Security.com

How to pass the CISSP exam on your first try: Tips to get a good score

By Andrew Briney and Jessica Scarpati

Everything you've heard about what it takes to pass the CISSP exam is true. It's both disarmingly easy and bewilderingly difficult. It's at once incredibly rewarding and pull-out-your-hair aggravating.

This article aims to demystify the process and help you prepare with tips for obtaining one of the most prestigious cybersecurity certifications in the field.

What is the CISSP?

CISSP stands for Certified Information Systems Security Professional. The credential was created in 1991 by (ISC)2 Inc., a nonprofit that is the caretaker and credentialing body for the CISSP.

According to (ISC)2, the certification is "an elite way to demonstrate your knowledge, advance your career and become a member of a community of cybersecurity leaders. It shows you have all it takes to design, engineer, implement and run an information security program."

What are the requirements for obtaining and maintaining a CISSP?

To qualify, you need at least five cumulative years of paid, full-time professional experience, including at least two years of work in the exam's eight Common Body of Knowledge (CBK) domains.

Alternatively, you can have four years of experience, plus either a four-year college degree or an approved credential from the CISSP Prerequisite Pathway. You also have to agree to the (ISC)2 Code of Ethics and provide background information on things like felony convictions and involvement with hackers.

The second step is to pass the CISSP exam. If you fail the first time, you can retake it, though you have to pay each time. If you pass, you must obtain a written endorsement within nine months from someone who can attest to your professional experience and who is an active (ISC)2 credential holder in good standing.

The certification is valid for three years. Each year, you must earn and post at least 40 continuing professional education credits through educational activities, such as attending live events, online seminars and other learning opportunities. There is also an annual maintenance fee.

Why get a CISSP?

Most current and would-be CISSPs say the primary reason they want a CISSP is to increase their marketability. Other motivations include filling in knowledge gaps, earning peer recognition, expanding one's professional network and contributing to the development and maturation of the cybersecurity profession.

One benefit of CISSP certification is that, in preparing for the exam, you're going to learn a lot about subjects you didn't know about before. Sure, some of this material is boring and impractical, but studying for the exam will give you a very strong knowledge base in topics like security architecture, risk management, business continuity, information assurance and more -- no matter how hard they seem at the time.

What's the exam like?

The English-language exam is 100 to 150 questions. These comprise multiple-choice questions, as well as advanced innovative questions.

The English exam uses Computerized Adaptive Testing, using an algorithm to adjust the difficulty of each successive question based on the candidate's ability level. Candidates are given three hours to complete the exam.

The questions are weighted differently, adding up to 1,000 points. To pass the CISSP exam, you must obtain a minimum passing score of 700. You only receive a score of pass or fail.

If you fail the exam, (ISC)2 reveals some details of your performance. You will receive a ranking of the exam domains according to the percentage of questions you answered correctly. If you're preparing to take the test a second or third time, one of the most important tips is to look at which domains you did poorly on and pay extra attention to those areas when studying.

What subjects does the exam cover?

The exam tests on topics from the eight CBK domains:

  1. Security and Risk Management
  2. Asset Security
  3. Security Engineering
  4. Communications and Network Security
  5. Identity and Access Management
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

Tips for passing the CISSP exam

The exam is best characterized as an inch deep and a mile wide. With that in mind, how difficult is it to pass the CISSP exam? It is a matter of perspective.

Here are a few tips to consider when preparing for the big day:

Do I need to take one of the CISSP exam-cram classes?

If you can get your boss to pay for a boot camp class -- they often cost several thousand dollars -- and can afford the time out of the office, do it. You won't necessarily learn anything different from an equivalent course of independent study, but a boot camp will give you a lot more confidence that you're on the right track. The instructors can help you grasp complex topics, and you can band together with fellow students to form study groups. All of these things help you get motivated and pass the CISSP exam.

30 Jul 2019

All Rights Reserved, Copyright 2000 - 2024, TechTarget | Read our Privacy Statement