https://www.cybrary.it/wp-login.php
https://sybextestbanks.wiley.com/index/login
http://www.totalsem.com ( Download question emulator).
https://www.mhprofessionalresources.com/sites/CISSPExams/
Facebook group - Study notes and theory
https://www.studynotesandtheory.com/signup
https://quizlet.com/12503004/cissp-business-continuity-and-
disaster-recovery-flash-cards/
Dan's Notes (Only found on Study Notes and Theory member site) & Sun flower PDF
notes.
Mind maps
NIST
Online study and self made notes, questions
Kelly's boot camp same as her Cybrary videos
SNT Telegram Group (I got all the prayers, good wishes, and support throughout and
while taking the exam I felt I was doing it on everyone's behalf, so I HAD to do
well)
Important areas:
Significance of Board/Executive Committee(Process Guide Page 1) applicable to all
domains
Madunix Process guide-understand what each step really means Sybex: BCP, DRP
Shon: Crypography concepts,Telecommunication and networking, Mobile Device
Management
DoS: https://security.radware.com/ddos-knowledge-center/ddospedia/ and then
searched online for solutions for attacks Secuirty in the Cloud: NIST 800-144/145
Test Engines:
End of chapter questions from each book
Luke Ahmed
Hi Everyone ,
Yesterday I passed the new CAT format CISSP , my exam was cut off exactly at 100
questions . Exam is very different and tougher than all the questions I
practiced(and I did a lot of practice questions, may be 5000+ approx ?). I started
this journey last year when I joined SNT group and attended one of Luke�s class
which covered basic but core concepts of Information security that you need to
apply in all domains. His classes are hard but very good as they give you deeper
understanding of the subject . He also introduced me to what�s app group which
later became a Telegram group and I found few of my study partners from there.
Thanks First : To my family � my husband who is very supportive and handled lot of
work at home so I can study and my two kids as I was not able to devote that much
time to them, they were worried and texted me on exam day to ask me my result ? .
Special Thanks from the Telegram group to MadUnix � process guide is very useful,
and my two new special friends Bhavya and Angilica M and of course lot of other
members who motivate each other. And Thanks to Luke for starting and managing FB ,
SNT WebSite , Trainings , Questions , I know it takes a lot of time , energy and
patience.
Study Material used: Eric Conrad (as main source) , but also read many chapters
from Sybex , Shon and CBK . I did domain 1 , 3 , 4 , 8 from all these books. I also
watched Kelly H , videos twice � in the beginning as well as in the last week
before my exam. I highly recommend Kelly H for Crypto and Domain 8. I also attended
Sari Green�s two day cissp camp on Safari Online.
Questions : All chapter end questions from all books , ISC2 questions , Total
Tester , Total Tester Cram , Exam Cram(only some from here) , Sybex Bank ,
MHProfessional(only some) , Some CCure ( I took membership , then it expired and I
didn�t renew as I had enough questions) and many questions from Telegram group.
Study Plan � I used to study 4-5 hours every day when I started in dec last year ,
early jan � then I stopped in the middle around March and didn�t started again till
September . This was a big mistake � if you start something � you should not leave
in middle and I had to study all over again . But this time I studied 4-6 hours
daily from sept to Dec . Some days I was not able to devote time as my work was
very busy or home front was busy, but I always covered up over weekend. I booked
one week vacation before the exam and I spent prob 10 hours daily in that last week
.
Exam Day: Two days before exam I thought I am not well prepared , but I got lot of
assurance from others that it happens to everyone and I can do it . I Only read
process guide in the morning , reached center around 7:30 AM , it was very busy as
lot of girls were giving RN exam . I had to wait one hour to start my exam . Every
time you go in or come out for break you need to do a Palm Vein Scan ? , highly
secure . You cant take anything inside � no water , no food . They give you noise
cancelling headphones .
There was another guy giving CISSP , who came with a Lunch box , and after one hour
he started checking with the Procter that his exam duration is not correct and this
is supposed to be 6 hour exam . Procter came inside and asked me so I told him
about change and CAT ?. They said they didn�t get any notification from ISC2.
I was able to sense when I was getting easy questions that my last question was
wrong ? , questions were hard , I wrote down �Think like a manager� on board that I
got from Procter � but I kept on waiting for those kind of questions , My question
set was very technical � heavily focused on Crypto and Network. SO I can�t say that
this domain is important � you need to be well prepared for exam and cover all
domains in depth � I actually mean in DEPTH . e.g. If you don�t understand L2TP ,
IPSEC , GRE and how they work � pls. study and think of situations where it can be
used , don�t just read about attacks � understand how they work , watch videos
STUDY MATERIALS:
- Watched the whole series of Kelly's, David Miller (wonderful videos)Sari Greene,
Luke Ahmed videos ,urduIT and skillset.
