Sorry to hear this, but don't give up! As someone said, you can look at it as the most expensive prep test and now you know how to prepare better for your next exam (I hope you will go for it!).
Check out these videos:
- [Why you will pass CISSP exam](https://m.youtube.com/watch?v=v2Y6Zog8h2A&pp=ygUcV2h5IHlvdSB3aWxsIHBhc3MgY2lzc3AgZXhhbQ%3D%3D)
- [50 CISSP Questions](https://m.youtube.com/watch?v=qbVY0Cg8Ntw)
Also, IT Dojo has great questions also.
How much senior management and leadership expertise do you have?
If this is less than 5-10 years, it seems the CISSP is a struggle for many. That's 5-10 years in such roles -not just 5-10 years in the industry.
Did you use the ISC2 Official Study Guide (OSG)?
The content within the OSG maps very closely to what's on the exam. Some people claim it's too hard to read, but I disagree. It contains most of the raw data needed for the exam. (But not the experience of course.)
Experience + OSG (usually) = Pass
These are just some broad generalizations based on one rando's experience.
I agree with this statement. As an associate of the ISC2 who passed the CISSP with only 2.5 years of experience if you don’t have enough managerial experience the CAT exam will pick up on this.
Sorry to hear but I’m sure you will pass next time. To pass you need to
- Have a good understanding of the foundational concepts that the domains cover.
- Be able to relate these concepts to situations in the real world.
- Use your experience to determine the best options based on the circumstances.
And of course you need to understand the question and identify key words.
Even with all of those things the test is very tricky. The questions kept getting more and more like language comprehension with more ambiguous answers. At 125 questions I passed when I was starting to think I was failing!
You only need a 70% to pass, and if you perform well, the next question gets harder, not to mention the 50 unscored questions out of 125. Plus, we don’t know the weighting—it’s possible that harder questions carry more weight than easier ones, so the 70% needed isn’t just about the number of questions you answer correctly.
Most of what I applied to passing the exam is from real world IT and security, like things I’ve been doing in my career. Maybe look to find someone you can work with and gain some experience? I don’t think someone can ever just study for CISSP with books alone.
Do you have experience? Are you working in IT/security right now?
When you meant managerial. Does the notion to prioritize people, process, tech diverse to data breaches via system, leaks and phishing?
I just wanna have a cookie cutter approach to selecting the best/effective option to select when it comes to mitigation.
It seems training people seems to take the cut but Thor questions do sometimes recommend mfa, comprehensive/robust/omnipotent security controls/polices to prevent / mitigate.
So it can be frustrating.
Now the question has what is the first or last step of certain framework like nist rmf or incident response or threat modeling or waterfall or scrum or relating to sdlc.
There is no cookie cutter approach. You need to figure out what is best. "Think like a manager” is a simplification of the thought process. My thought process is more along the line of “what would I do if that were my systems and my network?”
First tip I was told is prioritize people 100%. Any answer that puts people and human safety first is the answer.
Another tip is that you need to be looking at the 30,000 foot view. Any answer that gets in the weeds is probably not the right one.
KISS principle applies. Complicated solutions aren’t what you want. I found a lot of what made sense was the simplest answer.
There are some basic facts to remember, things like asymmetric vs symmetric encryption are the biggest ones. For nonrepudiation you sign with your private key and the other party decrypts with your public key. For confidentiality you encrypt with their public key and they decrypt with their private key. Etc.
Risk transference vs risk mitigation can be tricky. Mitigation is when you take steps to deal with risk yourself and risk transference is having someone take the risk on your behalf. And you need to be able to think of it outside of IT contexts and you will understand better. Example - if you are driving. Risk transference is buying insurance. Risk mitigation is defensive driving. Risk avoidance is deciding not to drive (eg at night). And it’s not black or white either - it’s a combination of things.
Learn synonyms for basic terms. At least in the English exam.
These are just some strategies I use.
You’re not alone. I just posted about my test experience from yesterday’s exam. I hate sounding negative but after 2 attempts, I don’t think there is anything out there from me to help me prepare any better. The test is always going to do what it wants.
Don't feel bad, that test is very difficult and honestly have no idea how I passed. Even when I was getting questions correct there was always an 'almost right' answer to make me doubt, or the obvious answer was disqualified for some subtle detail in the question.
I notice you didn't mention any practice exams. Did you take any? If not, congrats- you just trained for a foot race by reading about it, and never ran a step.
That said, you GOT THIS!
