Five and a half hours ago, I turned in my test and departed the CISSP test site. It took me four hours to answer the nastiest 250 test questions I’ve ever seen in my life.

I felt better about it than the other guys milling around the lobby, but….

As I took the test, I marked the questions I wasn’t confident about. In the end, I had about 20 marked. As I transferred the answers from the booklet to whatever they call those forms where you fill in the circles with a #2 pencil, I found another five or so whose answers I reconsidered. Yes, I know your first instinct is usually the best way to go, but not on those five. At least not on all of them.

One of the guys who finished before me said he was unsure about half the questions. Ouch.

So by that measure, I should be OK. But I can’t help but think I missed something. Well, I know I missed something–just how much?

I probably know a dozen CISSPs, and none of them thought they passed the test the first time. So having doubts is normal.

I hope I passed, of course. I don’t ever want to take that test again. One guy I know took the test with someone who’s done it multiple times. He finished in about two hours, and said he just takes the test every three years instead of keeping up with continuing education.

I think that’s nuts.

I’m going to take a break from studying for a few days, then start up again, just in case. I have until April 30 to get the certification. Actually, studying is a misnomer. Drilling is more like it. You see, if it were an open-book test, I’d still miss questions. There’s material on the test that isn’t in any book. What I did was answer a couple hundred questions a day, research my wrong answers, do my best to figure out why they were wrong, and hope to get fewer wrong the next day. It mostly worked. I only saw two questions that were similar to anything I’d seen before, but reading the question carefully and peeling away the fluff typically revealed a basic question. Or two basic questions. The test never directly asked me what layer of the OSI model UDP is in, but it asked it in a roundabout way. It asked me about something obscure that uses UDP, and asked me what layer of the OSI model that was in. I knew UDP lives in the network layer; had I recognized that other thing as UDP-dependent, I would have nailed that question.