[NEW] How I Passed CISSP – My Three Months CISSP Exam Study Plan | cissp – Hongkong.xemloibaihat

In this blog post, I will share with you my CISSP exam study plan, what are the books and resources I used and why, how I prepared for the exam in three months and pass at the first time, and how to adopt a new security mindset that helps you pass this exam.

To verify I actually passed the exam, you can find my CISSP badge here. This blog post is part of a blog series:

CISSP Exam Is Different

The CISSP certification is not like any other IT certifications in the industry and especially it is not like Microsoft certifications and the reason is that the CISSP certification program is very very wide.

There are a lot of topics to cover and you need to rely heavily on your previous work experience, and because you are dealing with 8 domains here, the chance you are a master in three or four domains is very very small. This means there are going to be a lot of domains that might be challenging for you. That is the reason why before you go and start studying for the exam, you have to have a proper CISSP exam studying plan and a timeline (three months for example).

There is no shortcuts to pass the CISSP exam. It is not enough to set and answer CISSP questions, and it is not enough to just study the materials without solving  a lot of exam questions in advance.

It is also not enough to go and attend a CISSP training for 5 days for example and then directly go and take the exam, because the amount of information you receive will most likely make your head about to explode and you need to spend time by your own reviewing the CISSP exam domains and really understand the materials.

This is why I have put together my own CISSP exam study plan on how to start from step one and go to the end and complete your CISSP preparation.

The Importance of Having a Study Plan

To prepare for this exam, you should have a good CISSP exam study plan a head of time because there are many thing you need to study for and a lot of security theories. It is hard to find someone who knows or works in every of the CISSP 8 domains, but at least you should have good knowledge in two domains at least.

Any study plan should have a timeline, study materials of choice, studying methodology, and practicing method. I will share with you today my CISSP exam study plan and how I got my CISSP exam from the first time in three months.

Books of Choice

After an extensive research, I finally bought the Sybex book “CISSP Certified Information Systems Security Professional Official Study Guide” and the CISSP Official (ISC)2 Practice Tests book.

The first book is the official study guide with 1000 pages and 21 chapters that cover all the 8 CISSP domains, and the second book is the practice tests book with 450 pages and 12 chapters of test questions covering all CISSP domains. You can buy them both in Amazon as a bundle here.

I like Sybex books and I think they have a good balance between simplicity and material coverage. As the CISSP exam was updated recently and the materials got updated, make sure you get the updated materials that reflect the updated exam objectives. All links in this blog post point to the updated materials in Amazon.

Other books I purchased but didn’t use

Another famous book for the CISSP exam is this one authored by the famous Shon Harris (Eight edition) that also comes with a separate practice exam book. This book is huge (1200+ pages) and comes with 8 chapters, a chapter per CISSP domain. The practice book is 350 pages with 8 chapters, each chapter contains questions for a specific CISSP domain.

I found that this book (while being a very good book) contains more details and extensive information that even the Sybex book does not contain. For example, the Sybex book mentioned the different physical locks in a brief way, while the Shon Harris book goes deeper and list the details of each physical lock which I believe is overwhelming and requires more studying and memorizing.

Shon’s book also contains a lot of theories and talks about each subject in great details while the Sybex book covers the overall picture and prepares you well for the exam in shorter time. It depends on your preference I believe, but for me the Sybex book was my top choice and it helped me pass the exam from the first time, with a good preparation and less time.

I also saw many people talking about the 11th Hour CISSP study guide (third edition). This is a 200 pages long mini book that helps you review all material in short time after reading a full CISSP study guide. I purchased this book but never used it as my study plan was good enough and didn’t want to allocate more time to go through a different book. Think of this 11th hour book as a collection of flash cards that helps you review all the CISSP main points in one day before taking the CISSP exam.

