Overview
The CISSP certification is an industry standard that is very popular in system administration roles, especially for jobs in the public sector. The exam is a multiple-choice, adaptive exam used to determine if one is qualified to possess the title of CISSP. In addition to passing the test, one must also have at least 5 years of related experience to be a CISSP. Since I don’t have the full five years of experience, I am an Associate of ISC2.
As a sophomore at CPP, I took the exam in January of 2022 and passed while only studying for four weeks. In fact, I passed in the minimum 100 questions. It took an insane amount of discipline, hard work, and dedication. Since I was using my winter break as a time to devote myself to studying, I had to miss out on a lot of events with family and friends. My aggressive way of preparation is not meant for everyone. This challenge for myself was a great experience in exploring what I can do when I put my all in something and I am proud of my performance.
Disclaimer: I do not encourage preparing for CISSP in just 4 weeks. The CISSP exam is a very difficult exam for those without experience, especially for those with less experience in security and test taking.
How many questions are in the CISSP?
There are a minimum of 100 questions you must answer to pass. If you do poorly enough, you may not need to answer all 100. If you have not performed well enough, the test more go longer than 100 questions until the test can determine if you are doing well enough to pass, or poor enough to fail. While you only know if you pass or fail, passing in 100 questions is considered a very good performance.
What is an adaptive test?
Basically, it means the questions are not weighted evenly and scale with your performance. Some questions will be harder than others and affect your overall score more. For an adaptive test, streaks are very important. Answering questions consistently correct will lead to the test giving you harder and harder questions (worth more) until you get one wrong. If you feel like the test is getting consistently harder, that’s usually a sign you’re on a good streak. On the other hand, consistent wrong answers will make the test give you easier questions to get you back on your feet. Getting an easy question out of the blue doesn’t mean you’re suddenly doing bad, but these are just slight variations you might experience per test.
Timeline Breakdown
Here’s the breakdown of how I spent my preparation weeks.
- Week 1 (Domain 1, 2, 3)
- Week 2 (Domain 4, 5, 6)
- Week 3 (Domain 7, 8)
- Week 4 (Full Test Prep)
Preparation Strategy
I studied an average of 10 hours a day, split into three study sessions a day. The first session was 8:00AM-12:00PM followed by a 1-hour lunch break. The second session was 1:00PM-5:00PM. The last study session was after I ate dinner, so around 8PM-10PM.
The first session was mostly about learning new material. It was split into 3 phases: learn (2hrs), review (1hr), learn (1hr). I allowed myself up to 5 minutes of break time per hour so that I can maintain focus.
The second session used the same schedule.
The last session was focused almost entirely on learning new content. While many probably find it strange that I would use the end of the day to learn material because I am presumably the most tired, I personally find it easiest to focus for that exact reason. There is also less distractions as long as I am disciplined. Also, most people have already gone to bed so I don’t need to worry about people contacting me while I’m studying.
If I did not meet my goals in content/review scores, I would take even more time to study. Some days, I would be preparing for CISSP for up to 10-12 hours total.
Learning
I used the Gold Book to learn the material. I took notes for each domain in a Google Doc as I progressed. On any topic that I didn’t already have full confidence in, I made sure I was very detailed. I used the Sunflower outline to guide what I focused on while reading and taking notes.
Reviewing
Depending on how strongly I felt about a certain topic, I would either focus on memorization or test taking/application.
I used Quizlet to focus on memorization of topics, definitions, and laws/regulations. Raw memorization can and should be handled separately from exam practice.
I primarily used the quizzes in CCCure to prepare for the CISSP exam. I exclusively used Test mode and treated each quiz like a mini-exam. I took 25 questions on whichever domain I had most recently completed. If I attained a score of 80% or higher (without guessing), I would take a 25 question quiz on all the domains I had covered up to that point. Any topic or domain that I saw weakness in, I would focus on for about 15-20 minutes than take another quiz on that domain. This means I averaged about 2-3 quizzes per 1 hour block of review.
General Test Taking Tips
Tips for Studying
- Separate weak topics from strong topics.
- Using tools like Quizlet, flashcards, or even example test questions, try to identify which topics you are excelling in and which topics you are struggling in. Focus your efforts on your weaker topics and lighten up on your stronger topics. You can come back to your strong topics a day or two later to see if you’ve still got it.
- Review frequently. Review everything.
- The more your encounter the content, the easier it will be to recall that information on the test. Whether you’re waiting in a line or about to go to bed, utilize spare time to review. Also, do a full review of everything you’ve learned up to that point once a day.
- Have a friend. Test each other.
- Having a friend to bounce ideas off of is always a great tool. If you find yourself struggling to understand a particular topic, you can ask your friend to see if they can help you. If you both are struggling, two people looking for a solution is better than one. Shoot questions at each other to see if you can quickly recall information.
- Don’t always study in an ideal environment.
- It might be the most comfortable to use the same location to study, especially if that’s where you’ve always done it. But when you take the actual exam, you won’t have that luxury. Get used to studying and test taking in different environments. For example, if you’re waiting in line in a public space, you might think it’s too loud to study. But if you can get used to recalling information while not at your 100%, you’ll do better overall.
Tips for Crunching
- Make your life about CISSP. Make references to the content in all aspects of life to reinforce concepts.
- For example, in the middle of conversations, you might blurt out, “Oh, that’s like zero trust security because XYZ.” Those close to you may be annoyed by this, but it helps you truly see the concepts.
- Do full exams and don’t allow yourself to guess.
- Usually, getting a question correct by guessing has little to no value. If you got the question correct without knowing exactly why, it won’t help you on the test. You don’t want to reward poor performance. When you’re doing your last few example exams, then it’s ok to guess to test how good your knowledge is to make educated guesses.
- Under stimulate your brain, then obsess over the content.
- If you under stimulate your brain by experiencing little more than the content only, it will be the only context for your brain to function in. This means don’t play any video games, only watch videos about the content, and focus as much as possible on the content. You might ask for help with chores the last week so you don’t need to think about them.