WWW.CCCURE.ORG TIPS AND TRICKS TO HELP YOU IN YOUR STUDIES

First I would like to say thank you to Ted Phelps for helping me with some of my frenchglish words and typo within this posting.  English in not my mother tongue and any help is welcome.  You will not offend me at all by helping me improve my grammar and the quality of the text being posted.  Feedback is welcome!

INTRODUCTION
First I would like to thank Adrien DeBeaupré, who is a good friend of mine, for the initial study tips that he submitted to the site. I would also like to thank Matthew M. Shannon, who also contributed to the administrivia section. Their posting was the initial version of these study tips. I have since then greatly added to it as I am discovering tips and tricks that can really make a difference in your upcoming studies.


GENERAL
Below you will find some tips and tricks that will help you get ready for the exam and pass the exam. These tips are a summary of the numerous tips and tricks that I have received over the past six years from members of the web site who have successfully completed their exam on their first attempt. You too can do the same; after all we do not like wasting $500 USD on an exam for nothing. These are proven tips, and I would recommend you follow them.

The key to passing the exam is the ability to recognize the meaning, context, and use of all relevant concepts in the 10 domains. You do not have to be an expert in all 10 domains. In fact this is probably not feasible. If you do not have lots of real life experience, expect that you will need to study a bit harder.

FIRST THINGS FIRST

You have just decided to take the plunge and seek certification as a CISSP. The first thing you should do is visit the ISC2 web site. ISC2 is the organization that is in charge of the certification, and they have a lot of details on their web site about minimum requirements, the steps toward the certification, etc.

https://www.isc2.org/cgi-bin/content.cgi?category=97

While on the ISC2 web site, visit the following page to get a copy of the Study Guide for the CISSP. The study guide is a small PDF document that tells you what is included within each of the domains of the CBK. It is free. You simply have to fill out a small form to get it.

https://www.isc2.org/cgi-bin/request_studyguide.cgi


STUDY PREPS
The CISSP certification demands a lot of study and preparation. Do not under estimate the challenge ahead of you. This level of difficulty is NOT because the test has great depth, but because it covers a lot of concepts across multiple domains of expertise that you might not have touched in your career so far. Most people will be familiar with three to five domains of the CBK. The other domains will demand more study.

It would be advisable to let your better half, people around you, and your friends know that you are getting into serious study mode and that you might not have much time to dedicate to them for a little while. Having support from the family and friends is quite important.

THE COMMON BODY OF KNOWLEDGE (CBK)

The Common Body of Knowledge (CBK) is the term used by ISC2 for the set of topics and content that may be drawn upon in writing questions for the CISSP exams. The CBK has 10 domains. The exam has 250 questions based on the 10 domains. You may not get an equal number of questions for each of the domains. There are some domains that are more important than others. You definitively have to master Access Control, Security Management, and Telecommunications. They are the three most important domains. The least important domain, as far as the number of questions on the exam, is Physical Security. The second least important is Cryptography. The other domains fall somewhere in between. So DO ENSURE that you have fully mastered the three most important domains listed above.

STUDY PLAN
Write out a study plan, and keep to it. I recommend that you visit the www.cccure.org web site. Under the CISSP menu you will find a link to the online Quizzes. Take a 125-question (or preferably a 250-question) quiz on the 10 domains to give you a good indication about which domains you need to work the most.

While studying, work on what YOU DO NOT KNOW. By this I mean, push aside the domains that you have fully mastered. Keep notes on the questions that you have missed on your practice quizzes, perhaps copying them into a word document. Later, try these questions again. Those are the ones you must work on. Find out why you had them wrong and why the answer you selected was the best answer.

On many occasions, people ask me which study path they should select. The choice will be driven by a few factors such as your personal ability, your time, your self discipline, your budget, and your geographical location. The choices are many today, some of the most popular choices available out there today are:

a. Boot Camp

A live class with an instructor is one of the most successful ways to prepare for and pass the exam. You must ensure that the instructor is a master of the CBK and has taught this class dozens of times in the past. The five- or six-day class you will take should not be your first exposure to the exam CBK. It should be a final refresher before you attempt the exam. If you do show up at your Boot Camp without any prior preparation, your brain will hurt after a few days. You might at become overwhelmed, as there is just so much you can cram before your brain can no longer take it. Passing rate for live classes are usually around 90% for training delivered by reputable schools such as Vigilar. However, the downside of this method is the cost. Training sponsored by your company works well with this type of approach. If you do not have an employer willing to pay the course, the methods below might be more appropriate for you. Live classes are definitively the answer if you tend to procrastinate or simply cannot discipline yourself to follow your study plan.