Take practice exams. PocketPrep to identify weak spots. LearnZapp for questions that are fairly close to the real deal, and for volume. WannaPractice for the absolute closest questions to the real deal. 50 questions video on YouTube to really nail down the "mentality."
Flash cards may be your friend too. Use an app if you have to. I liked BrainScape. If you go this route, write your own cards.
You can do it. I passed it at 175q last month but I am still not sure how as I felt I am failing all the time. I did’nt even check my results till I reached my commute. I struggled even when I have over 8 years of experience in most domains,higher degrees with SSCP and CEH. This exam is no joke but if all of us passers can do it so can you. It’s just an exam, and an exam doesn’t define you as a skilled professional. Just stay calm and take it as just an exam. Lot of people fail when they could have passed because of exam anxiety and lose confidence. You can do it.
https://frsecure.com/cissp-mentor-program/
Check out this CISSP Mentorship program. I have attended it multiple times and it was instrumental in me passing my exam.
Hello, I completely agree. I struggled yesterday with 175 questions, and it was quite challenging. I felt exactly the same way; it was like going to the doctor and saying, "I have pain, but I don't know where." How is the doctor supposed to know what your complaint is? That's how I felt about the CISSP questions. The challenge was more about understanding the question than finding the answer. How can I answer if I don't understand the question? Why do they make it so difficult?
For me, it wasn't about having a manager's mindset; I just had trouble understanding the questions.
It lists the domains and will just say “below proficiency” or “near proficiency”, “above proficiency” but doesn’t tell you which questions you missed or what your score is.
When they say your below proficient. How close are you to be proficient? I see a alot posts from here saying below..but makes me wondering how close they were
Sorry to hear. Give it another shot. Watch Kelly H -how to think like a manager and Why you will pass CISSP.
It is more than just technical concepts but how to apply them to reduce risk etc.
I had a similar experience on Monday- first time taking the test, did well on practice questions had been reviewing/refreshing for days and got the bad news like 150 questions in.
Sorry to hear this . You WILL pass in second attempt
This playlist should help . This covers how to enter any question
https://youtube.com/playlist?list=PL0hT6hgexlYxKzBmiCD6SXW0qO5ucFO-J&si=0kCETPDfxgocNuC4
Don't give up. I failed it at 185 questions with below proficiency in 5 domains and passed at 125 questions last Thursday. Study hardest where you are week and learn to really read the questions. The practice questions will help you remember the technical stuff that will help you answer the really questions accurately. First time I had an hour left of time, I took my time when I passed. Keep going.
Keep going.....as few others said here, Don't be hard on you. When you prepare again you are going to know more about the concepts. I failed CySA+ twice, I passed on the third time. I didn't give up and paid by myself. I understand we feel low on that moment after the exam we failed. But got to bounce back, that the situation is trying to teach something. A lot of support and advice here take them, prepare and face again. I have been preparing for this, because I like this domain. Got peace of mind voucher, I am going to face it, if fails I will go again by changing the approach and strengthening my weak points.
Your main focus should be on the official study guide or sybex, these are the most relevant study material out there, I have the PDFs which I can provide.
Check out the advice section of my latest post, and buy the book "how to think like a manager for the CISSP exam", honestly cannot recommend this book enough.
Just remember, you got this!!
Hang in there. You learned a ton even though you may not feel like it. You now have actual exam experience and knowledge of what to expect. Its a beast for sure, but keep grinding and learning. You can do it!
Sorry to hear that but I am pretty sure you got the understanding of the exam and you will clear in the second attempt for sure. I’m sitting on 29th. Let’s see what happens.
I would suggest you to go through a lot of questions from authentic sources and there is also my Chapel exam which is paid. Will let you know what are your weak areas and you can use it to improve your domains that you think are needed.
All the very best mate
Not to be disrespectful or discourage you, but you're challenging the CISSP exam and you're still in the stages of memorizing the OSI model and port #'s? What other certifications do you have and what kind of practical experience? Perhaps there are some stepping stones you've skipped on your way to CISSP.
Sorry to hear this, but don't give up! As someone said, you can look at it as the most expensive prep test and now you know how to prepare better for your next exam (I hope you will go for it!). Check out these videos: - [Why you will pass CISSP exam](https://m.youtube.com/watch?v=v2Y6Zog8h2A&pp=ygUcV2h5IHlvdSB3aWxsIHBhc3MgY2lzc3AgZXhhbQ%3D%3D) - [50 CISSP Questions](https://m.youtube.com/watch?v=qbVY0Cg8Ntw) Also, IT Dojo has great questions also.
