Thursday, April 12, 2007
I passed. Such a relief!
Just yesterday I posted a new blog about waiting for the results for more than 10 days, and right after that I received the congratulation e-mail from the ISC(2) registrar. The next step in getting the CISSP certification is to submit the resume and the endorsement form.
Only those who were in my shoes can really appreciate the feelings after getting good news from ISC(2). Anyway, I promised to describe the exam and to share my experience and thoughts.
I. ABOUT THE EXAM.
I have been driving to Washington DC for HIPAA conference where the exam was scheduled. We had a large room with about 30 people who tried to pass the exam. I remember some suggestions to dress appropriately, so, I had my light jacket. In fact, it was not enough! I was sitting against the large door, and I got almost frozen out there sitting like in the wind tunnel with a wind across the room. The cup of coffee that I had before exam did not help. I was warming my palms in the thighs in a turn, one-by-one.
Well, I thought that 6 hrs is enough for several breaks. I wish!
I inserted the ear plugs and opened the booklet. The suggestion to quickly come through the entire test book and to answer the easy questions did not work for me. I found that there were about only 8-10% of the questions that can be answered quickly because the questions itself were short. The longer question, the more time you need to analyze what is actually asked and what is the catch (if any). In the end, when I finished my 250th question, I found that I spent more than 3.5 hrs. At this point I took a short break, and put my palms under the hot water in the restroom, had two chocolate cookies, had some warm-up exercises, and came back to my "refrigerator".
Until this moment I was confident and relatively calm. However, when I began answering the most difficult questions, I caught myself that the time is running faster then I want. Then my confidence began evaporate as the level of stress did opposite. In the end, I had only about 7 min left before the deadline. I was able to review 3 questions that I marked as the most controversial, changed the answers, and said to myself: “Stop it now!” because my brain was quite overloaded and because there is no time to re-check all the answers again.
II. AFTER EXAM.
Right after the exam, when I went out to the Hilton's entrance hall I felt like a squeezed lemon. The thoughts about food (I did not eat anything but 2 cookies for entire day) went through but I could not say if I was hungry at all.
Instead of hitting any cafeteria, I got my car back ($25 valet parking), and drove home to Baltimore. It was funny because only 8 miles away from home I stopped at the restaurant and ordered a platter with crab cakes and a drink to relax. I felt that I need to eat something right away. Then I smoked outside the best cigar from my collection (I took it in advance). I deserved it! I got home safe and relaxed. :-)
OK, now some suggestions.
III. "10 RULES FOR SUCCESS"
I have developed the "10 Rules for Success", and I feel that some of them helped me to answer most of the questions properly (some of them were posted on the blogs, so I accommodated them for my own interpretation):
1. Read every question AND every answer word by word:
a. You can find a tricky question/answer that you can otherwise miss easily (I had two of them on exam)
b. You will understand better the difference in answers even if they are quite similar (I had 7-10 of those on exam).
2. Skip the long-text questions and the difficult questions and don't spend time on them right away, just put them aside so far.
3. If the question is to find the right answer, eliminate the wrong answers first. If the question is to find the wrong answer, mark all CORRECT answers, first.
4. Control your time, so you can define or change your exam taking strategy on-the-fly.
5. If you answered to the question but still unsure if you are correct, put a large question mark sign next to a question. When you have some time left before deadline, review them again (I have corrected 3 answers).
6. Make sure that you allocate at least 10-15 min for filling out the answers in the answers form.
7. Before the end, check if you filled out ALL answers (it's easy to miss one-two).
8. Dress appropriately (bring a warm jacket or sweater just in a case).
9. Have at least 8 hrs of sleep at night before exam and arrive 25-30 min prior to the exam to read through your cram sheet.
10. You will need your confidence during exam. Build your confidence by learning as much as possible and passing the quizzes at the level at least 80%. If you don’t know the correct answer to some of the questions, it must not shake your confidence. Think like a manager of a large corporation and take your chance choosing one answer based on real-world situations.
IV. ABOUT THE EXAM QUESTIONS
As I mentioned above, I had about 8-10% of easy questions. I also got some standard questions but idiotic answers (I am sorry, ISC2 folks) that had nothing to do with the reality. I assumed that they were in the pool of 25 questions that were not counted toward the exam result. Unfortunately, I cannot give you an example because of my obligations, but trust me that you are going to be puzzled with some of the answers.