- ISC2 Official Study Guide- Sybex (cover to cover twice) , Eric Cornard cover to
cover.
- Sybex- Official practice tests and book test
- AIO and CBK � referred for BCP/DRP and SDLC.
- AIO total tester and AIO 4th edition questions
- Used random YouTube Videos for understanding a concept more deeply.
- Madunix Process guide , and his guidance (Dos/Don�ts in exam) before my exam
really helped.
My Tips
Read / write, Read/write, Read/write unless you understand the concept. Watch
videos � Studynotesandtheory.com has awesome videos../ Saree Green / Kelly
Whenever a topic wasn't clear to me in Sybex, I referred to CBK. If the CBK wasn't
enough, I would search the NIST document corresponding to the topic. I asked
questions and asked multiple people just to make sure I understood the topic
correctly. I got a better grasp of the subject. But I was still hesitant, and fear
was eating me alive. The test day arrived. Believe me, they tend to arrive and you
want to postpone because you think you are not ready. I wanted to wait, but was
told to go take the test as I was ready.
I arrived at the test center an hour earlier; Bay Area traffic is a nightmare. They
let me in. The test starts, and my first 200 questions were harder than my last
test, not a good thing. I wanted to take break, but changed my mind. I flagged
about 15 questions but kept going till I got to 250. I had about 208 minutes to go.
Had a snack, and laid down on the chairs for a nap. Woke up refreshed and went back
to the test. For the review time, I remembered the important things told to me by 3
different people:
And that is exactly what I did. Relaxed, Reviewed, and Imagined "Congratulations".
Thank you very much all in SNT FB, Telegram Group CISSP, Information Audit FB,
WhatsApp Groups CISSP) for your guidance and support!! Special recognition goes out
to my family, for their support, also special thanks for Milhovitch Yaniv , Ahmed
Khatibi, Ahmed Khan, Luke Ahmed, Saddam, Joae, DJ, Clement, Mark Dalton, Kanchan,
Shalini, Fitwi, Ibrahim Kaspri, and Vaibhav Pathak for their continued support.
EXAM DAY:
- Made 100 questions
- Small break
- Back and finished 100 questions
- Small break
- Back and finished the 50 questions left
- 45 flagged questions (shocked questions)
- Small break
- Went back to review flagged one
- Made a complete review for all questions, just to give them a second eye
- Finished the exam with 5hours 55min
- Print out PASS
Study duration
The journey started last year with a 1-week boot camp, sponsored by my company.
Honestly, these things are best if attended towards the end of your preparation and
not at the start. By the end of the week, I knew it would be a long road to exam
readiness. I came here to find out how people were preparing and Eric Conrad's
book, along with Kelly's Cybrary videos had great reviews from a lot of posters so
I went to get them. I started off watching the Cybrary videos as recommended by one
of the posters whose post title I can't remember right now. His recommendation was
to watch Kelly's videos passively at first without taking notes, then read the
book(s), taking notes this time, and watch Kelly's videos again, taking note of
things that may not have been clear the first time. I listened to Kelly's tapes and
Shon Harris' audio on the way to and from work(1 hour drive each way) then
downloaded David Miller's videos(Pearson) and converted them to audio for the same
purpose.
Total time between my Bootcamp and the exam was 6months, but there was a 2 month
period where I suspended reading because I wanted to confirm my exam date and the
only accredited center in my city couldn't book the dates I wanted.
Materials
Cybrary CISSP videos(Kelly Handerhan) - 10/10, Kelly knows! She goes straight to
the point on the key areas you need for the exam and delivers the content in the
most interesting way. There is a video in the intro module where she talks about
the exam, every second in that video is gold. I listened to it twice on the drive
to the exam and it was very helpful in putting me in the right mind-frame for the
test.
Eric Conrad Book(3rd Ed) - 9/10 - Smallest in size of all the books because he goes
straight to the point. However, it's better for people with a prior understanding
of some basics because a couple of things are assumed, or just overlooked.
Sybex Book - 8/10 - More detailed book but still easier to read than the Official
Guide(Please don't even bother skimming through that). I found it too voluminous
and only used it to close gaps in understanding exposed in practice tests.
