself enough time to think about the question and try to remember the answer, but
after a couple minutes just pick your favorite answer and move on. Better to take your
chances on getting one question wrong than to devote so much time to that one question
that you run out of time and never get a chance to answer a handful of easier questions.

Tip #8: Stretch and Relax

It’s difficult enough to think under pressure without adding discomfort. Six hours is a
long time to sit in one place. If your mind is too stressed or tense, or you’re physically
uncomfortable, it’s difficult to focus and think straight.

Yes, I did just got done writing about how little time you have to devote to each question
in the first place. For many people though, a short break to stand up, stretch and relax will
prove invaluable. Stretching your muscles and giving your brain a few seconds of
serenity will help you to concentrate on the questions in front of you and think clearly
about the answers, rather than focusing on how uncomfortable the chairs are or getting so
stressed out that you can’t think straight.

Tip #9: Get Some Sleep!

No, there won't be any entertainment during the test and the questions are not that
engaging. To make sure you don't fall asleep or disrupt your neighbor's concentration
with your growling stomach, make sure you get a solid night of sleep and eat a good,
healthy breakfast before testing. Being well rested and getting the proper nutrition the day
of the exam will serve you much better than pulling an all-night cram-session.

Aside from these two imperatives, though, how you prepare the night before or the
morning of the exam is a personal choice. Some people may want to read their notes, take
another exam simulation test or cram down to the very last second. Personally, I woke up
and played Tetris all morning. I find it gets my brain in gear while also taking my mind
off of the stress of the exam.

Tip #10: Don't Be Intimidated

Some people can take almost any test cold and still pass. Others may have dedicated
themselves to studying and learning everything they possibly can for months, and freeze
up on test day. If you have the above tips you should be prepared and have no problem
passing the exam. Don't let the 250 questions or the six hours intimidate you.

It’s a long exam to earn a valuable certification which may have an impact on your career
and your future. But when exam day comes, you either know the information or you
don’t. Have faith in yourself that you’ve done all you can to prepare for and pass the
CISSP exam and don't pop a blood vessel trying to second-guess yourself.
There is a technique and strategy involved when sitting an exam. Many able students
have not been able to convey their maximum potential due to the lack or non-
existence of examination technique. The exams you are about to sit require you to
put to paper two whole years of theory in a few hours. Examiners take a lot of
thought and planning when designing an exam paper they make sure that they
structure the paper in such a way that it covers two years worth of studying and
gives them a good measure of the ability of the student. PassMyExams recommend
the following before and when sitting an exam.

1) Know the structure of the paper before the exam.

Your teachers should tell you how long the paper will be and how many questions it
will contain and if a choice is available. But you should know this of your own back
and can find out by consulting the syllabus or contacting the examining boards or the
most simplest method is by asking your teacher if he/she forgot to mention it. From
this information you can work out how much time to spend on each question. When
allocating time be sure to include time to read through the paper and check your
answers. Do not be working out time allocations during the exam as you will waste
precious time.

2) Know and familiarise yourselves with formulae sheet and data sheets
that will be given in the exam.

This will save you time during the exam as you will not be referring to the formulae
sheets looking to see which equations and information is given.

3) Have all your equipment ready.

Make sure you have all the relevant stationary and some back up pens and pencils.
Make sure the battery in your calculator is not on its last legs.

4) Read through the paper first and mark the questions you are most
confident about tackling.

Do not just turn to the first page and start writing from question 1 straight away.
You are not required to answer the questions in the order they appear in the exam.
Do the ones you are confident with first, as you will make up time, which can be
spent on the question you are not to sure about.

5) Read the questions carefully.

Read the questions carefully, try and understand what the examiners are getting at.
If information is provided in the question i.e. a diagram, graph set of data,
instructions etc use it as it is there for a reason.
 6) Use the mark scheme as a guide to the length of your answer.

If a question is worth one mark then that should tell you that the examiners are
looking for one key point and not an essay, if however a question is worth 3 marks
or more then the examiners are looking for a structures answer containing three key
points or three distinct steps.

7) When carrying out calculations include all the steps rather than just the
final answer.

The steps allow the examiner to see your approach to the question and in the case
where the answer is wrong due to some small calculating error some marks will still
be awarded for the correct steps included. In the case when just a final answer is
provided and it is wrong then no marks will be awarded.

8) Be neat and systematic when providing answers.

Be neat and systematic when providing answers and demonstrate a good command
over the language you are answering the paper in. A messy answer will make it very
hard for the examiners to mark and see what you are trying to say.

9) If stuck on a question do not waste time on it, move on.

If stuck on a question do not waste time on it, move on and do the other questions
and come back to it. Make sure you leave some room in the answer paper for when
you come back to the question. The main thing to remember is not to panic as firstly
it is a waste of time and secondly it will destroy your composure and affect you on
questions you can solve comfortably.

10) Do not leave any questions unanswered.

If your not certain then go for a sensible guess. Even if you get a fraction of the
mark by sensibly guessing its better than no marks for not attempting the question.

11) Give yourself some time towards the end to proof read and check
through your answers.

If you finish early resist the temptation of walking out of the exam use the time to
thoroughly check your solutions. Only leave when you fully satisfied with your
answers.