I found that you have to know more about the current standards than about the old ones. For instance, I had a lot of questions about VPN and SSL, more than I could expect. I also was surprised by the number of questions about disaster recovery. I had a feeling that there were at least 20% of them!
I was quite familiar with the majority of the topics and I thought that I knew some of them pretty well. In spite of this, I had the questions about very familiar topics that "put me in the corner" and demonstrated that I could learn better…
V. HOW TO LEARN
I am not sure that my way of learning is good for everybody.
Many years ago I found that visual memory is better than anything else for learning the material. I used this concept when I trained students in the class. I used this concept when I was learning the domains. So, prepare as many tables/drawings/schematics as possible and be patient making a lot of notes because it helps to memorize visually. It will help you to classify the information!
I had the following books/materials/resources:
1. Shon’s All-in-One (used 100%)
2. CISSP Passport (used 5%)
3. ISC(2) Official Exam Book (used 80% - very useful!)
4. Gold Edition of Kurtz (used 15%)
5. Audio Training CDs from PrepLogic (obviously not enough information – used in the beginning of the learning but later did not touch)
6. Shon Harris’ Solutions. CISSP course (used 90%)
7. CCCURE.ORG blog, Google search, many articles, and my Information Security Resources Index.
8. My own audio CDs (used 100%)
I began reading the Official book making some yellow marks. When I figured out that I have to memorize a lot of material, I switched to All-in-One book, and starting from the domain 1 began making the detailed notes in the notebook. At the end of each domain, without repeating the material, took the quizzes from the book and from the CCCURE.ORG web site. Made the notes what I have to repeat/re-learn. I used the Official book to understand some topics better. Then I took my PDA, and recorded the content of my notes to the WAV files (later, I converted them into the MP3 format). Then burned the CD with the files and listened to myself while driving in the car to and from work. By the way, the Shon Harris' CISSP Solution DVD set also includes the MP3 files (3 months subscription), so, it was very useful on its own.
I repeated the same with the rest of domains. At this point, I bought Shon Harris’ CISSP Solutions Training Course. The lectures are very good and easy to follow through, and the add-on graphics serve well in understanding the concepts. She also points to some of the concepts that you *must* know for the exam and she guarantees that the questions about those concepts will be there.
When I finished, I began preparing my own Cram-Sheet. Typing the extracts from the books and web sites helped me to visualize the concepts/standards/protocols. I drew the tables in many instances.
Repeated the quizzes again: for each domain (75 questions), then for 3 domains together (100 questions), and finally, the big one: all domains (250 questions). Three days before the exam, I prepared the final Cram-Sheet (only one two-sided page with extracted info) that I used right before the exam.
VI. ABOUT SOME PREPARATION TESTS
I found that some of the cccure.org quiz questions are outdated and have wrong answers. I submitted my corrections to the web master, and he confirmed that I was correct about them. Later, due to a time limitation I just ignored incorrect/outdated questions.
I have to note that I came across the TestKing’s preparation tests that I have downloaded from the web for free (even don’t remember from where). Most of the questions are stolen from ISC(2) book and other web sites and books. This company proves to be a biggest cheater (and I have the proof that they also cheat with search engines what is a case of unfair competition). I believe that Microsoft sued them, too.
I also used several questions from Boson that were for free. After all, the cccure.org quizzes better than any other (excluding Transcender’s that are still #1 even if they cost more than others).
Except two books that I got from eBay, practically all my resources were purchased on a good discount from RTEK 2000 web site. They sell them cheaper than CCCURE.ORG and obviously cheaper than the original software companies.
VII. END OF STORY
It took me 4 months of heavy-duty learning (especially last two months: every evening 2-2.5 hrs and every weekend 3-4 hrs). I took a day off right before the exam and mostly relaxed after taking 100 questions quiz in the morning.
I feel now that I could learn more and better but the goal is almost achieved (I still need to submit my resume and the Endorsement Form to ISC(2) for getting the CISSP certificate and final approval), and I am a happy camper!
Questions? Post in the comment!