David Miller CISSP Course - 9/10 - Another very good resource, lengthy course but I
would recommend it for domains you don't have too much experience with. He really
goes deep in trying to let you understand the concepts. Played them at 1.5x speed
because I found that he spoke a bit too slowly for me
ISC2 Official Practice tests - 9.5/10 - Highly recommended because the question
style is closest to that of the real Exam. I was scoring mid 70's - 80's on the
practice tests
Participant
Passed my CISSP on Sept 30th. Thought I�d share my journey. Started June 5th 2017
and ended my journey on Sept 30th. Before I started I performed my �due diligence�
on researching what other successful people did before me. Since it worked for my
PMP, why change my methodology. Once I settled on the resources, I put together a
formal CISSP Study Plan. Treated my CISSP as if it was a formal project. I studied
every single day. Never once did I miss right up to Saturday, Sept 30th. Used the
following resources:
I also created a CISSP study group that the 5 of us would meet every Thursday and
give a 5 minute class to the group on what they thought was their �weakest�
subject. The best way to learn a subject is to teach it. The week before the final
exam, I took the 3 Transcenders exams (Mon, Wed and Thursday). Friday I read Eric
Conrad�s 11th Hour book. On Saturday my test was scheduled for 1:00 PM. Started on
time. Completed exam in 3 hours 42 minutes. Passed.
Submitted my application for endorsement. My CISSP sponsor endorsed on Oct 8th. Now
just waiting for final approval from ISC2. Says to allow 4-6 weeks.
Hope this helps some of you in your CISSP journey! Good luck
Looking back, I think that the Eric Conrad books are the best. On the two days
prior to my exam, I read the whole of his study guide (not the 11th hour, but the
full version). It really prepared me very well. Beyond that, official Sybex was
pretty good but a bit dry. Conrad explains things better and covers the same
ground.
For videos, there's the outstanding free Cybrary ones of course but I really
recommend the 60 hour set of videos from David Miller (which is at
SafariBooksOnline - you need to buy a minimum one month subscription but really
worth it. The same website also has brilliant summary videos from Sari Greene which
are as good as the Cybrary ones. It also has Sybex, Eric Conrad, and a load of
other CISSP books so I recommend everyone get a subscription). You can get a one
week free trial BTW.
There is a brilliant Audio Book by Phil Martin called Simple CISSP. I listened to
this a lot in the weeks leading up the exam. Highly recommended. Similar to the
Cybrary videos for a great summary of essentials. If you don't have an Audible
account then you can get one free book so do sign up (remember to cancel
subscription though and you'll pay nothing). I used this a lot on the commute to
work and at the gym � basically whenever I couldn�t read a book. It was invaluable.
It�s a 16 hour audiobook so not as in depth as, say, David Miller, but equivalent
to Cybrary. He covered the large majority of things on my exam � really worth it.
First, I get a bit baffled by some people online who expect practice exam questions
to be found on the real exam. Why would anyone think that?!!! I've read complaints
on various boards from people saying that the real exam didn't have any questions
found in the practice exams. But why should they? I'm really surprised people
expect that! Anyway, I used a few practice exams:
Sybex - pretty close to the real exam style IMO but a bit too technical. And there
are too many �easy answers� - what I mean is that of the four choices, Sybex very
often have three "obviously wrong" answers. That's NOT what the exam was like for
me. In my exam, there was typically one "obviously wrong" answer but often three
that were plausibly correct. That makes the exam significantly harder than Sybex,
even if the style of the question is right. Sometimes, the exam had FOUR very
plausibly correct answers, so it was very tough to choose one. By contrast, the
official Sybex questions often has 3 �obviously wrong� answers so you can find the
right answer by eliminating the ones that are obviously wrong. In my real exam
there were plenty of questions with four plausible answers.
The other problem with Sybex is that the question set is a bit narrow. I�ve done
all of them including both 250 question mock exams. The problem with Sybex is that
too many of the same topics come up again and again and you can be lulled into a
false sense of security by being tested on the same thing, which causes you to gain
particular knowledge. For instance, Sybex have lots on Kerberos. Well fine, but
what about Sesame or other systems? After doing a few Sybex questions, and learning
from the answers, I became very knowledgeable on Kerberos but soon realised I was
getting all Kerberos questions right but deep down knew that I had very little
knowledge of Sesame which uses difference terminology and adds extra features.
There are lots of other examples of that with Sybex. By the time, I came to the
final 250 practice exam, I could almost predict what topics would come up.
Unsurprisingly, I passed the Sybex practice exam very easily but the real exam was
far harder. Most other practice exams have a better range of questions.