My CISSP Exam Study Plan

After purchasing the Sybex book, it is time to start studying. The Sybex book contains 21 chapters and tt the end of each chapter you have 20 questions with their answers to test your knowledge. My study plan is:

• Step 1: Read the full book cover to cover to get myself familiar with the CISSP material. This is a quick reading and even if I didn’t understand specific topics, I just keep reading. The idea is to familiarize myself with the content and get a full overview on what to expect. Read it like a novel (like harry potter) and try to observe all the knowledge. It took me between one to two weeks to do so. You can skip this step and start with step 2.
• Step 2: I read 4 chapters per week and I don’t move to the next chapter unless I score at least 80/100 on the 20 questions that come with each chapter. For each chapter I study, I make sure I understand the material 100% and even google some topics that I found difficult. This means it took me 5 to 6 weeks to complete step 2.
• Step 3: I read the whole book again, and for each chapter, I tried to summarize the material in my head, and even talk about the material covered in each chapter as I would explain it to someone in front of me. This took me another week. You can skip this step but I feel it is important to re-enforce what I’ve learned so far.
• Step 4: I then used the official practice test book
• Step 5: I then watched all the

  videos published by IT Dojo

  on his YouTube channel. This is a must to watch for every person trying to pass the CISSP exam and he is the most famous guy in YouTube when it comes to CISSP exam. Each of his videos is 8-10 minutes long and in each video he asked you two CISSP questions. The great thing about his videos is that he explained in great details why the wrong answers are wrong and why the right answer is right. It helps you understand the CISSP material in different ways. I watched his videos on my iPhone before I sleep to test my knowledge.

• Step 6: I then find the topics I feel I don’t fully understand or the topics I feel I should prepare for more, and then look in YouTube or Google to learn more about that topic. It is very important to watch up videos because it allows you to get ideas in more easier fashion because they are made by people who really understand it and they are good in explaining it and this will help you master the fundamentals of the 8 areas of the exam. Here is a Pluralsight course that might help you out preparing for this exam
• Step 7: I schedule my CISSP exam to commit my self and to reserve my exam seat. I usually book the exam at lest 2 weeks before taking the exam as I know I might need to practice more with at least two separate test engines. I have a separate blog post talking about the CISSP exam day and what to do and what not to do couple of days before the exam day

Important Tips for Passing The CISSP Exam

Passing the CISSP exam is about 50% studying and 50% practicing and solving questions. No matter how well you prepared, you will be shocked with the CISSP actual questions you will see in the exam. You need to practice on solving as much questions as you can (at least 1000 questions) to learn how to get the mentality of answering so many questions in less time (you get average of 1.2 minute per question) and how to master the art of eliminating the wrong choices. In my case, I believe I did 2000 to 3000 questions before taking the exam.

The other tip is to have a full commitment for taking the CISSP exam. I remembered back in 2013 I planned to take the exam, but I didn’t have a proper study plan and didn’t have that commitment, so I ended up reading the first two chapters and then forgot about the whole exam until 5 years later, when I decided to take the exam with full commitment and with a proper CISSP study plan.

You can force yourself to have such commitment by scheduling the exam today, pay for the exam, and put the exam date three months from now. This will creates the urgency to commit yourself into studying and preparing for the exam.

The other tip is to try to study in a continuous manner. It is hard to study for two weeks for example, then get busy doing something else for another two weeks, and then go back and continuing studying for the CISSP exam. You will loose focus and momentum, so make sure to have a commitment for a continuous three months of your life for the CISSP exam.

It’s a big commitment and you need to allocate time each day for your study plan. I spent at least three hours of studying each day excluding the weekend day as I would spend it with family. Just remember why you want to take the exam in the first place, and how this exam will help you in your career. Try to stay focused and motivated a long the way. It is going to be a long journey and there are no shortcuts. You will have weak moments where you will find that the exam material is too long or perhaps difficult at times, but remember that many people already took and passed the exam, so why don’t you.

Finally, when you solve CISSP practice questions as part of your preparation, don’t get demotivated if you could not answer well. It happened to me a lot. I used my mistakes to go back to the material and focus on my weak areas. I believe that the best way to prepare for the exam is by taking as much practice questions as you can and then go back to the material and work on your knowledge gap.

