CISSP Exam: Nov 2008 Attempt

[LarryDaMan]

Thanks man. Sorry about your test cancellation, during this process I have definitely noticed a lot of problems with ISC2 from an organization/business/bureaucracy perspective. Not much anyone can do about it, because the actual certification is well respected, and we want it!

This bootcamp has been really mentally draining so far. It's 10-12 hour days with 2-3 hours a day group study outside of class. We do breakfast and lunch at our tables, it is literally non-stop. 5 domains down, 5 to go.

I feel good about 99% percent of the areas being highlighted, so confidence is high... but I am SO tired. Eat, sleep, CISSP... that's about it.

Good luck and of course I will be happy to provide any tips that I can after I get that congratulations e-mail.

[JDMurray]

Exactly 30 days to go for me. I need to start writing up the areas of my notes that I really need to memorize in detail for the exam. This is also where running through practice tests will do me the most good. I can't wait to one day do something other than lug around heavy CISSP books.

[down77]

I guess its about 52 days left for me now, should have been ~30. I'm submitting my application tomorrow so that I can reserve my seat for the out of town venue.

Keeping my fingers cross that all 3 of us pass... in the meantime going over my 2nd pass on Operational security and then to read the CBK a second time as well.

[RTmarc]

I'm sure you'll all do fine. One thing to remember, as difficult as it will be, leave the anxiety at the test center. Everyone that I have encountered - including myself - felt like they failed the exam when they left. Most of us passed. Some didn't. Everyone that I've talked with that said they felt good about it were rudely surprised when they received their failure notice.

What it boils down to, you are going to feel like crap when you leave. My advice is to not even think about it. Leave that garbage at the testing center because it is going to do nothing but eat at you until you get the scores if you bring it along with you.

Good luck!

[JDMurray]

I'm sure that I'll be drinking heavily that evening.

[LarryDaMan]

Test taken. It sucked. The waiting begins.

[JDMurray]

I've been waiting to hear from you! Did you take the exam today or Saturday? What percentage of the questions do you have no idea if you answered correctly or not?

[LarryDaMan]

I took the test today. I have no idea if I passed, but I am not sure that I failed. One thing working in my favor is that I changed only 5 questions... looked them up in the car, and it looks like I changed them all to the correct answer.... so that might be a 10-question swing in my favor. Generally, it is advised not to change answers, but the test is so long that I was able to use questions within the test to help me with other questions.

My test seemed to be real heavy on Information Security and Risk Management. Our ISC2 instructor said it is not completely unheard of to have all 25 "research questions" come from the same topic, so maybe that is what happened.

I will wait until I get the results to offer any real tips, because listening to tips from a failure is like having a fat physical trainer.

[JDMurray]

The only answers I changed on my SSCP exam was when I went back to check all my answers a second time before marking the sheet and had discovered that I mis-read several questions. Otherwise, I always make out worse if I start second-guessing myself too.

I'm currently reading through every posting in the CISSP CBK forum at www.cccure.org. It looks like the consensus is that people who pass generally feel as if they have failed, and people who feel confident they passed often find out otherwise. If true, it sounds like you have the post-exam "winning attitude."

Now, go find something non-CISSP-CBK-related to do for the next two weeks and unwind.

[shednik]

Best of luck Larry I'm sure you did well!!

[JDMurray]

I just got my 21-day exam notification email from the (ISC)2. Things just got a bit more real...

[LarryDaMan]

Quote:

Originally Posted by JDMurray

I just got my 21-day exam notification email from the (ISC)2. Things just got a bit more real...

Time for you to put the pedal to the metal.

I expect my results by Wednesday, but at least by Friday at the latest if the past is any indicator. I've calmed down and life has pretty much returned to normal. I bought and started watching the CCNA CBT Nuggets, so that has helped. The CCNA is mostly for personal interest and to gain some knowledge, it won't help my career or resume too much.

If I had a gun to my head, I would say that I passed... but I have some doubt. I keep telling myself to relax because you can miss between 67-92 questions (depending on how many research questions you miss, then possibly more when they "norm" the exam). I think it is almost easier to resign yourself to failure and then be extra happy if you pass, because failing would sure suck after all of that studying. I don't even want to think about failing... beers of sorrow or beers of celebration? We shall soon see.

[down77]

Well my ITIL v3 Foundations course is now done and over with so its back to studying for the CISSP. Around 38 more days until the test! I have one more chapter to ready on my second pass of the AIO, and then to read the NIST docs for BCP and start final preparations and daily practice exams.