Shon Harris / Jonathan Ham practice exams book, 4th edition � this is WAY, WAY too
technical. The exam is not like this at all. I am not a technical person so found
these questions very difficult. I was averaging about 55-60% yet I still passed the
real exam today! This practice exam book needs a total rewrite because the real
exam has far fewer technical questions of this type.
PocketPrep Phone App � FAR FAR too easy. Don�t waste your time with this. I was
getting close to 90% and the 10% I got wrong was because the question was phrased
in a weird way, as if not written by a native English speaker. These questions are
far too easy. While the exam has some easy questions the PocketPrep app is almost
entirely easy. It is not a good guide.
Eric Conrad - probably the closest questions to the exam with very well chosen
questions BUT the answer choices are too easy. In the Conrad book and accompanying
online practice exam, the four choices contain too many "obviously wrong" answers.
This is the same complaint I had with the Sybex official answers, where you can
find the correct answer by eliminating the obviously wrong ones. The real exam is
not that easy. In my exam, I often found it hard to choose the correct answer
because 3 or even 4 answers were plausibly correct. However, in general, the type
and style of Conrad�s questions are close to the real thing. Conrad's questions are
on his publisher's website which is here:
http://booksite.syngress.com/companion/conrad/ (but needs flash so might not work
on mobiles)
?10-27-2017 08:06 AM
Re: Road to CISSP
I just passed on Sept 30th. Here are the resources I utilized. In my humble
opinion you can't pass this exam just trying to memorize definitions, etc. It's a
cognitive exam that requires critical thinking in my opinion. Good luck on your
road to CISSP!!
Just passed today on 100 of questions after 2 hrs. I was a bit nervous when I have
replied on Question #100 , because at this point you can Success, Fail or given a
more 50 Questions
I would like to share my experience now.
My preparation materials:
- David Miller, CISSP Certification Training, O'Reilly Media ( preview
https://www.youtube.com/watch?v=-STavSyyVAU )
- Conrad E., Misenar S., Feldman J. - CISSP Study Guide, 3rd Edition - 2015
- Sybex CISSP 8th edition (40 usd) , I read it just a month before examination just
to refresh and get a Bonus exams. I like the book in general, however the QA in the
book is very simple. You can rely on this QA just to estimate how you understand
the Topic but not Certification process 8th edition add some new ITSec vendors,
GDPR notes, Russian hackers etc.
Testing:
- Sybex CISSP Practice Test book and Android app (40+9 usd) - Very Good. For full
practice tests I got 70-75 %
- Sybex Bonus Exams (5 * 150 questions) - Very good.
- cccure.education exams for 50 usd. Many tests of Hard or PRO with 60, and then
75-80% of success rate - Very good.
- Sunflower PDF for quick refresh during Training Tests. Good.
- Shon Harris CISSP Practice Exam 3rd edition
- other CISSP test apps available on a google play
During all practice tests my score was never more than 80%
I had a notebook where I wrote all my Failed Q/A. This was so productive for me to
write down where I have failed.
About Exam:
- There was only 15 quite simple questions like "What service works on port 25" or
"what could cause a DDOS attack". All Other was quite challenging for me and took
1-2 mins and still with a doubts.
-----------------------------------------------------------------------------------
-----------------------------
Luke Ahmed
Hello Friends!!
As promised today evening, I am penning down my CISSP Journey!
This document is divided into 2 parts:
Part 2 How to overcome your fear and pass CISSP/any other exam. (Mostly these are
the lessons I learned during this period which I want to share with those, who are
starting their CISSP journey)
Part 1 is straight forward and talks about the preparation strategy, methods and
resources. (Still 4 page long)
PART 1:
I am Mohammad Rustam an IT Engineer by profession, with total 9 years work
experience in IT, including 8 years in Network and Information Security.
I started my CISSP journey in April 2016 on a very casual note, searched and liked
FB CISSP page of Luke, got SHON 6th Edition and started flipping through it and
answering on FB CISSP page A, B, C, D �. The small initial and MOST IMPORTANT
steps.
Lesson learned: There can be many reasons to success but reasons for failure are
mostly same and few!! Avoid them!
Learn from other�s mistakes, FOCUS on basics and clear your CONCEPTS!
Before sharing the resources would like to advise you all, Please DO NOT ASK for
free PDFs or other resources it is UNETHICAL!!
There are many good resources which are freely available on internet and few are
Paid and copyright works of others!
Respect their hard work and purchase some good books, believe me, it will be your
best investment (Investment in your EDUCATION/Future).
RESOURCES
Membership: I have Singapore Library (NLB) membership, so I could refer multiple
books and purchased 4 books in total.
