CISSP certification

Questions and answers

The Certified Information Systems Security Professional (CISSP)
is the GOLD standard of IT Security certifications.
It is the most sought after IT security certification by recruiters.

There is expected to be an addition of 4.5 million IT

Security job worldwide by 2019 – from today's 1,5
million to 6 million.

CISSP certified IT Security Professionals make on

average 25% more, than non-certified colleagues.

The mean salary (average) for a certified CISSP

security professional in the US is over $95,000.

There are currently 44,000 CISSP job listings on the 5

top IT Job sites in the US.

EXAM FAQ:
You can use up to 6 hours, it is a marathon not a
sprint, you can leave when you are done, breaks
does not stop the timer.

Contains 250 questions.

The majority is multiple choice questions with 4
answers.
A few questions are drag and drop and a few hot-
spot questions.

Has a passing score of 700/1000, the questions

are weighted.
https://www.isc2.org/register-for-exam/exam-
scoring-faqs
Is offered in English, French, German, Brazilian
Portuguese, Spanish, Japanese, Simplified
Chinese, Korean, and a version for the visually
impaired.

Book your exam through Pearson-Vue here:

http://www.pearsonvue.com/isc2/

Pay the exam fee of $599, prices may vary slightly

depending on where you live.

https://thorteaches.com/

https://www.facebook.com/groups/ThorTeaches/
 CISSP certification
Questions and answers
EXAM FAQ:
The exam is proctored, meaning you are monitored
by a person or a camera at all times.

The test is computer based, the proctor will start

the 250 question test on a PC.

You can mark questions for review, and go back

and forward on the test.

You can not bring anything personal into the

examination room, this includes phones, books,
notes, extra clothing, food and drinks.

You will be given 2 dry erasable pieces of

laminated paper , and a pen for them.

You will have 15 minutes for a brief walk-through

of how the testing software works.
If you have done this type of tests before you can
use that time for writing down your formulas and
quick references, this will help when your brain is
getting tired.

You can't pause the exam, you have a maximum of

6 hours, that includes bathroom and snack breaks.

You will most likely be in a room with many other

test takers, you can ask for a pair of earplugs or
headphones to help with the noise. The other test
takers will most likely not be taking the CISSP.

404 If you have a technical issue, raise your hand or

leave the testing room and talk to a proctor.
They will tell you which before starting the exam.

Be on time (early), if you are late they may not

allow you to take the exam, losing the exam fee.

Bring 2 types of ID to the test center, 1 must be

government or state issued with a picture.
None of the ID's can be expired.

https://www.isc2.org/Register-for-Exam
https://thorteaches.com/

https://www.facebook.com/groups/ThorTeaches/
 CISSP certification
Questions and answers
CISSP ELIGIBILITY:

Anyone can take and pass the exam.

To be awarded the CISSP designation you will have
to fulfill the requirements below.

Have at least five years of cumulative, paid, full-

time work experience in two or more of the eight
domains of the CISSP Common Body of Knowledge
(CBK).

One year can be waived if you have:

A four-year college degree (or a regional
equivalent) or, an approved credential from the
CISSP Prerequisite pathway (one of over 40 IT
security certifications listed here:
https://www.isc2.org/Certifications/CISSP/Prereq
uisite-Pathway
No more than 1 year can be waived.

If you do not fulfill the work requirement you can

still take and pass the exam, you will have 6 years
to meet the work requirements and in the
meantime you will be awarded the "Associate of
(ISC)²" designation.

Complete the Examination Agreement. You agree

to the truth of your assertions regarding
professional experience.

You legally commit to the adherence of the (ISC)²

Code of Ethics.
https://www.isc2.org/Ethics

Review the Candidate Background Questions.

https://www.isc2.org/Register-for-
Exam/Background-Qualifications

Have your application endorsed.

Your endorsement form must be completed and
signed by an (ISC)² certified professional.
(ISC)² can endorse you if you can’t find a certified
individual.
https://www.isc2.org/Endorsement
https://thorteaches.com/

https://www.facebook.com/groups/ThorTeaches/
 CISSP certification
Questions and answers
CISSP EXAM TIPS:

Get a good nights sleep before the exam, eat a

solid breakfast, caffeinate and whatever else works
for you to raise energy and mental clarity.

On the test look for the keywords: Encryption, PKI,

leadership, preventative, confidentiality, etc.

Look for the indicators: Least, best, most, first,

last, primary, etc.

