TABLE OF CONTENTS

Preface......................................................................................................................................3

About the Author....................................................................................................................4

Part 1: Background.................................................................................................................5

Part 2: Preparation Tips....................................................................................................... 10

Part 3: CISSP Humor............................................................................................................ 19

Part 4: Test Taking Tips........................................................................................................ 28

Part 5: Resources................................................................................................................. 34

Conclusion............................................................................................................................ 35

CertBase.io The Top 45 Tips to Crush the CISSP 2

PREFACE

Welcome to The Top 45 Tips to Crush the CISSP. Im so glad that you took time out of
your day to stop by and take a look. This is a short eBook I put together to help Certified
Information Systems Security Professional (CISSP) candidates prepare for and pass the
CISSP exam. It is both a serious and lighthearted attempt to make sense of how to
approach preparation and test-taking for this important certification. In Part I, you will
find some general information about the exam, a little history about (ISC)2, some details
on the process of becoming a CISSP, and what to expect once you have earned your
certification. In Part II, youll learn the tips that can help you in your preparation and
study. In Part III there is a set of funny CISSP illustrations that I hope you find enjoyable.
Part IV is the second part of the tip list, this time focused on sitting for the exam. In Part
V youll find out how to get a list of the top 40 most popular CISSP resources based on
a survey I conducted of people who passed the exam. Hopefully youll find something
new and useful in these pages that you can apply and benefit from during your CISSP
journey. If that happens Ill feel that Ive accomplished my mission.

CertBase.io The Top 45 Tips to Crush the CISSP 3

ABOUT THE AUTHOR

I am a senior security analyst with over 12 years of experience in the information security
field. The majority of that time I served as a penetration tester although I have been
fortunate enough to gain experience in a number of areas of information security. Ive
also earned several InfoSec certifications over the years. An interest in certifications
also led me to my latest project, CertBase.io, which is a web application for everything
related to InfoSec certifications. When Im not at work I can be found spending time out
with my family in Tampa, FL or on my bike exploring the local trails.

If at any point while youre reading this guide you have any questions, or you would
like to suggest a tip or resource that I can add to the next version of this eBook, please
dont hesitate to contact me. You can best reach me on Twitter @certbase_io or at
https://certbase.io. Even if you dont have any questions, Id love you to stop by and say
hello! If you want to reach me in private you can email me at dennis.bailey@certbase.io.

About the cover

The sunflower notes from MaartendeFrankrijker, whose frequently cited and much
used CISSP summary is coined for the beautiful sunflower image on the cover, inspired
this cover. A thorny cactus bearing a lovely flower seemed appropriate for an exam that
can be quite prickly in its own right.

CertBase.io The Top 45 Tips to Crush the CISSP 4

 1
PART

BACKGROUND

So You Want To Be a CISSP?

If you are reading this, the chances are that you are planning on taking the CISSP exam.
Congratulations on your decision. For many, becoming a CISSP is a milestone in their
professional career. It is an acknowledgement of your experience, understanding, and
skill in the field of security validated by one of the largest and most respected security
organizations in the world: (ISC)2.

I also realize that there are many reasons for becoming a CISSP. Companies in the field
often require the certification as a condition of employment. Perhaps you are looking
to upgrade your career and want to apply for jobs that require a CISSP. Many see the
CISSP as an important part of their professional development plan and want it in their
email signature to showcase their security credentials.

Regardless of your motivation, the decision to go for the CISSP should not be taken
lightly. The preparation needed for this massive test is significant. Unlike some
certifications, which may require little more than a quick crash course on the material,
the CISSP requires an immense commitment of time and energy.

The Core Body of Knowledge (CBK), from which the questions are derived, is like a
Mount Everest of information and it cant be scaled overnight. We are talking months
as compared to days or weeks for some other certification exams.

Unfortunately, there is no exam dump or cheat sheet that can reliably help you pass
the CISSP. There are no shortcuts to becoming a CISSP, but focus, a solid strategy and
sufficient, effective preparation all combine to make a critical difference. My hope is
that this guide can be useful for you in this important challenge.

CISSP History 101

If there were an easy way to pass the CISSP, the certification would not be valued as
much as it is today. (ISC)2 has kept careful guard of the exams reputation and integrity
over the years. This is an organization that knows a thing or two about how to manage a
certification program. The history of this non-profit goes back to 1989 when a group of
organizations, looking for an approach for evaluating competence in the security field,
came together to form (ISC)2 . In 1990 this new organization created the first content for
the CBK and four years later, the first CISSP certifications started rolling off the presses.

