Just for information and maybe comments or remarks (I kept them open on this post). I passed the CISSP exam this year (early August 2012). While preparing for the exam I registered with cccure.org and subscribed to their Quizz engine https://www.freepracticetests.org.
When registering with this site you are entitled for - of course - the CISSP quizz engine practice tests, but not only: you can train on several other certifications as well, like:
- Security+ SYO-301
- CEH V7
- ISSEP
- CISA
- ECSA/LPT
- HIPAA
- Sarbanes-Oxley
- SSCP
I did a bunch of CISSP quizzes and it helped me a lot (my point of view).
Incidentally I did connect this site again today (Nov. 2012) as my subscription was still valid and I launched a CISA quizz with difficulty "Pro" (mimic the real exam). Guess what... I performed with more than 80% of good responses without opening any CISA study material (and reading, understanding, remembering... anything else?).
Wow ! It seems that studying for 6 months on the CISSP is paying back. FYI I didn't opt for a bootcamp style approach but rather a more traditional track: reading Shon Harris AOI from cover to cover and taking notes for future references.
I think I am going to register for the CISA exam...
P.S. After all, CISSP seems to be a good certification, isn't it ?
(please no *troll* like "CEH" or "SANS" is better. CISSP is not to be compared with these ones. Not because CISSP is better or worst but simply because they are not targeted for the same audience. If you cannot understand that then just FOAD).
Addendum:
For those interested here is a copy&paste from the cccure.org forum post I did after passing the exam...
ref: http://www.cccure.org/ftopict-8824-raskal.html (I guess that you need to be registered to read this original post)
I passed the CBT CISSP August the 6th 2012 in Zurich - Switzerland (1st attempt) and I am pleased to provide some feedback to the community.
This is my point of view, your mileage may vary (and it will).
Materials used:
- Shon Harris - CISSP All-In-One 5th (aka AIO)- CCCure Quizz tests (paid)
- Did read some CCCure CISSP forums about topics I was not sure of.
- Web contents.
Planning:
1) Almost 5 months on AIO.I did read the book cover to cover, taking notes in a notepad to review the topics, and that will be useful later on in the course of my daily bread. I also created a Quick Tips electronic document for the concepts and tricky stuff I had pain to memorize, printed it so I could quickly have a glimpse in case of doubt (if you must boot your PC to have a look at it, you are loosing time, patience, and so on). I even had some post-it sticked on the mirror of the bath room, very handy.
- Comments: I felt a bit stressed to have only read the AIO (well, it's a nice 1100 pages book though) while others are diversifying their lectures. See quizz section below for the reason...
My quick tips document is mine and I urge you to create your own. Don't rely on others you can find on the Internet: they can be outdated and for sure incomplete because what was important for the author will not necessarily match with you.
2) Additional readings
- Logical Security documents from their web site (links provided in AIO)- Wikipedia
- Misc web sites: ISO27001 and 27002, OECD, NIST... and many more
- Materials available from the web, but created by CISSP (Google is your friend).
- Comments: pay attention to the creation/update date of the document... Try to fetch fresh material. Even on CCCure forums, look at the date of the post and cross check with other sources.
3) Last month I did the CCCure quizz
Went through 11 quizzes, 250 questions, difficulty "Pro", relativity "Closely related", timer activated. After 6 or 7 quizzes (can't remember sorry), I asked for questions I never had. I also asked a few times to be presented with questions I failed (I advise you to do this. To my surprise I was doing the exact same wrong answer, until I really got the concept).For me, a 250 questions was meaning:
- 2:30 to 3h answering questions
- 3 to 5 hours reviewing answers (first: failed ones, then the remaining because I was not that sure I answered correctly). The good point is that very often, detailed explanations with references for additional material are provided. Plan for some long readings... It's part of the learning curve.
- Comments:
CCCure quizz engine is a valuable evaluation tool but you will not find there questions of the real exam (of course). As my only book was the AIO, I stumbled upon stuff that were not very detailed in AIO but in other books (as stated above, the quizz engine will provide you explanations and references to literature when explaining why you failed a question).
It's valuable because it helps you in assessing a "certain" level of readiness but don't feel like a n00b if you are ranking below 70%. I'd advise, though,
a) that you are reaching a fair 75% after a few tests,
b) don't rush on the quizz engine, register only when you are feeling ready to book for the exam. You will be surprised (Oh My! I'm not "that" ready...) and you will for sure dig a little bit more certain concepts or technical stuffs you missed. I even re-read complete AIO chapters... The second read is something I'd recommend because it suddenly becomes clear (you are no more in learning mode but rather feeling like reading a good book: I really enjoyed).
4) The exam
I'm based near Geneva (Switzerland) and the nearest Pearson-Vue place was Zurich (at time I was looking for to take the exam). The exam was scheduled for 9am sharp, you have to be there at least 30 minutes in advance. I spent the night in Zurich in order to be sure that I'd be able to make it for 8:30.Before the exam: have a nice breakfast, a shower. On site: visit the toilets a few times before to be sure not be bothered with such details.
8:30: registration, about 15 minutes: NDA, palm scan, picture, signature, received ear plugs - very useful when someone in the next cubicle is frantically entering IOS CLI commands (a Cisco exam I supposed). I had a small English dictionary (scanned be the exam center rep).
- 9:00 - 12:30: first 150 questions answered, with some marked for reviews (mark for review while you are on the question, not later because you will loose time finding it afterwards).
- 12:30 : short break, cereals bar, water... (you are not allowed to eat or drink in the exam room!). If you are having a break, the counter is still ticking... So be short, but do have breaks: it really helps.
- 12:40 - 13:50: completed remaining questions
- 13:50 - 14:00: break
- 14:00 - 14:50: "marked for review" questions re-evaluation, and stop.
Yes, 10 minutes are missing. I was so exhausted that I felt not able to think properly, so I decided that it was better to stop.
About 10 minutes later, a printout was available with the so expected "Congratulations".
- Comments: I completely missed that 25 questions were test ones. I simply forgot... I think the stress might explain why. When thinking about this, I can say that 2 were obviously test questions. They were rather technical in nature even if the question itself had a "management" tone.
I should have practice reviewing questions during the CCCure quizzes. it needs to be accounted for regarding the duration of the exam.
Otherwise and overall, it was a bit focused on BCP/DRP but I'm not the only one reporting this on the forum, so no big news.
I've read that some people are perceiving the CISSP as management minded (which could triggers the idea that technical knowledges are not that needed to complete the certification).
I won't debate about this. All what I can tell is that if you are not able to master the background techy stuffs then you won't be able to understand the question, thus not able to answer properly. This is true in real life as well.
Fingers crossed for those still studying for the exam. Courage !