b. Live Online Classes

The live online classes are also an interesting option. They are delivered by a live instructor (not recording), and they usually have a flexible schedule and cost a lot less. You get the same content as you get from a Boot Camp, but do not have to leave your home. There is significant saving that you can get on travel and accommodations. The success rate of people attending live online classes is around 88% to 90%.

c. CBT tutorial

There are now some well developed CISSP computer-based tutorials that cover the same material as live and online classes. They vary in quality and content. My preferred one is the Shon Harris DVD package, and this is why I have it for sale on the site at the best price you can find anywhere on the net. See the following link for the details as to why I believe it is the best: CISSP DVD Tutorial by Shon Harris

d. MP3 audio files

A few companies are now selling MP3 audio files that you can listen to while commuting to work or while driving in your car. Some people are NOT visual and they will remember a lot better using audio only. This would be another option to use that is not very expensive and very flexible.

e. Self Study

The last method in the list, but not the least, is doing it on our own. This is a valid option if you have many years of experience in the security field and/or you can discipline yourself into following the study plan that you have developed. Hundreds of people have followed this path with success. The passing rate of people who do self study tends to be a bit lower. You MUST prepare well or else you might crash and burn. Do ensure you score consistently around 80% on the pro questions from this website before you feel good about taking the exam.

EXAM BOOKING

Schedule your exam far enough out that you have enough time to prepare.

Register early with ISC2 for your exam to save money on the exam fees. ISC2 has a special price for early registration. Of course, if you decide to cancel or change your exam date later on, you will be required to pay a cancellation fee.

Be aware that lots of exam locations are selling out. If you do not guarantee your seat early, you might have the disappointing news that there is no space left and the registration for the specific exam has been closed. It is something to keep in mind.

The exam is as much a physical endurance test as it is a knowledge and skill test. So, pace yourself—both in your studying and while taking the exam. One of the key skills to develop is reading.

WHICH BOOK TO USE?

There is no single resource that will allow you to pass this exam. You must have a mix of experience, learning, and dedication altogether. Here are some great resources that I recommend:

 

One of the best-ever books to prepare for the CISSP Certification is the Tipton and Krause Information Security Management Handbook 4th (2000). You have a version available online on the www.cccure.org web site. You can peruse it at: http://www.cccure.org/Documents/HISM/ewtoc.html It is an HTML version of the book that Auerbach gave us authorization to use on the www.cccure.org web site. I strongly recommend you read all of it. Even though published in 2000, it is still VERY MUCH in line with the exam.

The book that I most strongly recommend is the CISSP All In One, third edition book from Shon Harris. It has recently been updated to better match the exam. A lot of the content was rewritten within the third edition to better explain some of the key concepts. The book also includes a CDROM with practice questions.

http://www.cccure.org/modules.php?name=News&new_topic=76

The companion book I recommend with CISSP All In One is the Official ISC2 Study Guide. The book is very well aligned with the exam content and it is the only officially sponsored book from ISC2. Some people have reported that the book is hard to read. That is true. It reads like university study notes. If there would be only one extra book that I would be allowed to buy with the CISSP All In One, this would be it, for sure.

http://www.cccure.org/modules.php?name=News&new_topic=76

Last but not least: Do not inundate yourself with too many books. The two books mentioned above plus the HTML version of the HISM book are all that you need. Instead of constantly reading book after book, concentrate on these two and ensure you understand the concepts that are explained.

It helps to take notes as you make progress through the different chapters. Use the quizzes that come with the book and the online quiz on this site to test how well you are doing along the way.

THE HAL TIPTON SLIDES

Hal Tipton is the father of the CISSP Certification. He is still maintaining the CBK today and is someone I very highly regard and respect. I sincerely hope that I will still be as active as he is at his age. Hal has generously contributed two sets of slides that walk you through the 10 domains. I would recommend you quickly read through to give you a feel for the exam.

http://www.cccure.org/Documents/Hal_Tipton/Intro1.pdf
http://www.cccure.org/Documents/Hal_Tipton/Intro2.pdf


STUDY GROUPS

Forming a study group in your area is one of the best ways to dig deeper within each of the domains. Within a study group you can share knowledge, trade study tips, exchange materials, grill each other with questions. People will usually remember a real life example that another member of the study group has presented. I strongly recommend that you consider forming such a group in your area. If you need help, look at the Study Group Howto at:

http://www.cccure.org/modules.php?name=News&file=article&sid=525


QUIZZES
I will never stress this enough: do many quizzes, do quizzes from different sources. This will get you used to being exposed to questions on the same topics but presented differently. Once you get to the exam, you will find that it has a unique style of questioning. However, if you know the topics, you will be able to quickly come up with the right answer. Once again remember: quizzes are key to doing well on the exam.