CertBase.io The Top 45 Tips to Crush the CISSP 5

Since those first CISSPs were issued in 1994, (ISC)2 has not looked back. The CISSP
has gained worldwide recognition with nearly 110,000 members in 160 countries
according to the (ISC)2 website. The CISSP has earned ANSI accreditation for ISO/IEC
Standard 17024 and is listed as an approved certification for Department of Defense
personnel who are required by DoD Directive 8570.1 to obtain a certification.

Job Opening!
For employers and recruiters, the CISSP is the gold standard among security
certifications. Many companies make CISSP certification a job requirement before
hiring an employee. Our research has shown consistently that the CISSP is by far the
top requested InfoSec certification among job posts, normally more than double that of
the next closest certification. Several salary surveys have indicated that having a CISSP
may increase your salary potential. Currently, the average salary of all jobs on Indeed.
com that include CISSP as a keyword is $112,000. Generally, CISSP holders represent
a wide range of experience and positions, from security analyst to CISO. According to
Payscale.com, 46% of CISSP holders have 10-19 years of experience.

(ISC)2 Mad Scientists

In order to sustain the industry leading position of the CISSP certification, (ISC)2 devotes a
lot of time and energy into maintaining the high standards of the exam. A panel of subject
matter experts (SMEs), the Board of Directors, and experts in psychometrics continually
review and update the test and the pool of questions from which it is comprised. The
SMEs conduct job task studies to confirm that the exam reflects the actual work that
CISSP holders perform as professionals. They also ensure that even though each exam
may have different questions, the level of difficulty remains comparable, and that once
raw test scores are scaled, a score of 700 means that a candidate has passed regardless
of the test version taken.

With the CISSP, the experts at (ISC)2 have engineered a well-earned reputation for
having created a challenging exam that strikes fear into the hearts of many test takers.
Forums such as TechExams.net are full of candidates who had to sit the exam on multiple
occasions in order to pass. Complaints about puzzling and perplexing questions are
commonplace among forum members and only serve to add to the mystique (and
frustration) of the test.

CertBase.io The Top 45 Tips to Crush the CISSP 6

Help Is Available
If the exam sounds intimidating to you, dont worry because you are not alone in your
endeavor. Fortunately for those who are preparing for the CISSP today, a whole industry
has developed to support candidates in their quest to gain this certification.

The popularity of the CISSP feeds an ecosystem of vendors, trainers, consultants,

authors, and bloggers who make a living by helping people to pass the exam. Regardless
of your preferred learning medium - be it books, videos, classroom training, practice
exams, Facebook or LinkedIn groups there is something out there for you.

Although there are a lot of excellent free resources available such as TechExams.net
and Cybrary.it to name a couple, you need to be prepared to spend some money (or
your companys money) during your CISSP journey.

At a minimum, I recommend using one of the classic books such as The CISSP All-in-
One Exam Guide by Shon Harris ($49) (which is becoming a little outdated but is still
an important reference), the CISSP Study Guide by Eric Conrad ($57), or the CISSP:
Certified Information Systems Security Professional Study Guide from Sybex ($46).

Many successful candidates also purchase a subscription to a practice exam database

such as CCCure.org (three-month access, $90), and some go for a classroom-based
boot camp ($2000-$5000).

Last, but not least, is the cost of the exam ($599) and its annual maintenance fee ($85),
and if you factor in the required steady supply of caffeine from your local coffee shop,
you can see that obtaining the CISSP will not be cheap.

Hunker Down
Once you have purchased the study materials, you will need to set a schedule of
consistent study and preparation. The CBK consists of eight domains of packed content
that simply cant be digested overnight. The (ISC)2-provided outline of the exam is 20
pages worth of high-level topics that need to be mastered. The Shon Harris CISSP
All-in-One Guide, in which many of the details of these topics are covered, is a tome
of 1456 pages. There is a reason that CCCure sells a years worth of access to their
practice exams. They know as well as their customers that preparation for the CISSP is
more like a marathon than a sprint. If you want to be successful, you will need to pace
yourself and be consistent. Take too much time off and you will start forgetting material
that you have worked so hard to learn.

CertBase.io The Top 45 Tips to Crush the CISSP 7

Uh-Oh, Exam Day
After your significant investment of time, energy and money, you will be rewarded with
the arrival of the dreaded exam day. You can expect a grueling six-hour ordeal of staring
at complex exam content that will test your confidence and make you shake your head
at times. You will see questions that you have never seen before. There will be questions
that make no sense and multiple answers that appear to be equally correct. This exam
will test your patience and ability to focus over a long period. But hang in there. If you
prepared sufficiently, you will make it through, and hopefully when you finish, there will
be a passing score waiting for you when you leave.

