Have you failed the CISSP exam recently? Have you been procrastinating? Do you keep putting it off and putting it off - claiming that you will start studying for the exam when you have more time? It’s finally 2019 and the pass rate for this exam has dropped significantly over the last few months of 2018, but do not get discouraged! In this post I will go over some of the changes and testing strategies to help anyone who has a goal of passing the CISSP exam this year.
Let’s start by looking at the test format.
Since December 18th, 2017 all English CISSP exams have been administered in a Computer Adaptive Testing (CAT) format.
Let's take a look at the important things to think about
- The passing score is the same.
You still need to score 700 out of 1000 to pass the CISSP exam. - You can still take breaks.
You can step away from the computer, stretch your legs and clear your mind before returning to the questions. - The CISSP exam takes half the time.
You’ll need to manage your time wisely – just as before – as the time limit for the CAT format is three hours, as opposed to six with the linear exam. But don’t panic! Instead of 250 items, the CAT format is down to 150 – at the most. And if you really know your stuff, you could pass the exam in as little as 100 questions. - Take it one question at a time.
CISSP CAT is a more precise and efficient evaluation of your competency. Following your response to an item, the CAT scoring algorithm will re-estimate your ability based on the difficulty of all items presented to you and all the previous answers provided for those items. Because the CISSP CAT exam is a variable-length computerized adaptive examination and the difficulty of items presented to you is based on your previous responses, item review is not permitted. Once you finalize an answer, it may not be reviewed or changed.
Exam objectives have changed slightly.
On April 15, 2018, ISC² implemented a new set of objectives for the Certified Information Systems Security Professional (CISSP) exam. The goal of the update was to keep the exam relevant to the latest technologies, standards and processes in information security, so the certification will remain valuable.
Let’s take a look at the eight (8) domains of knowledge that make up the CISSP exam. In the following table, we show the previous 8 domains and the new set. The last column shows the weight of each domain — the percentage of questions in the exam that cover that domain — and the change from the previous version of the exam.
Subjects to consider reading about
In addition to the materials that students have traditionally used to prepare for the CISSP exam, I would recommend that you consider reading over the following subject areas:
- You should also consider reading over the basics of GSM encryption:
https://payatu.com/dissecting-gsm-encryption-location-update-process/ - You should consider reading about agile software development
https://linchpinseo.com/the-agile-method/ - You should consider reading about TLS/SRTP
http://blog.simwood.com/2013/12/tls-srtp/ - You should consider reading about the different threat modeling methodologies
https://threatmodeler.com/2018/09/15/threat-modeling-methodology/ - You should consider reading about EAP
https://www.networkworld.com/article/2223672/access-control/which-eap-types-do-you-need-for-which-identity-projects.html
Shameless Plug
I hope you found this blog post helpful. I tried to give you information you would find useful if you are going to use self-study as your primary method to prepare for the CISSP exam. If you are interested in taking a class to prepare for the CISSP exam - then I think you should consider Secure Ninja. We offer a CISSP bootcamp, and we have a 95% first time pass rate.
Click the link below to find out more about the Secure Ninja CISSP bootcamp:
https://secureninja.com/training-courses/cissp-certification-bootcamp.html
------------------------------------------
Sources Cited:
https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/CISSP-Exam-Outline-121417--Final.ashx