The Four CISSP Exam Frameworks

A good way to look at the CISSP exam is to view in through the lens of four different frameworks:

• CIA: Confidentiality, Integrity and Availability.
• Technology: technical skills.
• Management: what is the best approach to do something from a security manager’s perspective?
• Risk: risk management which is very important topic in the exam

Every time you see a CISSP question, you should be able to look it from one of those perspectives or frameworks. If you get a question about symmetric vs asymmetric encryption, then that’s the technology perspective and the question is testing your technical knowledge.

A question about the company’s best approach for security, is challenging your management perspective, and here you should put your self in the place of a security manager and think how would a security manager act in the situation.

Then you have questions about availability vs confidentiality vs integrity and this is the CIA perspective, while a question about the annual loss expectancy (ALE) is related to risk management.

A lot of people fail this exam because they look at the exam from the technical and technology perspective, and I am a technical guy, so if I was to solve all questions with my technical perspective, I would fail the exam.

The 8 Rule Of The Game

When it comes to passing your CISSP exam, all what you need is to know the rules of the game, and once you know the rules of the exam, you can use them against it.

The divide and conquer rule: try to eliminate two obvious wrong answers which leaves you down to 50% 50% shot and you’ve turn it to a true and false test. This can also be that A, B, and C might be the right answers but definitely not D.

Sometimes you find your self dealing with a choice that you never heard about, most likely this is a distractor and you should get rid of it because it might be there to make you intentionally choose the wrong answer.

Rule number two: always apply the golden rule: IT IS ALWAYS PEOPLE SAFETY FIRST. Any answer that talks about human safety is 99% the right answer. People safety is the first priority for every security manager.

Rule number three: always look for wrong answers first. You have been trained all your life to choose the right answer, well that’s too hard. Sometimes it is easier to pick something that does not belong than something that does.

Rule number four: remember that policy is key, everything you do has a policy attached to it. Also, always choose the broader answer from the list of choices. If you are suspecting two answers and one of them includes the other one, then pick the broader answer.

Rule number five: don’t look for an in-depth answer, it is mile wide and inch deep exam. If you find your self thinking this is what we do at work,  you have gone so far. Sometimes the simplest answer is the right answer.

Rule number six: don’t choose an answer that is correct some of the time. Your answer should be correct all of the time.

Rule number seven: when dealing with negative statements, turn them down to positive statements because the human brain does not process negative statements that well.

Rule number eight: when the question asks for MOST, BEST, WORST or LEAST, remember there can be more than one possible answer,  but there is always going to be one best answer. Think hard about these questions and by practicing more with test questions, you will increase your chances in getting these type of questions right.

Getting The CISSP Mindset

There is a very specific mind set that unfortunately many people don’t know walking to the exam, and in this section, I am going to help you get the right mindset for the CISSP exam. The most important thing I can tell you is your role is a risk adviser on this exam. Don’t fix problems. You are going to be tempted. Most of us have our jobs because we are problem solvers, we know how to fix things, but this is not your role in the exam.

1. Your Role Is Not Fixing Things

Your role in this exam is to collect information, report this information to senior management, give them your advise based on risk management, and then the choices and decisions come from the the top management down. So if in the exam you get a question that one of our employees get terminated and we expect it to be contentious termination, what is the first thing you should do? I guarantee you 90 % of you will say “revoke their credentials”, but that’s fixing the problem. if I’m truly your company risk adviser then, “will I go to the basement to logon to the server and disable an account?” I don’t do that right? What I would do?

I call and advise the appropriate parties, I have influenced policy within the organization to have set of processes and procedures, but you (in this exam) are not a doer, you are a manager and you should act accordingly. This is not type of exams where you are blocking ports on the firewall, you don’t do that. However, you have to understand enough information about the hands on to make good suggestions to senior management. Again, don’t fix problems.