Almost There
Although the hardest part is now over, you are not yet officially CISSP certified. Dont go
running out to put CISSP on your resume just yet. The proper title at this phase is that
you are an Associate of (ISC)2 (if you request (ISC)2 to initiate this status for you). Before
granting you CISSP status, (ISC)2 requires you to submit your work history showing
the requisite number of years of security experience (five years with the possibility of
a year waived for education or certification qualifications). If you dont meet the work
experience requirements, you should go ahead and become an Associate of (ISC)2. It
will demonstrate that you passed the exam and give you access to (ISC)2 resources.

You also need to affirm that you will abide by the (ISC)2 Code of Ethics. Finally, an
(ISC)2 certification holder in good standing must endorse you. Once this paperwork is
submitted, you can expect to receive within four to six weeks that glorious note from
(ISC)2 congratulating you on your new status as an official CISSP. You made it!

Life as a CISSP
Will your life change significantly after becoming a CISSP? Not really. You will certainly
be able to apply to more jobs if you are looking to change positions. Perhaps you will
leverage the CISSP when negotiating a pay raise or bonus in your current job. Other
perks include discounts at conferences, networking opportunities, and access to the
(ISC)2 digital magazine.

One change to expect after you become a CISSP is that you will start obsessing over
meeting your annual Continuing Professional Education (CPE) requirements. Each time
you participate in an educational activity, make sure you document it so that you can
submit it as a CPE. The last thing you want is failing to meet CPE and annual payment
requirements thus jeopardizing the certification you worked so hard to obtain. I am sad
to say that this happened to me personally and now I regret it. That is why I dont list
CISSP on my LinkedIn profile anymore.

CertBase.io The Top 45 Tips to Crush the CISSP 8

One final point is that you will have the satisfaction of knowing that your hard work paid
off and you are a member of the exclusive CISSP club. It is a mostly an unspoken thing,
but youll share it with other CISSPs who had to endure the same process as you in order
to become certified. Others might downplay the significance of the CISSP or question
its validity as a measure of competence and knowledge in the field of information
security, but if they had the opportunity to put CISSP after their name, many would
jump at the chance.

Show Time
Now that you can visualize yourself as a CISSP, it is time to get to work and make it
happen. This is where good tips, strategies and techniques really come into play. You
will need to manage this undertaking in the most efficient and practical way possible
and the right techniques can be helpful. There is no need to reinvent the wheel here.
The exam is difficult, but many people have taken it and passed it. Why not learn from
others who have succeeded in this challenge? Many of these tips and techniques come
from my personal experience having prepared for, taken and passed the exam at the
first attempt after a few months of study. Other tips were compiled from friends and
colleagues, bloggers, discussions and other sources.

The following is really a strategy guide; consider the tips contained within as a tactical
playbook for improving your chances of passing the exam. I have tried to make the
individual tactical tips useful and applicable, but their true power comes when they are
applied in combination. I strongly believe the synergy between these techniques will
give you a significant edge and improve your chances of passing the exam. So without
further ado, lets proceed to the tips.

CertBase.io The Top 45 Tips to Crush the CISSP 9

 2
PART

PREPARATION TIPS

R2 SAYS THAT THE CHANCES

OF SURVIVAL ARE 725 TO 1.
ACTUALLY R2 HAS BEEN KNOWN
TO MAKE MISTAKES... FROM TIME
TO TIME... OH DEAR....
C3P0

1
Field experience helps in many certifications, but it provides a
critical advantage in the CISSP. Firstly, (ISC)2 requires applicants
to have five years of professional experience in at least two of
the eight domains in the CBK. From a test-taking perspective,
GAIN actual experience in the field will give you a valuable context
EXPERIENCE in which to make sense of the conceptual and scenario-based
questions in the exam.

2
The CISSP is not an exam to take lightly. Lift up a copy of The
CISSP All-In-One Guide by Shon Harris in your hand and the
weight alone tells you that there is a lot of material to cover.
Unless you are a very experienced security professional, allow
PREPARE FAR at least three to four months to prepare. You will need to read
IN ADVANCE books, watch videos, maybe attend a boot camp, and pass
practice exams during your journey to becoming a CISSP. For
most people, this is not something that can be accomplished
in a few weeks.