Books
Main Book : Sybex official guide 7th Edition (Read end to end Twice)
Reference Book : Shon Harris AIO 7th Edition ( Referred for clearing doubts on
topics which I couldn�t grasp from SYBEX)
Eric Conrad 3rd edition : Read 2 domains ( Asset Security and Security Assessment
and Testing)
SHON CISSP Practice Exam 4th Edition ( Gives explanations to all 4 options, very
helpful)
McGraw Hill Free online practise tests (SHON Harris, very good material, link
below)
https://www.mhprofessionalresources.com//sites/CISSPExams/exam.php?
id=Telecommunications
VIDEOS
CYBRARY�s Kelly Handerhan CISSP course
David R Miller CISSP ( O�Reilly, referred for few topics, 10 days free trial, then
subscription needed)
Idea is to add to these notes so that, at final stages of preparation one will have
FINAL notes to refer rather than going through whole book.
Strategy: Study>Test>Revise ( Memory cementing effect, make mistakes and learn from
them for long term Memory retention)
Study Each Domain ( Books & Videos) Identify weak areas Test Revise /Review
Wrong answers/Weak topics Add your notes to SUNFLOWER notes.
P.S: Notes should be taken during studying and testing as well, you will find many
important points while tests too, note them.
"When people are practicing memory retrieval while they're learning, they're
practicing the same skill they'll need to recall the information on a later test."
--M. Price
STEP 1: Read Sybex chapter word by word and watch Kelly�s video, identify and mark
weak topics/ take note.
STEP 2: Test � Sybex Chapter questions, McGraw Hill online questions, SHON AIO and
Practise questions, SYBEX Official Domain 100 questions.
STEP 3: Review your wrong questions and revise those concepts and note down weak
areas and add to SUNFLOWER notes.
Once all 8 Domains are done and tested, its time to take Full Length Tests (FLTs) I
took total of 7 FLT with an average of 70+% score in real Exam Simulation mode.
Note: Each test should be followed by review of wrong questions and re reading weak
areas before taking next FLT.
6th-7th Feb were very relaxing and focused on the FINAL SUNFLOWER notes and few
videos.
I would NOT suggest to read till last day,I could not stop myself from
watching/revising till last hour , which now I think was not necessary
In 1st hour I attempted 80 questions which gave me huge boost that I can do it,
after that there was no looking back�took 1st break of 7 min after 90 minutes in
exam.
Completed 250 questions in 4 hours and took my 2nd and final break of 10 minutes
after it.
Last 2 hours were for review of flagged questions (approx 50 questions), I changed
answers of 12-13 questions after carefull review and submitted the exam 33 minutes
before end time.
I am writing this section specially for those who are in the very initial phase of
their journey, many are planning, few stopped in between and planning to restart
the journey and others are just in dormant stage.
I saw below post from LUKE on FB CISSP page when we crossed 10000+ members
milestone, BUT I started thinking why only 50 CISSPs in group of 10000 ( 16000+
now) ?
The answer was simple, only few handful persons set their GOAL and work towards it,
rather than DREAM to becoming CISSP one day! They all have dreams that�s why they
are on this wonderful group but some how not active!
Its not our fault, we are coded to be a dreamer.
DREAMS Vs GOALS!
Set a deadline and work to achieve it, don�t be harsh to yourself or your dear
ones, be little FLEXIBLE but DON�T PROCRASTINATE too much, it is deadly, else your
dream will remain your Distant Dream for ever.
Watch this 6 minutes video based on research on GRIT its very inspiring !!!
https://www.youtube.com/watch?v=H14bBuluwB8
https://brightside.me/article/a-japanese-technique-for-overcoming-laziness-11255/
NEXT day sit at same time for 15-20 minutes and continue�..do it daily (take small
bites and digest)
Don�t regret if you miss a day or 2 but the GAP should be minimum.
Follow this to put yourself to a routine and gradually increase your study time,
you can also increase sessions �.like morning and evening.
I started with 20-30 minutes initially and during final days I was like 24*7 ??
Need some more�.to get inspired and kicking ?? read on �
Below is my Fav 3 minute video of Karoly !! Whenever I felt low I watched it and
Luke Ahmed�s and Lisa�s Framed CISSP Certificate they kept me goiiiiiing !!
https://www.youtube.com/watch?v=jDTI629A_9k
Last advice
CISSP is the COMMON LANGUAGE which security folks speak throughout the world!
And the easiest method to learn any language easily, is to surround yourself with
it.
Like few CISSP, Security groups on Social network, read books , discuss, observe
others.
-----------------------------------------------------------------------------------
-------------------------