One thought here, when you rush into fixing a problem, you are violating change control. There should be a specific set of steps on how you approach changes in your organization. If everybody is just jumping to their feet running around fixing problems, we don’t have the control over those changes, we don’t have documentation and we don’t have rollback strategy. What if I were to just patch systems in my organization every time Microsoft releases a patch? This might not be the best thing for my career, so the idea of running and fixing problems violates change control. What we want to do is to pay attention to the process and then problems will fix themselves.

Saying that, don’t look for solutions like configuring a firewall in the exam or things that are too heavy in technology. Firewalls come and go and brands come and go, but the security mindset does not change. Things like incorporating security into your application design, the concept of isolation and layered security, that’s a foundational security that you should be focusing on.

I know so many good technical people that faced hard time taking the exam. if you are going to go after the answer of hack the registry, that’s the wrong answer. Instead, fix the process, think of the good of the business, understand that the only reason that any of us have jobs is because something that we do supports the business. So, when it comes to decision making, the business leads. You don’t need to know what the Windows event ID 121 is, you need to know why we review the security log and what information you can get from them

2. Challenging Your Mindset

Let me ask you something: “who is responsible for security?“. We all heard that everyone is responsible for security, well that’s not true. When you hear that idea of responsibility, I want you to think about who is held legally responsible for the security of the organization, it is senior management. Well, don’t we all have security responsibilities, sure we do. My responsibility is to follow policies and procedures as laid out by senior management. Remember that our job is to advise senior management but they make the decisions, why? Because they are ultimately responsible.

Let me ask you something else: “How much security is enough?” Of course sometimes you hear “oh you can never have enough security”. But the reality is sure you can. You have too much security when you are spending more to protect an asset than that asset worth. I’m not going to spend 50$ to protect a 30 $ bill, so do you know how much security is enough? Well, just enough, just enough security is enough and this is not easy as you need to know how much just enough is.

So, how do I know that? Well, by using risk management, that is, figuring out what my assets are, what am I protecting, and what they are worth. But I also have to think what are the threats and the vulnerabilities and what’s my potential for loss. Where companies get in trouble is when they underestimate their assets, so if I look at a computer and I say that thing worth 800$, that might be true for the hardware, but the real value of this computer comes from the data that’s on it. So if we don’t properly understand how valuable what we are protecting is, then we would not know how much security to put in place, and don’t forget about reputation, brand recognition, customer loyalty and those are very hard to quantify but that all makes the value of an asset.

Once we understand that properly, then we truly understand the value of what we are protecting and what we will spend. So, how much security is enough, well risk management will tell you. That’s why you start your risk management by figuring out the value of your asset.

I hope these questions will make you think twice about how to approach the material. Don’t go and memorize stuff, instead you really want to understand security concepts and how everything fit together. The CISSP exam will not challenge your ability to memorize things! This is the ugly truth and the main reason why people fail the CISSP exam so often. To pass the exam, you should really understand how security works, how all pieces fit together, and what your role in all this as a security manager.

3. Think of The End Game

What do I mean by that? You are going to see a lot of questions that say  which is the best or which is the most and the answers all sound pretty good but one is our ultimate goal. If I ask you why we classify data, and I give you a choice of (A) is to indicate data sensitivity, (B) indicate the harm if data is compromised, (C) to indicate the requirement of data availability or (D) to dictate how data is protected. It is not that A,B,C are wrong,  classification of data indicates its sensitivity and harm if it is compromised, availability stuff can be used as well, but that’s not why.

If all what I do is to say “wow look at this laptop It has some really sensitive data” and then walk away, that does not help me at all, that’s not the end game. The reason why I say this data is top secret is because by labeling it as top secret, we have a set of minimum security standards and settings that are applied to that asset, so the end game is “what is the point where I can say I’ve done what I said I was going to do”.

For example why do we train people? It is (A) to raise security awareness, (B) to educate all users on security topics, (C) is it to give users greater understanding or (D) to influence their behavioral change. A,B,C sound great but these are not the reason why we train people. Do you know why we train people? Because we want to modify their behavior. You might be asking “but what abut security awareness?”, honestly, I’m not so concerned about what users are aware of as what they do, because remember your company’s senior management are held responsible of what users do, not what they know. Therefore, raising security awareness sounds good, but what I’m really after is to have my users do different things, that’s end game.