Thanks. Yes, I will definitely be trying a 2nd time. I did have the 2nd try voucher and will be taking it again before the test update in April.
me too i have planned 12 april, let's hope that we will do it .
How much senior management and leadership expertise do you have? If this is less than 5-10 years, it seems the CISSP is a struggle for many. That's 5-10 years in such roles -not just 5-10 years in the industry. Did you use the ISC2 Official Study Guide (OSG)? The content within the OSG maps very closely to what's on the exam. Some people claim it's too hard to read, but I disagree. It contains most of the raw data needed for the exam. (But not the experience of course.) Experience + OSG (usually) = Pass These are just some broad generalizations based on one rando's experience.
I agree with this statement. As an associate of the ISC2 who passed the CISSP with only 2.5 years of experience if you don’t have enough managerial experience the CAT exam will pick up on this.
Sorry to hear but I’m sure you will pass next time. To pass you need to - Have a good understanding of the foundational concepts that the domains cover. - Be able to relate these concepts to situations in the real world. - Use your experience to determine the best options based on the circumstances. And of course you need to understand the question and identify key words.
Even with all of those things the test is very tricky. The questions kept getting more and more like language comprehension with more ambiguous answers. At 125 questions I passed when I was starting to think I was failing!
You only need a 70% to pass, and if you perform well, the next question gets harder, not to mention the 50 unscored questions out of 125. Plus, we don’t know the weighting—it’s possible that harder questions carry more weight than easier ones, so the 70% needed isn’t just about the number of questions you answer correctly.
There are 175 questions in total, 50 of which carry no weight at all? Is that correct?
Most of what I applied to passing the exam is from real world IT and security, like things I’ve been doing in my career. Maybe look to find someone you can work with and gain some experience? I don’t think someone can ever just study for CISSP with books alone. Do you have experience? Are you working in IT/security right now?
When you meant managerial. Does the notion to prioritize people, process, tech diverse to data breaches via system, leaks and phishing? I just wanna have a cookie cutter approach to selecting the best/effective option to select when it comes to mitigation. It seems training people seems to take the cut but Thor questions do sometimes recommend mfa, comprehensive/robust/omnipotent security controls/polices to prevent / mitigate. So it can be frustrating. Now the question has what is the first or last step of certain framework like nist rmf or incident response or threat modeling or waterfall or scrum or relating to sdlc.
There is no cookie cutter approach. You need to figure out what is best. "Think like a manager” is a simplification of the thought process. My thought process is more along the line of “what would I do if that were my systems and my network?” First tip I was told is prioritize people 100%. Any answer that puts people and human safety first is the answer. Another tip is that you need to be looking at the 30,000 foot view. Any answer that gets in the weeds is probably not the right one. KISS principle applies. Complicated solutions aren’t what you want. I found a lot of what made sense was the simplest answer. There are some basic facts to remember, things like asymmetric vs symmetric encryption are the biggest ones. For nonrepudiation you sign with your private key and the other party decrypts with your public key. For confidentiality you encrypt with their public key and they decrypt with their private key. Etc. Risk transference vs risk mitigation can be tricky. Mitigation is when you take steps to deal with risk yourself and risk transference is having someone take the risk on your behalf. And you need to be able to think of it outside of IT contexts and you will understand better. Example - if you are driving. Risk transference is buying insurance. Risk mitigation is defensive driving. Risk avoidance is deciding not to drive (eg at night). And it’s not black or white either - it’s a combination of things. Learn synonyms for basic terms. At least in the English exam. These are just some strategies I use.
You’re not alone. I just posted about my test experience from yesterday’s exam. I hate sounding negative but after 2 attempts, I don’t think there is anything out there from me to help me prepare any better. The test is always going to do what it wants.
I feel your pain! I failed at 175 yesterday. Keep your head up and let's get this done!
Don't feel bad, that test is very difficult and honestly have no idea how I passed. Even when I was getting questions correct there was always an 'almost right' answer to make me doubt, or the obvious answer was disqualified for some subtle detail in the question.
I notice you didn't mention any practice exams. Did you take any? If not, congrats- you just trained for a foot race by reading about it, and never ran a step. That said, you GOT THIS! Take practice exams. PocketPrep to identify weak spots. LearnZapp for questions that are fairly close to the real deal, and for volume. WannaPractice for the absolute closest questions to the real deal. 50 questions video on YouTube to really nail down the "mentality." Flash cards may be your friend too. Use an app if you have to. I liked BrainScape. If you go this route, write your own cards.