CertBase.io The Top 45 Tips to Crush the CISSP 10

3
The most efficient approach to the CBK is to focus on the
areas where you are the weakest. Most professionals in the
security field will have some experience in at least one or two
of the domains and will need less study time in these areas.
FIND YOUR If you have a CCNA and are an expert in networking, but
WEAKNESSES have never been exposed to incident response or disaster
recovery, it doesnt make much sense to spend as much time
in Communication and Network Security as in the Security
Operations domain. Review the official exam outline, the
table of contents in each book that you read, and the results
of practice exams in order to identify your weak areas and
focus your effort on them.

4
One great way to capture information during your CISSP
studies is to use a mind map, which is a visual representation
or diagram of words or concepts linked together, usually
around a central theme. Mind maps are more fun to create
MIND MAP IT than notecards and usually much more beneficial since they
help to organize information as a whole. Consider creating a
mind map for each domain and then use it to help you isolate
areas were you need more study. Check out the tools available
online from MindMeister or FreeMind.

5
For some certification exams, all you need to do is memorize
a lot of material; however, the CISSP is not such an exam.
Even if you take a thousand practice questions, it is highly
unlikely that you will find an exact question from the actual
DONT exam. Rather than trying to memorize questions, use practice
MEMORIZE exams to become a better test taker by learning how to read
QUESTIONS questions carefully and how to eliminate incorrect answers.
Practice exams are just as much about becoming a better test
taker as they are about measuring your level of knowledge.

CertBase.io The Top 45 Tips to Crush the CISSP 11

 6
OVER-PREPARE

You can get by reading a book, taking a

couple of practice exams, and relying on
your experience for some certifications,
but the CISSP is not one of them. There
are eight domains within the CBK, so most
people simply dont have experience in
every area. You will not be able to skim
NEVER TELL this material or read it once. You will
need to cover the CBK in depth using
ME THE multiple resources in order to master the

ODDS. material. Over-preparing ensures that if

you end up with more questions in one

HAN SOLO domain over the others, you will be able

to hold your own.

7
Learn the content within the CBK before taking practice
exams. Instead of using practice exams as a tool for learning,
use them to measure your readiness and to improve your test-
taking strategies. That is not to say that you cant learn content
SAVE from the practice exams - you definitely can. However, the real
PRACTICE benefit from practice exams is twofold: First, you become a
EXAMS better test taker by learning how to answer questions more
FOR LATER strategically. This includes eliminating answers and reading
questions more carefully in order to identify key words and
concepts. Second, practice exams let you know if you have
mastered the material. If you are scoring 80-90% on a particular
domain, you can be confident that you have mastered the
material and are able to move on to other domains.

CertBase.io The Top 45 Tips to Crush the CISSP 12

8
The CISSP exam has long been described as being one inch
deep and a mile wide. (ISC)2 is not interested in candidates
memorizing every technical fact or detail. Instead you should
strive to understand the key concepts across the domains and
GO ONE be able to apply them in different scenarios. For example,
INCH DEEP you want to know the basics about how TCP works such as
the initial handshake and the flags it uses, but you wouldnt
want to get into the details of how the algorithms work for
managing flow control. If you find yourself digging too deep
into the technical details of a subject during your studies,
back up and focus on the high-level concept.

9
Last minute cramming is usually not a good idea and the CISSP
exam is no different. Avoid any cramming the night before or
the morning of the test. If you dont know the material by now,
last minute cramming wont help you. Cramming could even
AVOID LAST have a negative impact on your performance by tiring you out
MINUTE before the test or confusing you with concepts that you have
CRAMMING not fully learned. Trust in the fact that you have fully prepared
for the exam and go with what you know.

10
Slogging through an endless amount of CISSP material
requires a certain level of motivation. At times you may
feel your confidence dipping as you work through the CBK
wondering if you can ever learn it all. One way to boost your
BUILD YOUR confidence and increase your motivation is to take practice
CONFIDENCE exams. Receiving positive feedback on domains you have
studied lets you know that the work you are doing is paying
off and is a big encouragement to help you keep pushing
through the material. Also, keep a checklist of study tasks you
want to complete and check them off as they are finished. A
list of completed tasks can be very encouraging.

