Posted: 10/27/2014 1:16:02 AM EDT
|
I'm an IT department manager and I'm looking to sit for the CISSP exam. I just wrapped up a 6-day SANS course for CISSP review and have a Master's degree in IA. I know there are a number of CISSP folks on here, so are there any tips I should know before sitting for that 6 hour beast of an exam?
|
Everyone studies for this test in their own way. I think I went a bit overboard with my 90 day plan. Looking back I would just stick with the following:
I didn't like the Sybex book but the CISSP for Dummies book is surprisingly decent. It's concise and to the point compared to the Shon Harris mountain of a book. The most valuable resource to me was the CCCure Practice tests. You can sign up for the free account to get a limited number of questions. I signed up for the 6 months of access for about $50. One thing you have in your favor is that you did the SANS training. SANS in my opinion has some of the best instructors on the planet. Every class I have ever taken through them has been top notch. I have seven SANS certifications and have taken over ten of their classes but I did not use them for CISSP training. |
|
Quoted:
Everyone studies for this test in their own way. I think I went a bit overboard with my 90 day plan. Looking back I would just stick with the following:
I didn't like the Sybex book but the CISSP for Dummies book is surprisingly decent. It's concise and to the point compared to the Shon Harris mountain of a book. The most valuable resource to me was the CCCure Practice tests. You can sign up for the free account to get a limited number of questions. I signed up for the 6 months of access for about $50. One thing you have in your favor is that you did the SANS training. SANS in my opinion has some of the best instructors on the planet. Every class I have ever taken through them has been top notch. I have seven SANS certifications and have taken over ten of their classes but I did not use them for CISSP training. I will say that I know the meat and potatoes of the material, but the SANS training really helped get me ready for the test part of it with regard to ISC2 logic, phrasing, question discriminators, etc. Dr. Cole did one hell of a job presenting the class, but I want to make sure I'm adequately prepared. |
|
Been about 4 years since I did mine, but I assume it is still true. It is not a tech exam by any stretch, it is a tech management exam. Read the Shon Harris book cover to cover. If anything doesn't make sense then look in the ISC2 book. That will cover you for MOST of the questions. The CCCure info was decent. The test is about finding the "best" answer in a field of several right answers. If one leans towards employee safety, it is always safety. Upper management always has to buy off. Always go for more secure. If two items are similar, do the one with better returns. Know the difference between Hot/warm/cold sites and why you would chose one over the other. Most IT don't do the physical security side much, so spend some time going over that. |
|
Quoted:
Most IT don't do the physical security side much, so spend some time going over that. Currently doing IT for National Nuclear Security Administration physical security. These guys sent me through grenade training so I can perform ancillary duties. Got that shit down. |
|
Quoted: Currently doing IT for National Nuclear Security Administration physical security. These guys sent me through grenade training so I can perform ancillary duties. Got that shit down. Quoted: Quoted: Most IT don't do the physical security side much, so spend some time going over that. Currently doing IT for National Nuclear Security Administration physical security. These guys sent me through grenade training so I can perform ancillary duties. Got that shit down. Since you are .gov I will just add that the answers expect you in the real world, not the .gov world.  I know a number of guys that have struggled with that. |
|
Quoted:
Since you are .gov I will just add that the answers expect you in the real world, not the .gov world. I know a number of guys that have struggled with that.
Quoted:
Quoted:
Quoted:
Most IT don't do the physical security side much, so spend some time going over that. Currently doing IT for National Nuclear Security Administration physical security. These guys sent me through grenade training so I can perform ancillary duties. Got that shit down. Since you are .gov I will just add that the answers expect you in the real world, not the .gov world. I know a number of guys that have struggled with that.
Eh, I'm .ctr so I have some experience outside the realm of typical .gov bureau-think. I think I have a good handle on it, but that's what worries me. |
|
Quoted:
When I did mine it was on the paper test and I took it with 9 coworkers. I blew though mine pretty quick and was the first one done by a couple hours. Then I had to wait 6 weeks to get the results. 
Five of us passed, fortunately I was one. With the digital test, they reserve the right to audit exam results and don't release them immediately following exam completion in 2-3% of cases. I would have shit myself if I blew through the test and then had to wait 4-6 weeks to get my results. |
|
This is almost the exact plan that I followed for a few months. The week of the test I went to a boot camp and got my ass kicked with information overload. Somehow I managed to pull it off on the first try.
Quoted:
Everyone studies for this test in their own way. I think I went a bit overboard with my 90 day plan. Looking back I would just stick with the following:
I didn't like the Sybex book but the CISSP for Dummies book is surprisingly decent. It's concise and to the point compared to the Shon Harris mountain of a book. The most valuable resource to me was the CCCure Practice tests. You can sign up for the free account to get a limited number of questions. I signed up for the 6 months of access for about $50. One thing you have in your favor is that you did the SANS training. SANS in my opinion has some of the best instructors on the planet. Every class I have ever taken through them has been top notch. I have seven SANS certifications and have taken over ten of their classes but I did not use them for CISSP training. |