Skip to main content

CISSP Preparation

Updated Nov 01, 2025 ·

Practice Tests

Recommended:

  • Official Practice Tests (David Seidl & Mike Chapple)

    • Most accurate reflection of the real exam
    • Use to measure readiness (target 90%+ consistently)

  • Official Sybex Online Tests (2024 edition)

    • Knowledge-based format matching the study guide
    • Good for reinforcing theory and basic recall

  • LearnZapp App

    • Contains same first four tests as official book
    • Later tests differ slightly and help reveal weak areas

  • Quantum Exams (QE)

    • Realistic and closest to actual exam feel
    • Practice with 10-question sets daily
    • Review every correct and incorrect answer for reasoning

Optional:

  • Boson / ThorTeaches / PocketPrep

    • Optional but helpful alternatives
    • ThorTeaches offers tiered difficulty (easy, medium, hard)
    • PocketPrep is good for on-the-go review

Study Books and Guides

Recommended:

  • Destination Certification Book

    • Straightforward and concise primary reference
    • Excellent coverage of essential domains

  • Destination CISSP: A Concise Guide (Kindle)

    • Ideal for gap-filling and quick topic lookups
    • Lightweight and easy to digest

  • Official Study Guide (OSG)

    • Comprehensive but very detailed
    • Avoid as first read to prevent information overload

  • 11th Hour CISSP (Joshua Feldman)

    • Perfect for last-week review and recap
    • Summarizes key concepts without extra fluff

Optional:

  • Think Like a Manager (Luke Ahmed)

    • Builds the mindset CISSP expects in scenario questions
    • Short, easy to read, and highly practical

  • Memory Palace Notes

    • Compact, visual summary of critical concepts
    • Great for fast final revision

  • All-in-One (Shon Harris)

    • Optional unless you want detailed technical explanations
    • Deep reference material

Video and Cram Resources

  • Pete Zerger

    • “CISSP Last Mile” and “Exam Cram” are highly praised
    • Strong conceptual explanations and exam strategies

  • Prabh Nair

    • Good for difficult topics and advanced concepts
    • Helpful supplement to Zerger’s material

  • Kelly Handerhan

    • “It’s All About Risk” video is a must-watch
    • Focuses on how CISSP expects you to think, not just memorize

  • Andrew Ramdayal – 50 Hard CISSP Questions

    • Great for practicing managerial decision-making logic
    • Sharpens exam interpretation skills

  • Tech Institute of America – 50 Hard Questions

    • Best used after scoring 85%+ on practice tests
    • Tests depth of reasoning and knowledge application

Exam Questions

Notes:

  • You should be able to explain HOW> WHY? WHEN?
  • Mark all question you're not sure and re-study
  • Take 1500-3500 easy to mid questions - need to make sure 80% pass
  • Take 1500 hard question - when near exam day
  • Don't reuse practice exams!
  • Look for ways to reset your mind
  • Answer like an IT Security Manager, Lawyer
  • The exam is a perfect world
    • "We have enough budget"
    • "We have enough time"
    • "We have all the resources we need"

Exam Day

Pre-exam:

  • 5 minutes to write your mnemonics.
  • Make sure to click "Start Exam" before the 5 mins end.
  • If you failed to click the button within 5 mins, you won't be able to take the exam.

Exam format:

  • 85% Multiple choice
  • 10% Scenario (Multiple choice)
  • 8% Drag and drop
  • 2% Hot spot

Exam:

  • 4 hours exam
  • 125-175 questions, 50 of those are BETA questions = not graded
  • Questions are weighted
  • You cannot go back and review the previous questions.
  • Focus on first 10-20 questions
  • The faster you solve difficult questions at the start, the faster you can have a passing marks.
  • This is due to the CAT format

CPE

Each year to keep your certification current you need to earn a certain amount of CPE's. You can either do purely group A CPE's or chose to do up to 10 group B CPE's per year.

Earning CPE:

  • Earn 40 CPE per year OR 120 CPE per 3 years

  • To earn the CPE units, you need 40 hours of IT Security:

    • Training
    • Webinar
    • Seminar

  • You can present certificate of completions when applying for renewal

  • If there's no completion certs, you can present materials or resources you created to prove the training.

Types of CPEs:

  • Group A Credits: Domain-Related Activities

    • Group A credits relate directly to the cyber security profession.
    • Generally, activities in the areas covered by the specific domains of the respective credential.
    • No maximum annual CPE - you can accumulate as much CPE as you want.

  • Group B Credits: Professional Development/Knowledge Sharing

    • Group B credits are earned for completion of general professional development activities which enhance your overall professional skills, education, knowledge, or competency outside of the domains associated with the respective certifications.
    • These generally include professional development programs, such as management courses.
    • While these do not apply directly to the domains, (ISC)² recognizes these skills are vital in the growth of all professionals and their credentials.
    • Max of 10 CPE per year

More in-depth on how CPE's work:

  • (ISC)² explaining how the CPE’s work

Free CPE’s:

  • (ISC)² – 500+ CPE’s available (Webinar).

  • SANS – 500+ CPE’s available (Webinar).

  • ISACA – 100+ CPE’s available (Webinar).

  • Infosecurity-magazine + 350+ CPE’s available (Webinar).

  • wh1t3rabbit – 250+ CPE’s available (Podcast).

  • OWASP 100+ CPE’s available (Podcast).

  • Certs.org – 200+ CPE’s available (Podcast).

  • Edx.org – 250+ CPE’s available (Online training).

  • Coursera – 250+ CPE’s available (Online training).

  • Securitytube – 10,000+ CPE’s available (Videos).

  • Youtube – 100,000+ CPE’s available (Videos).

If you fail

Retakes:

  • 1st - wait time of 30 days
  • 2nd - wait time of 90 days
  • 34d - wait time of 180 days
  • Only 3 attempts per calendar year
  • After 4th attempt, wait timer resets to 30, 90, 180, 30, and so on.
  • 749 USD retake cost