CertBase.io The Top 45 Tips to Crush the CISSP 13

11
LEARN FROM OTHERS
You are not alone in your CISSP
endeavor. Many other professionals
have been down this road too and
are willing to share their CISSP
experiences. If you have a question
about the test or the material, it has
probably been asked and answered
before. Spend time on forums like
TechExams.net and youll find a
plethora of posts from people who ID JUST AS SOON
have lots of great advice to share.
KISS A WOOKIEE.
PRINCESS LEIA

12
13
FIND A STUDY PARTNER
Becoming a CISSP is a tough enough
journey. Why do it alone? Find a study
partner who can help and support USE CURRENT MATERIALS
you along the way and vice versa.
In 2015, (ISC)2 refreshed the content of
Obvious places to look are at work,
the CISSP. The number of domains was
among your colleagues, and online.
reduced from 10 to 8 and some areas
There are plenty of social networking
were expanded while others were moved
groups dedicated to the CISSP.
to different domains. Make sure that you
You can find groups on LinkedIn,
include study materials that are current
Facebook, and Meetup to name a
and have been updated with the (ISC)2
few. Once you find someone, sign
changes. The Shon Harris CISSP All-in-One
up to take the test together and then
Exam Guide is an example of a book based
help keep each other on track during
on the older CBK.
the process.

CertBase.io The Top 45 Tips to Crush the CISSP 14

14
Be prepared for scenario-based questions. It is not enough
simply to know a lot of facts; you must be able to apply them.
For example, you may be asked to address scenarios dealing
with response to security events involving an intrusion, a
PRACTICE disaster, or a legal issue. Can you take in a lot of details and
YOUR use them to apply a policy or process in order to come up with
SCENARIOS a solution? Can you put yourself in the shoes of an intrusion
detection or business continuity manager in order to solve
a question? This is another area where you can benefit by
taking practice exams.

15
Consider obtaining an InfoSec certification with a lower
degree of difficulty before jumping into the CISSP. The CISSP
is quite a challenge for ones first certification. Why not start
with another certification such as Security+ or maybe even
EARN the Systems Security Certified Practitioner (SSCP) from (ISC)2?
ANOTHER Youll be learning content that may be useful for the CISSP,
CERT FIRST youll teach yourself how to study and prepare, and youll gain
a lot of confidence when you pass that first exam.

I FIND YOUR LACK OF FAITH

DISTURBING.
DARTH VADER

16
Preparation for the CISSP is a major project and it should be
managed like one. If this were a project for your company,
how would you approach it? Im not saying you should use
Microsoft Project to manage your schedule, but you should
CREATE A think systematically about how much time you have to prepare
SCHEDULE and how to break the work into manageable chunks. Think
about the study activities you would like to accomplish and
how long each will take. Make an outline and put some dates
against specific activities, then stick to it.

CertBase.io The Top 45 Tips to Crush the CISSP 15

17
There is an endless number of materials available to help you
prepare for the exam, with new materials being introduced
daily. However, people consistently mention a few core
materials that have helped in passing the test. Do the research
USE THE and find out what people are mentioning in their study plans.
CORE The following is a short list: CISSP Study Guide by Eric Conrad,
MATERIALS the CISSP All-In-One Guide by Shon Harris, CISSP: Certified
Information Systems Security Professional Study Guide by
Sybex, Official (ISC)2 Guide to the CISSP CBK, Fourth Edition
by (ISC)2 , videos from Cybrary, and CCCure practice exams.

18
SCHEDULE IN
Do you want to light a motivational fire under yourself?
Schedule a date for the exam in advance. There is nothing
better for your motivation and sense of commitment than
knowing you have paid for the exam and the date is set.
ADVANCE

19
A second way to motivate yourself is to announce your test
date. Once you schedule the exam, let people know about it
publicly. Not only will you receive the support of friends and
colleagues, youll be on the hook. Once others know you are
ANNOUNCE taking the test, youll feel the pressure to keep up with your
YOUR DATE studies because you wont want the embarrassment of telling
people that you didnt pass.

20
Figure out how you learn best and then design a study program
that meets your needs. We all have different ways of learning,
be they visual, auditory, kinesthetic, or a combination. For
some people this might mean curling up at night with Shon
LEARN YOUR Harris book, for others it may mean cranking up videos on
STYLE Cybrary. Perhaps you need live instruction at a boot camp,
or perhaps you prefer to take notes, create indexes, or make
notecards. The key is to find out what works best for you and
use that modality as your primary approach to learning.