Note: Credit for this whole section of CISSP mindset is given to Kelly Handerhan and here valuable YouTube video about CISSP mindset.

My Secret Studying Tip

For each chapter that I study in the book, I try to understand the full story about it. Take Chapter 4 of the Sybex book for example (Laws, Regulations and Compliance). For me, I didn’t know anything about laws and when reading this chapter, it was full with laws and details that made my mind about to explode.

So I tried to draw a story about how these laws came together and why they exist. Understanding the story and context of each law can help. I put all the laws and regulation in a paper, and then I made a small drawing in a piece of paper to understand the big picture.

So my story goes like this. When they invented the computers back in the old days, will I be punished if I hacked into a system or the FBI for example? I believe someone did, and since there was no laws in place to handle this situation, there was a need to come up with one. So they came up with the (Computer Fraud and Abuse Act or CFAA). It mainly punished those who access classified information or financial federal information without authorization. This law was initially protecting government and federal computing systems.

You can imagine that this law was not perfect or not complete as it is one of the first laws, so we have many other amendments. It also evolved to cover even national infrastructure such as railroads, gas pipelines and electric power grids in 1996 in what is called the (National Information Infrastructure Protection Act).

All this I call it the old era, which means a new era has to start in 2002 with the Federal Information Security Management (FISMA) Act. Think of this as the baselines and security measures that every federal agency should implement.

As cybersecurity becomes a huge topic, Obama signed couple of laws. First, we have a new FISMA but this one stands for (Federal Information Systems Modernization Act) to empower homeland with cybersecurity issues and the Cybersecurity Enhancement Law that charges NIST with coordinating nationwide work on cybersecurity standards.

These are all government related laws, but what about laws concerning your privacy. I mean if you hack into federal agencies, then the previous laws take care of it, but what if federal agencies try to screw with you (the other way around). You need some privacy laws to protect you like the Fourth Amendment that we all hear about in Hollywood movies.

I had many mind maps and scenario based drawing to help me understand key concept in the CISSP material and here couple of them to give you an idea.

You see, instead of reading the book and trying to memorize things out of order and context, try to organize the content in a way that tells a story that is easy for you to digest and understand. Remember, it’s not only about passing the exam, but your ability to learn new security related topics that could help you advance your career.

Related Resources

If you are considering taking other security exams, then I have blogged about how I passed couple of security certifications. Here is how I passed CISM (Certified Information Security Manager) from the first time, how I passed AZ-500 Azure Security Engineer Exam, and how I passed MS-500 Microsoft 365 Security Administration Exam

Featured Posts

You Can Also Become Microsoft MVP

How To Start Your Own Blog – Microsoft MVP Story

Cloud Reference Architecture CRA P1 – Foundation

Azure Bastion Step-by Step Guide

Azure advanced threat protection lateral movement

 Get my latest book about Cloud Migration

This book covers a practical approach for adopting and migrating on premises systems and applications to the Public Cloud. Based on a clear migration master plan, it helps companies and enterprises to be prepared for Cloud computing, what and how to successfully migrate or deploy systems on Cloud, preparing your IT organization with a sound Cloud Governance model, Security in the Cloud and how to reach the benefits of Cloud computing by automation and optimizing your cost and workloads.

Get the book here and learn more.

Subscribe to my YouTube Channel

In my YouTube channel, I post videos about cloud security and Microsoft MVPs story to help people understand cloud and cybersecurity in simplified and professional way.

Related

Blog Post Notification

Be the first to get notification when key blog post articles are released. No marketing material.

You have Successfully Subscribed!

14

min. read

CISSP is one of the world’s most renowned information security certifications. Becoming a CISSP is a solid choice if you have a few years of experience and want to move up. It is also a good choice for beginners to work toward the career they want. However, like any certification, CISSP requires a dedicated mind and motivation if you want to be successful in the CISSP certification exam. Earning this credential might be challenging if you do not plan for the exam preparation and do not set a deadline to complete your study. In other words, you have to follow a CISSP study guide.