I'm keeping my fingers crossed that the second exam date is not canceled. 4 people from work will be taking the exam (1 CISSP, 3 other) so this should be good

[down77]

Recieved word that another exam date has been canceled and I will have to reschedule. I will attempt to reregister for one on December 20 and then may have to put off my pursuit of the CISSP until next year if they cancel this last attempt... I'm not very happy

[JDMurray]

Quote:

Originally Posted by down77

Recieved word that another exam date has been canceled and I will have to reschedule. I will attempt to reregister for one on December 20 and then may have to put off my pursuit of the CISSP until next year if they cancel this last attempt... I'm not very happy

I'm really sorry and I can completely empathize. I actually checked my email while writing this just to see if I got the same bad news. If my 12/20 exam date is canceled I will give up perusing the CISSP until the second half of 2009. I'm getting pretty sick of putting people and projects on hold while I concentrate on passing this exam.

[down77]

It's ok JD, and unfortunately it got worse for me over the last 2 days... Another 3 exam dates have been canceled leaving my window of oppurtunity slim and I've settled on scheduling the December 13, 2008 exam in Orlando, Florida.

I do understand the economy is not as strong as a few short months back, but I believe maybe it is time for ISC2 to consider other delivery methods for their exams. It is very difficult to continuously have to tell work that I need to modify my time off request, reschedule hotel/travel plans in different cities, and push back exam dates while maintaining the level of comprehension for the material.

If this one falls through I'll have to postpone attempts for a year or so... it will be difficult to travel as my son will be born around the first of the year and I am having a hard enough time leaving my wife for a day to take an exam.

[junklock]

Took the exam recently. Pretty rough. I think I failed, I guessed on over half the questions. Most of them were "educated", meaning I was able to narrow the answer down to two choices.

I got killed on crypto. I had read in a few different places that the exam didn't cover this domain deeply. Wrong. Also VOIP. Was not expecting so much on the topic. Lastly, common criteria. I don't recall anything about CC in the bootcamp I went to, and it was definitely covered on the exam.

My prep included an expensive 6 day bootcamp that bragged an insanely high pass rate, and that was really it. We were told "if you know the content in the material, you'll pass." So I studied the bootcamp materials the past week, made flash cards, and that was all. At this point I wish I bought the latest Official Guide from ISC and read through it before taking the exam.

If I fail, I think going through that book after having taken the exam will allow me to easily pass. But I'm not sure how big the testbank is, so if I retake, who knows what might come up.

[JDMurray]

Each CISSP exam seems to contain a greater number of questions for certain domains rather than having exactly 25 questions for each domain. I have read reports of "a lot of crypto and not so much BGP" and reports of just the opposite. Some people have said they had a lot of Telcom/NetSec or risk management and others said hardly any. Taking a gamble on what domains will/won't be heavy on your exam is just too risky, so always study them all.

One bright note to your story is that any "modern" topics that you saw (e.g., Web services, XML, database security, VoIP, IPv6, etc.) were probably part of the 25 research questions on your exam, and they aren't counted in your final score. Some of these research questions will likely end up on the next revision of the CISSP exam due in 2009.

Good luck, and let us know how you did when you get the news.


Oh, I forgot to mention that Common Criteria questions have been reported by several people in the CISSP CBK discussion forum at www.cccure.org. You should really ready through the postings over there to get an idea of the knowledge and mind set you'll need to re-approach the CISSP exam.

[cashew]

Eh...they are making the exam harder these days. The average time for filling in the correct answers and reading the questions, is equal to about 70 seconds per question. Add in the fact there are a few scenarios in the exam that take up a whole page. Makes the MS exams look short winded. These are the more heavily weighted questions.

Also remember that any fact based question you get is weighted less than a question with 4 correct answers where you have to choose the best one.

[tdempsey]

Not much wireless and wep. Almost no Kerberos. Too bad because I spent some time committing processes to memory. More risk management than ops.

[JDMurray]

Quote:

Originally Posted by tdempsey

Not much wireless and wep. Almost no Kerberos. Too bad because I spent some time committing processes to memory. More risk management than ops.

Every candidate says something like, "I spent so much time studying [insert CISSP CBK domain topic here] and I hardly got any questions on it!" Not every topic is on every CISSP CBK topic is on every CISSP exam, and candidates have no choice but to study everything or risk failing because they are "playing the odds" that they will not see specific topics on their exam.

Remember that a purpose of any IT certification exam is to study subjects that you ordinarily would not. You'll end up knowing more about RM, BGP, Kerberos, MAC, crypto, OpSec, AppSec, etc. than you would have if you'd not taken the CISSP exam. Having that knowledge only makes you a stronger InfoSec professional. Nothing is wasted; nothing is a lost effort.

[junklock]

Quote:

Originally Posted by JDMurray

You should really ready through the postings over there to get an idea of the knowledge and mind set you'll need to re-approach the CISSP exam.

I passed.

[JDMurray]

Quote:

Originally Posted by junklock

I passed.

Congratz!

I sure hope that I do. Back to studying...

[down77]

Congrats Junklock!

I second that JD... 4 more days until my exam

[JDMurray]

I keep reading posts of people who say there were a lot of digital forensics questions on their exam, so I'm reading the first few sections of NIST SP800-86 just in case.