Last Updated on December 5, 2015 by Dave Farquhar
Five and a half hours ago, I turned in my test and departed the CISSP test site. It took me four hours to answer the nastiest 250 test questions I’ve ever seen in my life.
I felt better about it than the other guys milling around the lobby, but….
As I took the test, I marked the questions I wasn’t confident about. In the end, I had about 20 marked. As I transferred the answers from the booklet to whatever they call those forms where you fill in the circles with a #2 pencil, I found another five or so whose answers I reconsidered. Yes, I know your first instinct is usually the best way to go, but not on those five. At least not on all of them.
One of the guys who finished before me said he was unsure about half the questions. Ouch.
So by that measure, I should be OK. But I can’t help but think I missed something. Well, I know I missed something–just how much?
I probably know a dozen CISSPs, and none of them thought they passed the test the first time. So having doubts is normal.
I hope I passed, of course. I don’t ever want to take that test again. One guy I know took the test with someone who’s done it multiple times. He finished in about two hours, and said he just takes the test every three years instead of keeping up with continuing education.
I think that’s nuts.
I’m going to take a break from studying for a few days, then start up again, just in case. I have until April 30 to get the certification. Actually, studying is a misnomer. Drilling is more like it. You see, if it were an open-book test, I’d still miss questions. There’s material on the test that isn’t in any book. What I did was answer a couple hundred questions a day, research my wrong answers, do my best to figure out why they were wrong, and hope to get fewer wrong the next day. It mostly worked. I only saw two questions that were similar to anything I’d seen before, but reading the question carefully and peeling away the fluff typically revealed a basic question. Or two basic questions. The test never directly asked me what layer of the OSI model UDP is in, but it asked it in a roundabout way. It asked me about something obscure that uses UDP, and asked me what layer of the OSI model that was in. I knew UDP lives in the network layer; had I recognized that other thing as UDP-dependent, I would have nailed that question.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
Congratulations on ‘so far, so good’! Here’s hoping you’re done with it and can deal with CE in the future.
Dave,
Surviving the test without having your skull implode is half the battle. Waiting for the results is almost as bad as taking the test!
-Bobby
Good luck with the exam Dave. Waiting for the results and getting paper work passed is almost as bad as the exam.
BTW – UDP is layer 4 – transport hope you didn’t get too many of those
Just one, I think. I was glad I didn’t get too many. I’ve spent more than half my career sitting next to the network guy, but I was only THE network guy for two years, and that was in 1997 on a Token Ring network with no firewalls so that hardly counts. The only time I’ve ever had to know or use the OSI layers was to take CISSP, and maybe Security+.
“As I transferred the answers from the booklet to whatever they call those forms where you fill in the circles with a #2 pencil”
Scantron sheet (if you haven’t researched it or remembered it already)
Sounds like a gnarly test, I doubt I would have passed it.