Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide

The CISSP exam is available in English, French, German, Brazilian Portuguese, Spanish (Modern), Japanese, Simplified Chinese, and Korean. These non-English versions of CISSP are still administered using the 250-question linear, fixed-form, flat exam.

For more details and the most up-to-date information on the CISSP exam direct from (ISC) 2, please visit www.isc2.org/Certifications/CISSPand download the CISSP Ultimate Guide and the CISSP Exam Outline (currently located in the “2: Register and Prepare for the Exam” section). You might also find useful information on the (ISC) 2blog at blog.isc2.org/isc2_blog. For example, there is a good article posted in October 2020 titled “Why Does the CISSP Exam Change?” ( blog.isc2.org/isc2_blog/2020/10/why-does-the-cissp-exam-change.html).

Most of the questions on the CISSP exam are four-option, multiple-choice questions with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.

You must select the one correct or best answer and mark it. In some cases, the correct answer will be obvious to you. In other cases, several answers may seem correct. In these instances, you must choose the best answer for the question asked. Watch for general, specific, universal, superset, and subset answer selections. In other cases, none of the answers will seem correct. In these instances, you'll need to select the least incorrect answer.

Some multiple-choice questions may require that you select more than one answer; if so, these will state what is necessary to provide a complete answer.

In addition to the standard multiple-choice question format, the exam may include a few advanced question formats, which (ISC) 2calls advanced innovative questions . These include drag-and-drop questions and hotspot questions. These types of questions require you to place topics or concepts in order of operations, in priority preference, or in relation to proper positioning for the needed solution. Specifically, the drag-and-drop questions require the test taker to move labels or icons to mark items on an image. The hotspot questions require the test taker to pinpoint a location on an image with a crosshair marker. These question concepts are easy to work with and understand, but be careful about your accuracy when dropping or marking.

The CISSP exam consists of two key elements. First, you need to know the material from the eight domains. Second, you must have good test-taking skills. You have a maximum of 3 hours to achieve a passing standard with the potential to see up to 150 questions. Thus, you will have on average just over a minute for each question, so it is important to work quickly, without rushing, but also without wasting time.

Question skipping is no longer allowed on the CISSP exam, and you're also not allowed to jump around, so one way or another, you have to come up with your best answer on each question. We recommend that you attempt to eliminate as many answer options as possible before making a guess. Then you can make educated guesses from a reduced set of options to increase your chance of getting a question correct.

Also note that (ISC) 2does not disclose if there is partial credit given for multiple-part questions if you get only some of the elements correct. So, pay attention to questions with checkboxes, and be sure to select as many items as necessary to properly address the question.

You will be provided with a dry-erase board and a marker to jot down thoughts and make notes. But nothing written on that board will be used to alter your score. That board must be returned to the test administrator prior to departing the test facility.

To maximize your test-taking activities, here are some general guidelines:

Read each question, then read the answer options, and then reread the question.

Eliminate wrong answers before selecting the correct one.

Watch for double negatives.

Be sure you understand what the question is asking.

Manage your time. You can take breaks during your test, but this will consume some of your test time. You might consider bringing a drink and snacks, but your food and drink will be stored for you away from the testing area, and that break time will count against your test time limit. Be sure to bring any medications or other essential items, but leave all things electronic at home or in your car. You should avoid wearing anything on your wrists, including watches, fitness trackers, and jewelry. You are not allowed to bring any form of noise-canceling headsets or earbuds, although you can use foam earplugs. We also recommend wearing comfortable clothes and taking a light jacket with you (some testing locations are a bit chilly).

You may want to review the (ISC)² Certification Acronym and (ISC)² CISSP Glossary documents here:

www.isc2.org/-/media/Files/Certification-Acronym-Glossary.ashx

www.isc2.org/Certifications/CISSP/CISSP-Student-Glossary

Finally, (ISC)² exam policies are subject to change. Please be sure to check isc2.orgfor the current policies before you register and take the exam.

We recommend planning for a month or so of nightly intensive study for the CISSP exam. Here are some suggestions to maximize your learning time; you can modify them as necessary based on your own learning habits:

Take one or two evenings to read each chapter in this book and work through its review material.

Answer all the review questions and take the practice exams provided in the book and/or in the online test engine. Be sure to research each question that you get wrong in order to learn what you didn't know.

Complete the written labs from each chapter.

Read and understand the Exam Essentials.

Review the (ISC)²'s Exam Outline: isc2.org.

Use the flashcards included with the study tools to reinforce your understanding of concepts.

We recommend spending about half of your study time reading and reviewing concepts and the other half taking practice exams. Students have reported that the more time they spent taking practice exams, the better they retained test topics. In addition to the practice tests with this Study Guide, Sybex also publishes (ISC)² CISSP Certified Information Systems Security Professional Official Practice Tests, 3rd Edition (ISBN: 978-1-119-47592-7). It contains 100 or more practice questions for each domain and four additional full-sized practice exams. Like this Study Guide, it also comes with an online version of the questions.

Once you have been informed that you successfully passed the CISSP certification, there is one final step before you are actually awarded the CISSP certification. That final step is known as endorsement . Basically, this involves getting someone who is a CISSP, or other (ISC) 2certification holder, in good standing and familiar with your work history to submit an endorsement form on your behalf. Once you pass the CISSP exam, you will receive an email with instructions. However, you can review the endorsement application process at www.isc2.org/Endorsement.

If you registered for CISSP, then you must complete endorsement within nine months of your exam. If you registered for Associate of (ISC) 2, then you have six years from your exam data to complete endorsement. Once (ISC) 2accepts your endorsement, the certification process will be completed and you will be sent a welcome packet.