So after 6 month of studying and 2 weeks of intense studying, I passed my CISSP exam, yesterday. Since I am under NDA, I can’t share any specific questions or answers but I can talk about my experience. To be honest, even now I still don’t know which are the correct answer to some of the questions on the exam. They are like this post I saw on Reddit.
Which of the following add up to six?
Like many people have already talked about, the exam is more management exam than technical, but it doesn’t mean there isn’t a specific technical question popped in there once in a while. So just be prepared and really read the questions twice before answering. if you can’t understand it the first time, skip for flag it and come back. you will get it after about 150 questions later.
First, I have to apologize for not keeping up with this blog. The intention was to post my learning as a way to refresh myself, but as work got busy, I fell behind. But I may continue to post things I learned about security on this site to help others. So let’s talk about what I used to study for this exam.
As I stated from my previous post, I started to use the following books.
- Primary: Shon Harris’ CISSP All in One book (AIO)
- Secondary: Eric Conrad’s books both the study guide and the 11th hour cram book.
- Backups: Few weeks before my exam, I also bought the official ISC2 CISSP CBK Guide and CISSP Study Guide, 2nd Edition by Eric Conrad, Seth Misenar, Joshua Feldman. The CISSP in 21 day book was given to me by a friend who recently passed his CISSP.
NOTE: The Eric Conrad book was only $1 dollar!!!!! Yes!!! $1. Use the link above and use promo code: ONESALE!!! What a great deal. 
- I also used this website for my practice test questions
My study process and exam experience:
After I signed up the the CISSPexampractice.com, I’ve been working on at least one exam every week. I made a note book of all the topics that I miss on the exam and I try to review those every morning. However, the reality is that process did not really happen until 5 days before the exam.
So, I finished the CISSP in 21 days and the God awful Shon Harris’ AIO book around 1.5 weeks before my exam, I then started to do nothing but practice exam questions. I also did every section exam in Shon Harris’ book and Eric Conrad’s book and the free exam on Eric Conrad’s website. I was consistently getting around 70%. As I miss one, I research the topics and read the other books to get the answer. I write the specific topics to my little notebook for my daily review. At times it feels that I was jamming so much stuff into my brain that I was about to explode. Around the last few days I started to find a pattern and a grove to the material and I thought I was ready. I think I must have done over 1000+ questions.
The day before the exam, I took a day off to study and relax I was going to stop studying around 4 PM and just chill and get ready for the exam, but I ended up studying and finding areas that I am still a bit unsure until 11PM. I could not fall asleep and I needed up waking up at 5:30 AM for my 8:00AM exam.
It took me 15 minutes to drive to my exam site (I was lucky that there is an exam site really close to where I live). I tried to hype and psych myself up by listening to some awesome pump up music to get me into the zone… the “DANGER ZONE”. However, when I got the the exam site, the registration process really mess up my excitement and snap me back to reality.
During the exam:
I am not the best exam taker so I was very nervous, I feel like I know the material but for the first 20-50 questions, I felt like I really did not understand what they were asking. I marked all the exam questions that I was not sure and I just continue to push through. I felt a little bit better around question 150, but still uncertain. I took a short pee break around question 125. There are times during the exam, I really felt that I’ve failed and I will need to think about retaking and when I can retake. But I continue to take deep breath cool my head and continue to answer the questions (thinking like a consultant and an advisor). I also was expecting to finish in about 2 1/2 – 3 hours based on my practice tests, but ended up taking 5 hours. For the last hour, I went through all the flag questions first and then use the remaining 20 minutes to just go through as many questions as I can.
Finishing the exam and receiving my results:
By the time I was done, I was so burnt out I really thought that I failed, even through at the end going through the questions I felt those were the best answers that I can choose. When the proctor hand me the results sheet, I read the middle of the page and saw “You’re almost there!!!”. I thought to myself… “DAMN, I failed”. But for some reason, I could not find my score on the page. Then reread the page from the beginning and it said “… you passed the CISSP exam”. Woo hoo!!! The “You’re almost there!!!” was just referring to that I must get my endorsements submitted before I am officially a CISSP.
I drove home shaking and excited, it’s finally over I can finally sleep 😀 … so time for some beer!!!
My Thought on the different books and study guides
I used both ebooks and hard copies. I have all 3 main books (AIO, Eric Conrad’s Study Guide, and CISSP CBK) in ebook format. I have the AIO 6th edition, Eric Conrad’s 11th hour study guide, and the CISSP in 21 days. I found that iBook on my Macbook pro is extremely helpful in finding the explanation of a particular topic. I try to search for the topic of my missed questions on all 3 main books.
- First Shon Harris’s AIO book is a good reference guide, but it is not a good book to read. I’ve went through the entire 1456 pages and it sucked! She is very very wordy some of the concepts are not very clearly explained and some are just confusing enough that it maybe wrong (e.g. polymorphism). She is also a sexist, all most all the good security scenario examples in the book are referred to by the pronoun “she”, and the bad scenario examples are referred to by the pronoun “he”. I think the book can probably be written more concisely and reduce about 700 pages. But with all that said, it is truly an ALL-IN-ONE book. It really has just about everything and the kitchen sink that you need to know and may need to know for the exam.
- The Eric Conrad’s books (CISSP Study Guide, 2nd ed., Eleventh hour: CISSP study guide) are much more straight forward, cleaner layout, and much easier to read. It was much less confusing than Shon Harris’ book and the examples are much better for a technical guys like me than Shon’s book. I actually really like the 11th hour CISSP Study Guide for quick reference and few key materials.
- CISSP in 21 days is worthless. The good has so little material and useful information, it is like a very high level outline, without other books there is no way that a person taking the exam for the first time can ever pass with that book. DO NOT BUY IT!!!
My Final Recommendations:
If I were to do everything all over again, here is what I would do.
- I would still maintain a schedule for covering all 10 domains. It is alot of materials
- DO NOT USE Shon Harris’ BOOK as your primary study guide!!!! Use the Eric Conrad’s book. You will have many less headaches, but do use the AIO book as a reference.
- Do lots of practice questions to get the different concepts relating to the 10 domains in your mind.
I am thinking of using my study experiences and help people understand CISSP topics.
I hope this write up helps. If you have any more questions please let me know.