DOWNLOAD THE CCCURE STUDY GUIDES

The web site currently has the largest collection of CISSP study guides on the Internet. There are hundreds of them from different authors. Peruse them and I am sure you will find one that suits your needs. There are some that are very detailed; some are simply small exam crams.

http://www.cccure.org/modules.php?name=Downloads&d_op=viewdownload&cid=10


THE EXAM

The exam is paper-based. You have an answer sheet on which you must mark your answers. Be careful that the number of the question on the answer sheet matches the number in the question booklet.

There are different colors for the cover of the exam booklet. Each of the colors represents a different rendition of exam. Each of the colors is of an equivalent level of difficulty. The persons sitting to your left and right will most likely get a different color or a different exam. This is to prevent fraud and copying between students.

The exam is as much a physical endurance test as it is a mental test. You must rest well the night before the exam or else you might run out of energy on exam day. Do not CRAM late the night before, by 21:00 hrs you should be done studying and you should be relaxing.

The exam has 250 questions. Each of the questions is weighted, which means that one question might be worth 1 point while the next one might be worth 3 points. The more difficult the question, the more points you get. It is not indicated in your question book how many points a question is worth.

Among the 250 questions, there are 25 questions that do not count toward your score. These 25 questions are being tested before they are introduced in future exams. They are not marked as beta questions, so you do not know which ones they are. If you run into a question on a subject that you have never heard of before, it might very well be one of those test questions. Do not panic.

Sometimes people tell me, “Clement, all of my questions were on Cryptography and you told me that Cryptography was NOT one of the most important domains on the exam.” This could very well happen. The 25 questions being tested are usually all on one or two domains of the CBK. This is why at times it seems that you had a lot of questions about one specific domain. Also, the domain you are weakest in, could seem to have the most questions.

When you receive your exam from the proctor, read it through once to build your confidence. Then, answer first all the questions you are sure of. Pay close attention to keywords, such as greatest, could, would, may, not.

As I have mentioned above: Reading is a key skill. Do take the time to read and understand the question. Take the time that you need. Six hours gives you plenty of time.

Bring some energy food or snack to take a break when you start to feel tired. It will definitively help you out. Only one person at the time is allowed outside of the classroom. You will be escorted by a proctor when you leave the room. They are very strict on this.

For the smokers: there is no guarantee you will be able to step out for a smoke. I would recommend you ingest your dose of nicotine before the exam. Sorry :-(

Ensure that you get to the exam site early. The last thing you want is to get stuck in traffic and stress before your exam. If you show up late, you WILL NOT be admitted into the exam room. Do not even try.

POST EXAM SYNDROME

After you have completed the exam, you will most likely feel that you under- performed. You may feel that the quizzes, study guides, and books you have read were not of great use. This is a normal reaction that I have seen on most exams. One of the factors that contribute to this is the fact that questions are weighted; so even if you answered 70% of questions correctly, you are not guaranteed a passing score. Most of time you really do not know if you have passed or not. At this point it is simply too late and there is nothing you can change.

Your exam results usually come fairly quick. I have seen results delivered in as little as a week and some after a few weeks. If you have not been notified and your friends have received their answers already, it DOES NOT mean that you have failed. It just means that your exam got stuck somewhere in a pile of exams to be corrected.


ADMINISTRIVIA
Make sure to bring your ISC2 registration letter with you. Numerous test takers show up to the exam site only to find out they are not on the list. If you have the registration letter, they will allow you to sit for the exam even if your name is missing on the roster.

Bring a couple of number 2 pencils. Sounds silly, I know, but lots of people didn't have them when I took my exam. Lucky for them, the testers were giving out green ISC2 pencils—not bad if you ask me; it would have been a nice consolation prize if I didn't pass ;)

Dress in layers. It must have been 55 degrees in the test room. I was VERY happy to have brought a sweat shirt. There were some freezing folks in there. By the same token, it could be too warm; so be ready for any weather condition. It does make a difference if you are comfortable.

Ensure that you carefully read the dress code that is specified on your letter. If it says suit and tie, it is probably because the test is being hosted in a private club or other location where such dress is mandatory. Improperly dressed, you will not get in.

GIVING BACK

Last but not least: Contribute back to http://www.cccure.org or kindly donate a few dollars to help pay the fees. This is how we will be able to continue offering this service and continue to help others who will follow your path to certification.


CONCLUSION
You must be ready to read a lot. There are hundreds of key concepts that are covered within the exam. Right now there is no single resource that will allow you to pass this exam. The only way to pass is through studying, having necessary experience in the field, and having the resources listed above.


If anyone out there has more tips to share, please forward them to cdupuis@cccure.org and I will be happy to add them to the tips listed above.