When I tested for my CISSP a few weeks ago, I was struck by how little information there is about the logistics of the exam itself. The admission information pretty much says, “Dress: Business Casual” and that’s about it! Many CISSP books go into some detail in the intro sections, but you never know if they’re up-to-date or not. So I wanted to post some info based on my recent experience.
The environment. Get there early and be prepared to put your coat, bags, food along a side or back wall. Turn your cell phones off or turn off all alarms/rings/vibrations! Bring a simple wristwatch if you have one, but there should always be a clock visible. The only things allowed at the desk were pencils, something to drink, your admission papers (which were collected after filling in the first part of the answer sheet), and for women their purse. We had pencils provided for us along with a pencil sharpener, but I would always recommend bringing at least a few of your own just in case. The test is a bubble-sheet test so you need a #2 pencil. You can write all you want on the question booklet.
The admissions doc says the dress is business casual, but at my location there were t-shirts, shorts, etc. I can’t imagine proctors would turn anyone away for their dress and indeed none were. So dress dress comfortably.
The exam. I can’t speak about specific topics/questions/answers, but I can talk about general stuff. Unlike almost every practice exam out there, there are no multiple-answer questions. There are very few (I don’t recall any!) negative questions (e.g. ‘which of the following is NOT…’). There are some scenarios that have more than 1 question regarding it. There are plenty of “best answer” questions.
Feel free to get up and walk around, or get a proctor’s attention if you want to go to the bathroom. Only one person was allowed out at any time, and you have to sign out and back in. You can get up and move to the back and have a bite to eat if you need to, or just stetch your legs. I took my test in downtown Minneapolis and we had a nice 8th floor corner office view of the NE part of downtown, so the ability to look up and out for a bit was really nice!
The test is 250 questions, which means you should plan at least 3 hours. This is a lot of sitting, so if you need to, get up to get your blood flowing. If you don’t work fast, I think you get a total of 6 hours. Think: 9am to 3pm.
Studying. My really quick suggestion for what to study with, I’d suggest the official CISSP book plus an additional supplement. The official book because, well, it absolutely has all the material! And a second book for something that is far better to read. (I used the Stewart, Tittel, Chapple book). I don’t suggest practice tests as they are often focusing on stupid minutiae or awkward question structures. And when at all possible, try to relate or bring home topics to something at your job now, or past jobs. Relevancy makes dry topics far more memorable.
Also, if you want to take the CISSP, there is little reason to not take the CompTia Security+ cert beforehand. The technical concepts overlap greatly and it is quite a bit cheaper and easier as a sort of warm-up.
Why not use CBTs that can often be downloaded from a torrent site? Some even base their information off the pass4sure and actualtests data, which are the real questions and answers (not practice tests, which I agree help very little). I am a big fan of books, but memory retention for a lot of people is much easier when there is voice, video, and slides going on simultaneously.
After reading O’Reilly’s Mind Performance Hacks, I purchased one of these Motivator devices – habitchange.com – to help with presenting and improve my time management.
I found interval countdown timers to be more useful during exams because I’d divide the number of questions by the time involved to get an idea of how long I should spend on each question. If I decided to wait less than, say, 2 minutes (CISSP would be 1.44 minutes), per question – I could mentally backlog the extra time I had (or mark it on the scratch paper that was often provided). Searching froogle for “countdown timer intervals vibration” items less than $40 turns up some interesting findings.
The only bad part about these exams is the initial and on-going costs. Most IT exams used to be $125, but Cisco raised their prices significantly. I simply can’t justify the price of the CISSP exam.
Oh, I agree, multiple media are a step up. I just didn’t do any CBTs or anything like that. Maybe a few years ago when I first started toying with the idea of taking the CISSP, but I don’t recall them, really. If I had planned this exam outing a little more ahead of time, I may have looked for more. As it was, I only gave myself about 5 weeks of studying. Hell, it caused me to have no time to make a Final Four bracket for any pools!
And also about the cost. Honestly, with maybe the exception of the OSCP, this is likely the most expensive cert I’ll spring for on my own dime. Then again, who knows what the future holds.
I wasn’t too concerned with the time per question, myself, especially since I was the first one done in the group (about 25 I guess?), and in about 3.5 hours I would guesstimate. That’s just my style though, especially with multiple-choice tests, that I’ve gotten used to since high school and college. I try very hard not to over-think too many questions and spend too much time on them. Fire off answers and avoid second-guessing.
Strange, this post has already had 20 spam hits. Crazy… It’s not often a new post gets any.