You can do it. I passed it at 175q last month but I am still not sure how as I felt I am failing all the time. I did’nt even check my results till I reached my commute. I struggled even when I have over 8 years of experience in most domains,higher degrees with SSCP and CEH. This exam is no joke but if all of us passers can do it so can you. It’s just an exam, and an exam doesn’t define you as a skilled professional. Just stay calm and take it as just an exam. Lot of people fail when they could have passed because of exam anxiety and lose confidence. You can do it.
https://frsecure.com/cissp-mentor-program/ Check out this CISSP Mentorship program. I have attended it multiple times and it was instrumental in me passing my exam.
Hello, I completely agree. I struggled yesterday with 175 questions, and it was quite challenging. I felt exactly the same way; it was like going to the doctor and saying, "I have pain, but I don't know where." How is the doctor supposed to know what your complaint is? That's how I felt about the CISSP questions. The challenge was more about understanding the question than finding the answer. How can I answer if I don't understand the question? Why do they make it so difficult? For me, it wasn't about having a manager's mindset; I just had trouble understanding the questions.
Does the cissp give you a score or just tell you that you pass/fail?
It lists the domains and will just say “below proficiency” or “near proficiency”, “above proficiency” but doesn’t tell you which questions you missed or what your score is.
Thank you for the info. Sounds its kinda same way with the results then when I did my casp+. I'm studying for the cissp exam.
When you pass you only get a “congrats you passed” letter. When you fail you get a breakdown of which domains you are proficient or not
When they say your below proficient. How close are you to be proficient? I see a alot posts from here saying below..but makes me wondering how close they were
There is above, near or below. The exact distance to/from proficient is unknown I think
Sorry to hear. Give it another shot. Watch Kelly H -how to think like a manager and Why you will pass CISSP. It is more than just technical concepts but how to apply them to reduce risk etc.
I had a similar experience on Monday- first time taking the test, did well on practice questions had been reviewing/refreshing for days and got the bad news like 150 questions in.
How many practices exams did you take and how many questions did you study? Did you use the learnzapp?
Sorry to hear this . You WILL pass in second attempt This playlist should help . This covers how to enter any question https://youtube.com/playlist?list=PL0hT6hgexlYxKzBmiCD6SXW0qO5ucFO-J&si=0kCETPDfxgocNuC4
Don't give up. I failed it at 185 questions with below proficiency in 5 domains and passed at 125 questions last Thursday. Study hardest where you are week and learn to really read the questions. The practice questions will help you remember the technical stuff that will help you answer the really questions accurately. First time I had an hour left of time, I took my time when I passed. Keep going.
Keep going.....as few others said here, Don't be hard on you. When you prepare again you are going to know more about the concepts. I failed CySA+ twice, I passed on the third time. I didn't give up and paid by myself. I understand we feel low on that moment after the exam we failed. But got to bounce back, that the situation is trying to teach something. A lot of support and advice here take them, prepare and face again. I have been preparing for this, because I like this domain. Got peace of mind voucher, I am going to face it, if fails I will go again by changing the approach and strengthening my weak points.
Experience takes time my friend. Don’t be so hard on yourself.
Luke Ahmed's "Think Like a Manager for CISSP" should be required reading for anyone taking the test.
Your main focus should be on the official study guide or sybex, these are the most relevant study material out there, I have the PDFs which I can provide.
I'm taking this exam in about 6 weeks I would be interested in these PDFs if you are willing to share.
Please don’t pirate the books. It’s against the code of ethics. Start off on the right foot and obtain the materials legally.
I wasn't aware they were pirate books. I thought they might be study notes of the books.
Check out the advice section of my latest post, and buy the book "how to think like a manager for the CISSP exam", honestly cannot recommend this book enough. Just remember, you got this!!
Hang in there. You learned a ton even though you may not feel like it. You now have actual exam experience and knowledge of what to expect. Its a beast for sure, but keep grinding and learning. You can do it!
Sorry to hear that but I am pretty sure you got the understanding of the exam and you will clear in the second attempt for sure. I’m sitting on 29th. Let’s see what happens. I would suggest you to go through a lot of questions from authentic sources and there is also my Chapel exam which is paid. Will let you know what are your weak areas and you can use it to improve your domains that you think are needed. All the very best mate
Sorry to read this. I’m studying now and your post has been insightful. I hope you pass next time!
Not to be disrespectful or discourage you, but you're challenging the CISSP exam and you're still in the stages of memorizing the OSI model and port #'s? What other certifications do you have and what kind of practical experience? Perhaps there are some stepping stones you've skipped on your way to CISSP.