So what are the 7 steps of the CISSP study guide?

1. Set a Target Date to Complete Your CISSP Study
2. Prepare Your CISSP Study Plan
3. Take Notes During Your CISSP Exam Study
4. Make Practice As Much As You Can
5. Understand Your Wrong Answers
6. Go Through Your Notes
7. Go and Get CISSP!

A lot of CISSP aspirants have failed to complete their preparation successfully and eventually, they failed the exam too. If you hurry too much in the preparation, you don’t follow a CISSP study guide or you are too slow, either way, you are going to risk your CISSP exam. If you give too little time to the preparation, you will not be able to grasp the core and the details of the CISSP study material. And, if you will be going too slow, you will have a weak understanding and very little retention.

To help the CISSP aspirants be successful in their CISSP exam, in this CISSP study guide, we have listed 7 steps on how to prepare for the CISSP exam and be successful. So, continue reading this post for the details of the CISSP study guide.

CISSP Study Guide Step #1 – Set a Target Date to Complete Your CISSP Study

The first step in this CISSP study guide is about setting a target date for your CISSP exam. If you are satisfying the CISSP certification requirements, then, you can start gearing up for the CISSP exam. It’s a fact that all of us procrastinate. It’s human nature. Doesn’t matter what you have to achieve, if you do not have a deadline, you tend to continue to delay the work or put lesser effort into it than you should. When we have a set deadline, we are motivated by it. We then plan to complete our work by that date.

Learn more in our Free CISSP Training.

How the deadlines can really help you achieve goals? Well, you see the deadlines are effective because these make your goals more manageable and your learning activities stay in control. With deadlines, you can finish college projects, you can follow new year’s resolutions. You can do many things on time. The same goes for when you are preparing for your CISSP exam. For the exam, you are going to invest money. You are also going to be putting in a lot of effort. So, you don’t want this effort or investment to go wasted, right? Hence, the first step in this CISSP study guide is setting a deadline to complete your CISSP study.

How to set a deadline?

Now, you may wonder how to set a deadline. Well, it’s not difficult. First, analyze your situation, such as your availability in a day, in a week on month. Then ask yourself questions like how much time you actually have, how much work do you really need to do, what is your skillset and how well you can manage the deadline, considering your other day-to-day tasks also.

You should consider the time required for studying the exam preparation material, memorizing the important things, and going through the practice exam questions at least twice. Some people complete the preparation in 1 month and some even take up to 6 months. So, it really depends on how fast you can study, how competent you are in the subject and how much time you have.

So, set yourself a deadline. However, you should make sure that the deadline for your CISSP exam study should is meaningful, actionable, and achievable. If you have doubt about your availability or skills, then it is time to be more conservative on what you decide. Once you have set a deadline for your CISSP exam preparation, you will take control of your tasks and manage to achieve the deadline even when faced with interferences and obstructions.

Going forward, you should also set a target date for your CISSP exam. Now, you will have two constraints to comply with. The advantage of having a fixed date for your exam is that you will not delay your preparation at any cost. Since the exam date is fixed and that you cannot control it, you will make a full effort to complete your study so that you are fully ready before your exam. Also, make sure that you will have to spend some money and time to get CISSP. You can read about the CISSP certification cost.

And that’s it, you’ve completed the 1st step of your CISSP study guide!

CISSP Study Guide Step #2 – Prepare Your CISSP Study Plan

Let’s move to the second step in the CISSP study guide. Everyone has their own way of studying. Some may plan their study and some do random study, with no defined plan and schedule to follow. However, those who follow a timeline and a plan have more chances of success. It is because when you have a plan to do something, you are in control. Moreover, you can see how much you have progressed towards your goal and how far you are from the destination. Your plan is actually the motivational force that continuously drives you to follow the proper steps to reach your goal. Hence it is an important part of the CISSP study guide. You must determine a comprehensive CISSP certification training program to attend as well. You can take a look at our 30 mins Free CISSP Training demo.