CertBase.io The Top 45 Tips to Crush the CISSP 16

 YOU NEED A TEACHER! I CAN
SHOW YOU THE WAYS OF
THE FORCE!
KYLO REN

It has been suggested that around 70% of test-takers pass the

21
CISSP exam, which means that if you are unfortunate enough
to be in the 30% group that does not pass, you need a strategy
for retaking the exam. My suggestion is to reschedule another
exam date within a short period of time. After all your hard
RETEST SOON work and preparation, you dont want to lose momentum. If
IF NEEDED you schedule a retest too far in advance, you may be tempted
to take a break from studying which means you will start
to forget material. It may also be tough to jump back into
studying after a break, so schedule the test immediately and
try to keep your current study schedule in place. (ISC)2 allows
you to retake the CISSP after 30 days if this is the first time you
have not passed the test.

22
There is no doubt that a boot camp can help you pass the
CISSP and many people opt for this route. If you do choose
to do a boot camp, you need to decide when to schedule this
activity. I suggest you take a boot camp in the initial part of
TAKE A BOOT your studies and use it to identify areas where you are weak
CAMP EARLY and need additional work. Taking it early also gives you an
in-depth overview (albeit compressed) of the CBK. As you
continue your studies, youll be able to assimilate new material
better having this mental map of the CBK in your head.

CertBase.io The Top 45 Tips to Crush the CISSP 17

23
Since there may be questions that deal with the (ISC)2 code
of ethics, it would benefit you to memorize it, because a
condition of being awarded the CISSP is that you commit to
the code as a certification holder. Learn the preamble and the
KNOW THE four canons and you will be prepared for questions that may
CODE OF require an ethical perspective.
ETHICS

24
You need to take advantage of any free time to study. What
about a podcast so that your time in the car or elsewhere
can be put to good use? Two to try are recordings from Eric
Conrad and CyberSecStudy.
TRY A PODCAST

25
Begin your studies with the Security and Risk Management
domain. Here you will start with the security principles of
confidentiality, integrity, and availability (CIA), which underlie
much of what we do in security. If you build a solid foundation
BEGIN WITH THE in this domain, other domains may make more sense, helping
FOUNDATION you to understand why certain security functions are important.

26
Consistency in your studies is essential. A little study or
practice exam time every day will help you to learn and retain
information better than cramming sessions with long periods
of inactivity in between.
CONSISTENCY

27
There are a few things you will want to commit to memory so
why not use a mnemonic to help you. There is a bunch out
there already but if you want, have fun and create your own.
Some examples include: OSI model - (All People Seem To
MNEMONICS Need Data Processing), CMMI (I Really Defend My Opinion),
and SDLC (Re Do Damn Test Right)

CertBase.io The Top 45 Tips to Crush the CISSP 18

 3
PART

CISSP HUMOR

You deserve a break. Its time for

some CISSP humor.

CertBase.io The Top 45 Tips to Crush the CISSP 19

CertBase.io The Top 45 Tips to Crush the CISSP 20
CertBase.io The Top 45 Tips to Crush the CISSP 21
CertBase.io The Top 45 Tips to Crush the CISSP 22
CertBase.io The Top 45 Tips to Crush the CISSP 23
CertBase.io The Top 45 Tips to Crush the CISSP 24
CertBase.io The Top 45 Tips to Crush the CISSP 25
CertBase.io The Top 45 Tips to Crush the CISSP 26
CertBase.io The Top 45 Tips to Crush the CISSP 27
 4
PART

TEST TAKING TIPS

YOUR FOCUS DETERMINES

YOUR REALITY
QUI-GON JINN

28
This is a given but it must be mentioned. Give yourself the best
chance of success by being fully rested at test time. Going to
bed early will help you feel fresh in the morning and allow
you to get up early enough to arrive in advance of the test.
SLEEP WELL There is a significant amount of academic research showing
that students with a full nights rest perform better in exams
than students who stay up the night before. Additionally,
students who sleep more during the exam period gain higher
grades, probably because quality sleep helps one to retain
information. So make sleep a priority when preparing for the
CISSP, especially the night before.

29
This is another given. There are two mistakes you could make
in regards to eating prior to the test. If you skip a meal or eat
too lite, your overworked brain will burn through calories too
fast and you wont have enough energy to finish. The other
EAT WELL
mistake is to eat too much or eat the wrong food. Your body
will take away resources from your brain while trying to digest
a difficult meal. The best option is somewhere in between
the two extremes. Eat a healthy, balanced breakfast and then
bring snacks to help you get through the test if needed.

