mnovelo - Fotolia

Get started Bring yourself up to speed with our introductory content.

How to pass the CISSP exam: Ways to get a good score

Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more.

Everything you've heard about what it takes to pass the CISSP exam is true. It's both disarmingly easy and bewilderingly difficult; at once incredibly rewarding and pull-out-your-hair aggravating. This article aims to demystify the process and help you prepare.

What is the CISSP?

CISSP stands for Certified Information Systems Security Professional. The credential was created in 1991 by the International Information Systems Security Certification Consortium (ISC)2, a nonprofit that is the caretaker and credentialing body for the CISSP.

According to (ISC)2, the certification is "an elite way to demonstrate your knowledge, advance your career and become a member of a community of cybersecurity leaders. It shows you have all it takes to design, engineer, implement and run an information security program."

What are the requirements for obtaining and maintaining a CISSP?

To qualify, you need at least five cumulative years of paid, full-time professional experience, including at least two years of work in the exam's eight Common Body of Knowledge (CBK) domains.

Alternatively, you can have four years of experience, plus either a four-year college degree or an approved credential from the CISSP Prerequisite Pathway. You also have to agree to the (ISC)2 Code of Ethics and provide background information on things like felony convictions and involvement with hackers.

The second step is to pass the CISSP exam. If you fail the first time, you can retake it, though you have to pay each time. If you pass, you must obtain a written endorsement within nine months from someone who can attest to your professional experience and who is an active (ISC)2 credential holder in good standing.

The certification is valid for three years. Each year, you must earn and post at least 40 continuing professional education credits through educational activities, such as attending live events, online seminars and other learning opportunities. There is also an annual maintenance fee.

Why get a CISSP?

Most current and would-be CISSPs say the primary reason they want a CISSP is to increase their marketability. Other motivations include filling in knowledge gaps, earning peer recognition, expanding one's professional network and contributing to the development and maturation of the profession.

One benefit of CISSP certification is that, in preparing for the exam, you're going to learn a lot about subjects you didn't know about before. Sure, some of this material is boring and impractical, but studying for the exam will give you a very strong knowledge base, no matter how hard it seems at the time.

What's the exam like?

The English-language exam is 100 to 150 questions. These comprise multiple-choice questions, as well as advanced innovative questions.

The English exam uses Computerized Adaptive Testing, using an algorithm to adjust the difficulty of each successive question based on the candidate's ability level. Candidates are given three hours to complete the exam.

The questions are weighted differently, adding up to 1,000 points. To pass the CISSP exam, you must obtain a minimum passing score of 700. You only receive a score of pass or fail.

If you fail the exam, (ISC)2 reveals some details of your performance. You will receive a ranking of the exam domains according to the percentage of questions you answered correctly.

What subjects does the exam cover?

The exam tests on topics from the eight CBK domains:

  1. Security and Risk Management
  2. Asset Security
  3. Security Engineering
  4. Communications and Network Security
  5. Identity and Access Management
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

How hard is it to pass the CISSP exam?

The exam is best characterized as an inch deep and a mile wide. With that in mind, how difficult is the CISSP exam? It is a matter of perspective.

Some domains cover more material -- and in greater depth -- than others, but this can be deceiving. Many candidates score poorly because they over-prepare for the big domains and under-prepare for the small ones. It's unlikely that the exam will present you with an equal distribution of questions across all eight domains. To achieve a passing score, the only safe bet is to study each domain thoroughly.

Another common mistake is to adopt a uniform approach to learning the material. Some domains are fact-oriented. You either know the bit size of an MD5 message digest or you don't. Others are more contextual and interpretative, focusing on standards, principles or best practices.

What should I study?

The first thing you should do is review the main topics in each domain. This will reveal your strengths and weaknesses.

Then, take the plunge and buy at least one of the all-in-one books. As you read each chapter/domain, take the practice exams in the book and online. Plan to take at least two full-length practice tests before sitting for the exam.

Do I need to take one of the CISSP exam-cram classes?

If you can get your boss to pay for a boot camp class -- they often cost several thousand dollars -- and can afford the time out of the office, do it. You won't necessarily learn anything different from an equivalent course of independent study, but a boot camp will give you a lot more confidence that you're on the right track. The instructors can help you grasp complex topics, and you can band together with fellow students to form study groups. All of these things help you get motivated and pass the CISSP exam.

This was last published in January 2018

Dig Deeper on CISSP certification

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

9 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How did the actual CISSP exam compare to your expectations?
Cancel
It was much harder thay I thought it would be. However, I did not get the latest studying material and newer testing software. That would have helped!  

Cancel
What are the most helpful things to study for the CISSP exam?
Cancel
Wow, I must admit I am an admirer of your achievement. I am currently studying for my CISSP and was wondering if you could give me some professional tips.
Cancel
Sir, thank you very much for sharing your views. There were so many confusing questions in my mind about preparing and how? and I got the answer of all.. Really thankful to you.
Regards,
Iftikhar
Cancel
I don't care what the subject is, I'm rather suspicious of any 'certification' that is granted by way of mass memory cramming to take multiple-guess tests.
Cancel
Great info for those heading down this career path. As Veretax mentioned, cramming for a multiple-guess test it not my idea of certification. You could probably take a few hundred students and give them a multiple choice test on a subject they know nothing about. A few would pass just by making lucky guesses. I have taken a few quizzes on this site I know nothing on and have guessed my way to an 8 out of 10..
Cancel
This is very informative post :-). I agree with you “CISSP exam will give you a very strong knowledge base”. I want to share my personal experience. Few years back. I was worried about my career. when I discussed with my elder brother. He gave to me advice. He said you should join Koenig Solutions institute. I joined there. That was the best decision of my life. I have learned new things.
Cancel
Has anyone taken a boot camp for the CISSP? If so please share your experience I am to register for one and not sure who to go with 
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close