To prepare for the CISSP exam, you should have a good study plan ahead of time. It is necessary because there are many things you need to study. It is true that no one can be excellent in all of the 8 CISSP domains, but you need to adequately prepare if you want to pass the CISSP exam with ease. Your study plan should have a studying methodology, a practicing method, and a list of study materials of your choice. Moreover, you also need a schedule to follow. A schedule will help you not diverge from your plan and you will be going in a systemic way towards your goal.

How to prepare a study plan?

So, list down the books, reference guides, practice tests, or any other study material that you will need during CISSP exam preparation. If you will be needing to download or purchase some material, make a plan when and where you will get these things from. Ensure that you create a realistic schedule of the tasks that you will be doing and that it is achievable.

To study for the CISSP exam, you may even need to watch some online tutorials on YouTube or other websites. Maybe you also want to sit with your friends for a group study. So, think of everything, which will be helpful in your exam preparation and the ones that you will really need. Write everything down in your CISSP study plan. You can list down the activities with the estimated number of hours or days that you will require to complete those activities. We can’t always create a very realistic schedule but prepare your activity schedule, which you think is achievable by you.

And, once you have done with creating your CISSP study plan, make sure you follow that plan and do not be afraid of challenging yourself. If you fail to take this step of the CISSP Study guide, in other words, if you don’t prepare a good study plan or don’t comply with this plan, remember that without a proper plan, earning this certification would not be an easy game for you.

CISSP Study Guide Step #3 – Take Notes During Your CISSP Exam Study

When you have nicely written notes, these will help you later in remembering concepts and gaining a better understanding of a topic so it is another important step of your CISSP study guide. Sometimes, taking notes is necessary to summarize the difficult or lengthy paragraphs in your own words, for easy understanding. While writing notes, you engage more with your study material and are more focused. Furthermore, taking notes will help boost comprehension and retention. It’s in fact a proven method for memory retention. So, whether you are watching an online tutorial video or reading a CISSP study book or you are involved in CISSP group study discussion, write notes!

Notes are not only about writing text. In notes, you can include many other things. For example, you can draw a mind map. It will help you get a handle on how certain topics relate to each other, or to go in-depth with one particular idea. You can also create bullet points, or write a summary of something or write any other things that you think will facilitate you later in preparing for the CISSP exam.

In the 3rd step of the CISSP study guide, when writing notes, be careful of how you write down things. If your notes are messy, unorganized, or unclear at first glance, you will not be getting much use of these. This has nothing to do with your handwriting but it is important to have good notes, which will be worthy of writing.

We have recently seen the evolution of note-taking. You now even have the e-notes option. If you have a tablet device, for instance, you can type or write notes even on that. The introduction of e-note taking has actually made it easier for us to better organize and manage the notes.

CISSP Study Guide Step #4 – Make Practice As Much As You Can

You cannot say that you have completed the preparation just after reading the CISSP books. So this will be the 4th step of the CISSP study guide. You’ll not know how much you are lacking in one particular area. You will also not know if there is anything that you have missed to study. So, what should you do? Attempt a practice test! You can see our CISSP Practice Exam.

By attempting a practice test, you will know where you are currently standing. Set a goal. For example, the target for a 95% score in a practice test. Remember, if you are getting 95% in a practice test attempted at your home, in the exam, you will be getting maybe less than 90%. It is because, in the real exam, you are bound with the time constraint. So, you are taking the exam under pressure, which limits your capability to think more and you can also make mistakes. So aim for getting maximum score while you are practicing the exam at your home.

Master of Project Academy offers a free CISSP Exam simulator. It is available to try for free. The free CISSP exam simulator has 15 CISSP practice exam questions and these let you get an idea of the quality of our CISSP questions in the paid simulator.