CertBase.io The Top 45 Tips to Crush the CISSP 28

 30
MARK QUESTIONS FOR REVIEW
Mark questions for review. If you are unsure about a
question, mark it for review and move on. One benefit
of this approach is that you wont waste a lot of time on
a question or raise your frustration level unnecessarily. If
you have time at the end of the test, which you probably
will, you can revisit these questions. Second, you may
get clues from other questions that may help you answer
IN MY EXPERIENCE, previous questions. At a minimum, once you reach the
THERE IS NO SUCH final question youll have a better feel for how (ISC)2 asks
questions and what they might be looking for in your
THING AS LUCK. answers. This may help you to tackle the questions you
have marked for review.
OBI WAN KENOBI

31
Become an answer elimination expert. Eliminating answers is
all about increasing the probability of a correct answer and the
more correct answers, the better your chances are of passing.
An answer chosen at random from four possible answers
ELIMINATE gives you a 25% probability of a correct choice. Eliminate two
ANSWERS answers and the odds jump to 50%. Always make it a goal
to eliminate at least two answers for each question. Answers
that have nothing to do with the question are an obvious
target for elimination. Answers that are too similar may also
be candidates. Over time youll become better at eliminating
answers and the best place to learn these strategies is in
practice exams.

32
One frustrating aspect for CISSP test takers is that often more
than one of the answers appears to be correct. The key here
is to pick the best answer by using the context of the question
and by carefully reading what is being asked. Often there will
CHOOSE THE be clues in the question that hint at the right answer. If more
BEST ANSWER than one answer appears correct, go back and reread the
question to find the clue that leads you to the right answer.

CertBase.io The Top 45 Tips to Crush the CISSP 29

33
Although (ISC)2 wants to make sure you have a fundamental
understanding of security, they are not testing deep technical
knowledge. In that regard it is helpful to think from a managers
perspective when taking the test. Unless the question clearly
THINK LIKE A requires a straightforward technical answer (e.g., The size of
MANAGER a SHA-1 hash value has how many bits?), you should think
about how a manager in the domain would answer it. What
processes, standards, or policies would they follow when
addressing the issue? How would they prioritize and what
would they do first? How would they assess the risk of the issue
or perform a cost/benefit analysis? Think from this perspective
and youll have an advantage when taking the exam.

34
What good is security if we cant protect human life? That
might be obvious but it is one point that you dont want to
forget during the test. (ISC)2 emphasizes this in their Code
of Ethics which has the safety and welfare of society and
HUMAN the common good as the first point in the preamble. In any
SAFETY question where the safety of people is involved, for example
a disaster recovery plan, choose an answer that highlights the
priority and importance of protecting the safety and welfare
of others above all else.

35
You have spent months preparing for the test so why would
you take any chances of arriving late on exam day? What
if there is an accident on the way or an unusual amount of
traffic? You are going to be stressed enough so there is no
ARRIVE EARLY reason to add to your worry. On exam day, arrive with plenty
of time to check in and get comfortable for the test. Consider
driving to the exam location prior to the test to make sure you
know the way.

CertBase.io The Top 45 Tips to Crush the CISSP 30

 DO OR DO NOT,
THERE IS NO TRY.
YODA

36
IDENTIFY KEY
WORDS
Success on the CISSP requires that you read questions carefully. In particular, it means
identifying the key words that help to determine the correct answer. Make sure to
notice significant words like NOT, INCORRECT, MOST, LEAST, BEST, WORST, EXCEPT,
just to name a few examples. If you miss a word such as incorrect you might end up
choosing an answer that has an opposite meaning to the correct one. These words
will often make it easier to eliminate answers. Also pay attention to the last word in a
question. Sometimes the key word may be hidden at the very end.

37
(ISC)2 gives you six hours for 250 questions, which is more than
enough time. Rarely will you hear people say they needed
more time. As a result, take your time. There is no need to
hurry or put additional pressure on yourself to get through
TAKE YOUR the test. At the same time, use the extra time you are likely
TIME to have at the end to your advantage to review marked and
unanswered questions.

38
Six hours is too long for any person to focus. After a long
period of concentration, the brain will begin losing focus and
effectiveness. In order to stay as fresh as possible during the
test, make sure you take breaks. Go to the bathroom, get a
TAKE BREAKS drink, eat a snack, and stretch. If anything, this will give you a
minor mental boost as you return to the exam. Even though
the clock doesnt stop ticking while you are away, as we just
mentioned you will likely have more than enough time to
finish the exam.

CertBase.io The Top 45 Tips to Crush the CISSP 31

39
This is a simple tip - answer every question. There is no penalty
for answering a question incorrectly so you might as well give
it a shot. At the end of the test, review the questions to make
sure that all of them have answers before submitting your test.
ANSWER
EVERYTHING

40
If you enter the exam with some test material in your head that
you dont want to forget, consider writing it down before you
begin the test. For instance, lets say you are afraid that you
are going to forget the OSI model layers or private IP ranges.
MINI BRAIN You may not encounter these on the test but if it will give you
DUMP piece of mind, take a few minutes to write them down prior
to starting the test so you wont worry about forgetting them.

