Skip to main content

CISSP Preparation

Updated Nov 02, 2024 ·

Study Resources

Books:

  • CISSP Official Study Guide by Mike Chapple et al- 9th edition or 7th edition
  • CISSP All-in-One Exam Guide by Shon Harris et al
  • 11th hour - Read when nearest to exam day
  • How to think like a manager by Luke Ahmed - 60 pages, sign up for Kindle Unlimited trial to read this book for free

Cram/Refresher:

Practice tests:

Practice Questions

Notes:

  • You should be able to explain HOW> WHY? WHEN?
  • Mark all question you're not sure and re-study
  • Take 1500-3500 easy to mid questions - need to make sure 80% pass
  • Take 1500 hard question - when near exam day
  • Don't reuse practice exams!
  • Look for ways to reset your mind
  • Answer like an IT Security Manager, Lawyer
  • The exam is a perfect world
    • "We have enough budget"
    • "We have enough time"
    • "We have all the resources we need"

Exam Day

Pre-exam:

  • 5 minutes to write your mnemonics.
  • Make sure to click "Start Exam" before the 5 mins end.
  • If you failed to click the button within 5 mins, you won't be able to take the exam.

Exam format:

  • 85% Multiple choice
  • 10% Scenario (Multiple choice)
  • 8% Drag and drop
  • 2% Hot spot

Exam:

  • 4 hours exam
  • 125-175 questions, 50 of those are BETA questions = not graded
  • Questions are weighted
  • You cannot go back and review the previous questions.
  • Focus on first 10-20 questions
  • The faster you solve difficult questions at the start, the faster you can have a passing marks.
  • This is due to the CAT format

CPE

Each year to keep your certification current you need to earn a certain amount of CPE's. You can either do purely group A CPE's or chose to do up to 10 group B CPE's per year.

Earning CPE:

  • Earn 40 CPE per year OR 120 CPE per 3 years

  • To earn the CPE units, you need 40 hours of IT Security:

    • Training
    • Webinar
    • Seminar

  • You can present certificate of completions when applying for renewal

  • If there's no completion certs, you can present materials or resources you created to prove the training.

Types of CPEs:

  • Group A Credits: Domain-Related Activities

    • Group A credits relate directly to the cyber security profession.
    • Generally, activities in the areas covered by the specific domains of the respective credential.
    • No maximum annual CPE - you can accumulate as much CPE as you want.

  • Group B Credits: Professional Development/Knowledge Sharing

    • Group B credits are earned for completion of general professional development activities which enhance your overall professional skills, education, knowledge, or competency outside of the domains associated with the respective certifications.
    • These generally include professional development programs, such as management courses.
    • While these do not apply directly to the domains, (ISC)² recognizes these skills are vital in the growth of all professionals and their credentials.
    • Max of 10 CPE per year

More in-depth on how CPE's work:

  • (ISC)² explaining how the CPE’s work

Free CPE’s:

  • (ISC)² – 500+ CPE’s available (Webinar).

  • SANS – 500+ CPE’s available (Webinar).

  • ISACA – 100+ CPE’s available (Webinar).

  • Infosecurity-magazine + 350+ CPE’s available (Webinar).

  • wh1t3rabbit – 250+ CPE’s available (Podcast).

  • OWASP 100+ CPE’s available (Podcast).

  • Certs.org – 200+ CPE’s available (Podcast).

  • Edx.org – 250+ CPE’s available (Online training).

  • Coursera – 250+ CPE’s available (Online training).

  • Securitytube – 10,000+ CPE’s available (Videos).

  • Youtube – 100,000+ CPE’s available (Videos).

If you fail

Retakes:

  • 1st - wait time of 30 days
  • 2nd - wait time of 90 days
  • 34d - wait time of 180 days
  • Only 3 attempts per calendar year
  • After 4th attempt, wait timer resets to 30, 90, 180, 30, and so on.
  • 749 USD retake cost