We also have a paid CISSP exam simulator. Our paid CISSP exam simulator contains 1,050 sample real-like CISSP exam questions. The simulator offers you seven CISSP mock exams to help you achieve the best result.

When you use a practice test, never be done with just one practice. At least try the test two times so that you will get to know all your weaknesses and strengths. If you find out that you are scoring much less in the exam than how much you should be, read the CISSP books again. And then again take a practice test. The more you practice, the better results you will achieve. So, do not risk your exam by finishing your preparation by just reaching CISSP books.

It is also a good idea not to practice the test before you have completed studying the CISSP study material. It is because you will not have grasped the whole picture of the CISSP course content in your mind yet. In such a scenario, you may not be able to understand the practice test questions correctly and your answers may also be wrong. So, we recommend you complete your study and then practice the test questions.

Where to find practice tests?

On the internet, you will find many free CISSP practice tests. However, most of these will be outdated practice tests. Some tests will have incorrect answers and they may be without rationales. So, you should be careful when choosing to use the free CISSP practice exam. If you really want to use an updated and useful practice test, we recommend you invest a little money in the paid practice tests.

We, at Master of Project Academy, offer you a free CISSP exam simulator, which contains 15 sample questions. Using this free version of our simulator, you will have an idea of the quality of the CISSP questions that we have prepared and their usefulness in your exam preparation.

We also have a paid CISSP exam simulator. It comes with 1050 sample questions for your practice. You can practice these questions through the mock exam in the simulator. And, the provided answers also give rationales, for your better understanding of the concepts.

CISSP Study Guide Step #5 –  Go Through Your Wrong Answers

During your practice, you will be answering many questions right but there may many wrong answers. Do not be disappointed with your incorrect answers. This will be an opportunity for you to look at your study material again and correct your concepts where you are lacking.

So in the 5th step of the CISSP study guide, go through your wrong answers again and understand where and why you did it wrong. Read the rationales also. The rationales given with the answers will explain to you the topic right and there. And, if you think you need further study, you can always go back to your study material.

It is possible that you will find out that you didn’t study a particular topic. It happens sometimes that we overlook something because it seems so simple. Or probably you because you think you know it well but in fact, you do not know it much. It could be serious because you may have overlooked the important stuff. So your wrong answers will let you know how well really your preparation was and what you should study again.

CISSP Study Guide Step #6 –  Go Through Your Notes

In step 3 of the CISSP study guide, we mentioned the importance of taking notes. Now in the 6th step of the CISSP study guide, you have your notes with you, so go through them. You might have written some summaries or bullet points for easy memorization. You might have drawn a mind map or other things for your future reference. Go through these and make the maximum benefit out of these.

You may even find it helpful to go through your notes more than once. Since, we have a tendency to overlook study material, thinking that we know it already, we often miss out on very important things. Moreover, going through the notes more than once will give you a better understanding of the concepts or the terminologies that you have written down in your notes.

Step #7 – Go and Get CISSP!

Once you have made your CISSP study guide and followed it well, you should now be confident enough to take the CISSP exam. If you have followed the 7 steps of the CISSP study guide properly, you are then good to go. Schedule your CISSP exam now and breathe a sigh of relief!

Summary

Like any certification, for CISSP too, there are no shortcuts to pass the exam. It is not enough just to go and attend a CISSP training. It is not enough to just study the CISSP books. And it is also not enough to just attempt a CISSP practice test. You should go through all of these. Not just this, if you think you need extra reading or extra learning, you will also need to refer to video tutorials, reference guides, and other useful material to pass the exam easily.

During CISSP exam preparation, since you will be dealing with 8 domains. The chance that you have mastered more than five of these is very small. Some domains might be challenging for you, and you may need to put much extra effort to get a good grasp on those. It is important that you do not stress and keep your momentum going. Take it easy with your preparation. If you follow your study plan, you will feel confident throughout your journey that you will reach your milestone.

To make your CISSP exam preparation easy, we created this 7-step CISSP study guide. If you follow this CISSP study guide, you will surely find that your efforts are going in the right direction and that you will succeed!