YOURE ALL CLEAR, KID!

NOW LETS BLOW THIS
THING AND GO HOME!
HAN SOLO

41
USE DIFFERENT
PERSPECTIVES
Successfully analyzing CISSP questions is an important factor in your success. One
way to go about this is to use various perspectives when reading the question. I have
already mentioned this once regarding thinking like a manager, now lets take it one
step further. Try the perspective of the person who created the question. What were
they trying to convey when they sat down to write it? What point about security do
they want to make? This may give you insight into the answer they want you to select.
Another perspective to use is that of someone who works in the specific domain. It
does not have to be a manager; think about what an engineer, business analyst, or
even a CISO would do in the same situation.

CertBase.io The Top 45 Tips to Crush the CISSP 32

42
To remove some of the suspense and stress of not knowing
what to expect, consider flipping through the questions briefly
at the beginning of the test to get an idea of what is coming.
This will help set your expectations and allow you to know
TAKE A what you are up against versus being surprised or nervous
SNEAK PEAK with each new question.

43
Resist the urge to panic after the first 10-15 questions. It is
easy to fall prey to anxiety once the test starts - you see how
difficult real questions are, and you think about the stakes and
what it would mean to fail. You need to be prepared for this
DONT PANIC feeling and put it out of your mind at the beginning of the
test. Relax, take deep breaths, and reassure yourself. You have
put in the work to learn the material, so youll be able to get
through the test if you dont let your nerves get the better of
you.

44
Before you finalize an answer, always make sure you go back
and re-read the question. If you fail to see the key word, get
distracted by unnecessary words, or miss the main point, you
might answer incorrectly. By re-reading, you assure yourself
RE-READ THE that you know exactly what is being asked. There is no need to
QUESTION rush through a question, so do yourself a favor, take the time
to re-read and make sure you have interpreted the question
correctly.

45
There may be a question(s) with content you have never seen
or you havent a clue how to answer. Dont let this frazzle you.
You can fail many questions and still pass the test. Remember
that there are new beta questions being introduced all the
DONT GET time and any one question may not even count toward your
STUCK overall score. If you are totally stumped or frustrated, mark it
for review or give it your best guess after eliminating as many
answers as you can.

CertBase.io The Top 45 Tips to Crush the CISSP 33

 5
PART

RESOURCES

It can be difficult to figure out the resources that will help you the most on the CISSP
exam. There are gazillions of types of products and services being promoted on the
Internet and not all are of equal quality when it comes to preparing for the exam. To
help cut through the noise, I used TechExams.net to find out what successful CISSPs
had used in their preparation. I surveyed posts in the CISSP forum over the past year
with the words passed in the title. These are postings where the individual lets the
community know that they passed the test. Posters also normally use this opportunity
to give something back to the community by sharing the resources they used during
their studies. I recorded the resources identified in each post and kept counts for each.
The list I created contains the 40 most cited resources. There were some of the old
favorites in the list but a bunch of surprises as well. Everyone should be able to find
some resource on this list that will work for his or her particular style of study.

To receive this awesome list, all you need to do is sign up at

http://certbase.io/cissp-resources.

CertBase.io The Top 45 Tips to Crush the CISSP 34

CONCLUSION
Hopefully you have found something worthwhile here that might benefit you come
exam day. There are so many great CISSP resources out there; this can be another one
in your arsenal. Ultimately, even with the best resources, you still have to invest the time
and energy to make it happen. If you have made it this far in the eBook, Im sure you
have what it takes to go the distance in your preparations.

Good luck. You can do this.

Now go crush the CISSP!

Special thanks to Steve Witmer, Rafael Algara, and others for reviewing and providing
valuable feedback and input and Theresa Ford for the lighthearted CISSP comics.

Disclaimer
The information contained in this guide is for informational purposes only. The
publication of this information does not guarantee success in the CISSP. It is simply
a recommendation and an expression of my own opinion. No part of this publication
shall be reproduced, transmitted, or sold in whole or in part in any form, without the
prior written consent of the author. Users of this guide are advised to do their own due
diligence when it comes to preparing for the CISSP exam. By reading this guide, you
agree that CertBase is not responsible for the success or failure of your efforts to earn
the CISSP certification.

CertBase.io The Top 45 Tips to Crush the CISSP 35