What is the best study strategy 1

[Tarbuza]

Some say that no one book is enough. Some say none of the practice test is close to the real exam. Some say just focus on concepts. Some say either CISSP Prep Guide or CISSP All in one Guide would be enough. Some say the wording of question is straightforward and some says that it is vague and arcane.

Want to hear from all those who have taken a test on the above points.

 

[whostolemyhandle]

The exam room in Canberra was hot and uncomfortable. 250 questions under such conditions was as much a physical challenge as it was mental. A big bottle of water was essential. During the exam, I found the best way (for me) to tackle it was a combination approach. The pass mark is 70%. I figured that I would be able to answer 50% with near certainty. That leaves 20% to find in the remaining questions. So I whizzed through one-pass, reading all questions, and marked on the answer sheet, only those that I was certain in my mind to get right. The remaining questions, I marked on the question sheet with comments. I put one symbol to indicate that I would be able to answer the question with a lot more thinking-time, and a different symbol for those that looked impossible. Then on the second pass, after a break, I tackled the ones that were a bit tricky. It helped to underline key words, and keep reminding myself that the "BEST" answer was sought, not necessarily the book-answer. In these cases, a process of ellimination was helpful. Cross off those answers that are certainly not right. Then keep reading and thinking until you either see the answer for sure, or are left with at most two choices. If left with two choices, then mark the question for another go at it next pass. If you come to the conclusion that no amout of thinking will make you choose one over the other, then go with intuition, (not a guess - use the right side of the brain!) Then have a break and something to eat. By this time, the blood-sugar level will need a boost. On the final pass, take your time over each question until you come to a conclusion. I found that questions that were in the "impossible" category at fist sight often went into the "i am sure of" category after a break, more thinking, and something to eat.

Harris's "all you can eat" book was an ok read. But for me a tad verbose. I enjoyed the Krutz and Vines CISSP prep guide and wished that I'd actually bought the advanced prep guide. I really needed to do more prep on buisiness continuity and penetration testing, but with books specific to those topics rather than what you find in all-in-one CISSP texts.

My reading list was:
CISSP certification (Harris)
CISSP prep guide (Krutz Vines) [ Good - concise ]
CISSP for dummies (Miller Gregory) [ Good book! ]
Maximum Security (Anonymous)
Maximum Linux Security (Anonymous)
Hacking Exposed (Scambray McClure Kurtz)
Hacker Attack (Mansfield)
Complete Hacker's Handbook (DR-K)
Network and Internet Security (Auhja)
Internet Secuity Protocols (Black)
Secrets and Lies (Schneier) [ MUST READ ]
The code book (Singh) [ MUST READ ]
The RSA Press books on IPsec and others ( optional read )
Project Management (Kerzner) [ For reference - read parts of ]

Then, anything that I could get in the form of white-papers off the Internet, and texts written by Universities and Companies that showed up when typing in keywords and acronyms from the CISSP study guide available from ISC2.

I don't think any of the practice questions were representative of the exam. The ones in the exam ranged from dead-easy and obvious to "what the hell are they talking about?".

None of the questions in the actual exam seemed to demand a great depth of knowledge, but the range of required knowledge accross multiple diciplines, and the range of difficulty of the questions in the exam was very great.

So your study plan should be broad and wide, not too deep, unless you need to get to the details in order to form concepts. Some of the questions, might be based on industry opinion rather than hard facts, and these are the ones that give the most sweat during the exam, but reading undustry white-papers, and comments in forums from other professionals should fill some of this need.

 

[nkingcad]

Tarbuza,

Three easy steps for success.

1. TRULY meet the experience requirement.

2. Read Shon Harris' ALL-IN-ONE Gold book for review.

3. Make every attempt to attend a subject matter review session.

You do these things, and you'll be successful.

 

[jbaugh]

I agree with nkingcad, #1 is the critical key to success on the CISSP exam, #2 & #3 just help solidify what you already know and fill in the gaps in the areas where one is weaker. (The legal arena, HIPAA and other regs were the areas where the Harris book and the review helped me the most) I have heard that ISC^2 is cracking down on the experience requirements and I, for one, applaud this. I read in another thread on this forum, where someone thought that his efforts in gaining the MCSE cert were wasted, due to its lack of value in the job market, and didn't want to waste his time getting another worthless cert. I think that for security managers the CISSP will never be worthless as long as the cert holders and seekers don't succumb to the MCSE braindump mentality. That is the primary reason that the MCSE has fallen into disfavor of late, IMHO. If an individual is seeking any cert, just for its monetary value, then perhaps another security cert is the appropriate choice. CompTIA has come out with Security+, sure to be the darling of the security wanna-bes, both for ease of passage and much lower entry level requirements, compared to the CISSP. This is not meant to denigrate the Security+ certification, as we all must start out somewhere, but merely to illustrate that while perhaps the CISSP is not for everyone, there are entry levels into the security arena.

If one doesn't meet the experience requirements now, seek another security cert and gain the necessary experience. In the long run, it will preserve the integrity of the CISSP certification for those who aspire to it and/or attain it.

Joseph B. Baugh, PMP, CISSP, CBM, CCAI, CCNP, CCDP, CCSE, CUE
Network Services Manager, Sierra Southwest Cooperative

"The road goes on forever and the party never ends." -- Joe Ely: Love And Danger, 1993

 

[WestMountainGeek]

I have to agree also. Experience is the key. I just recently passed my third year and it is amazing how much information in the review books I understand (not just have memorized) as a result. In other words, someone could ask a question about that domain that was based on some of the premises of many of the books and I could answer it because I have worked in that area. I have set up comm rooms, I have work to install, maintain and secure networks, I have worked on securing VPN access and writing security policies. I can look at some of the access types and immediately think of the implementation we did with Active Directy and the use of group policy and organization units to create role based access. These are things that only come from experience and studying combined.