Answer everything from an IT security managers or

a risk advisers point of view.
Do not answer from a hands-on technical point of
view.
Do not answer from a high level senior
management point of view.

Do at least 2 full 250 question practice exams in

one sitting while preparing for the exam, you need
to know how your brain reacts after several hours
of new scenarios and questions thrown at it.
Knowing can help you at the real exam.

Score consistently over 80% in all domains on

practice tests before taking the exam.
Understand why an answer is right, also
understand why the other 3 answers are wrong.

If unsure on an answer, mark it for review, answer

it and return if you have time at the end.
Even if it is a guess 25% chance is better than 0%.

Read all the answers even if you know the first to

be right, there may be multiple right answers, you
need to pick the most right.

Do multiple passes if possible, but only change

answers you can explain why the new answer is
the right one.

Understand the concepts, don't just cram the

knowledge, many questions are judgement based.
https://thorteaches.com/

https://www.facebook.com/groups/ThorTeaches/
 CISSP certification
Questions and answers
I PASSED NOW WHAT?

If you passed congratulations, awesome job -

reward yourself.
You will not know your score, just that you scored
over the required 700.

You will most likely get your results at the test

center a few minutes after clicking end exam, a
test report will print with passed or failed.

You now need to be endorsed (see above) the

process from submitting the endorsement and if it
is not audited will take 3-6 weeks.

Start earning CPE's (Continuing Professional

Education).
For the CISSP you need to earn 40 CPE's per year
(from the date you were awarded the CISSP
designation, not your exam date).
This can be other certifications, education, CBT
training, podcasts, or many other things.
CPE's are devided into A and B CPE's you need at
least 30 group A and no more than from 10 group
B.
• Group A Credit: CISSP Domain-Related Activities.
• Group B Credits: Professional Development /
Knowledge Sharing.
https://www.isc2.org/Member-Resources/CPE-
Overview

Pay your AMF (Annual Maintenance Fee).

Currently $85 per year.

All this is done on the (ISC)² member site:

https://www.isc2.org/member-home

Celebrate and reward yourself, this is an amazing

acomplishment, you did it!

If you are looking at related certifications I would

suggest you keep going while the knowledge is
fresh in your memory, if you take a 1+ month break
much of it will be moved out of active memory.
https://thorteaches.com/

https://www.facebook.com/groups/ThorTeaches/
 CISSP certification
Questions and answers
I FAILED NOW WHAT?

If you failed don't despair, fail forward.

You now know the exam style, you will get a score
and a percent for each domain, you know your
weak areas and you know what to focus on for the
next time.

You will most likely get your results at the test

center a few minutes after clicking end exam, a
test report will print with passed or failed.

Take a few days if you need, relax, motivate

yourself to continue and back to studying.

I personally have failed on multiple certification

FAIL exams. The failures do not matter in the long run, it
is what you do after it that does.

You can retake the test after 30 days for the first
retake, 90 days for the second, 180 days for the
third and you can do no more than 3 attempts in a
calendar year.

If you scored 650 or higher I would book your

second attempt right away, use the 30 days to get
stronger on the domains you scored low on and
while the knowledge is still fresh.
Many who take 1+ month break never start up
again, they have already forgotten much of the
knowledge.

People who have all the knowledge required and

still fail with a 650-699 score, often do so because
they answer technical point of view, they act, not
advise.
Remember you are middle IT security management
or a risk adviser, and you need to read, understand,
and answer the questions from (ISC)²'s point of
view.

You will have to pay the $599 for each attempt at

the CISSP certification, but an average salary 25%
higher is worth it.
https://thorteaches.com/

https://www.facebook.com/groups/ThorTeaches/
 CISSP certification
Questions and answers
TYPES OF EXAM QUESTIONS:

The exam question pool is huge, some say it is over 10,000

individual questions.

The exam has 4 types of questions:

Multiple choice questions:
1 question and 4 answers, these are ~84% of the questions.
Scenario questions:
Also multiple choice 1 question and 4 answers, but several
questions based on the same scenario, these are ~11% of the
questions.

Drag-and-Drop questions: You get 1 question and drag-and-

drop the correct answers, more than one answer can be right.
These are ~3% of the questions.
Which of these are used in symmetric encryption?

Hot-Spot questions: Click on a diagram to indicate the right

answer. These are ~2% of the questions.

We are securing out layer 2 devices with the "mac-address

sticky" where would we implement that?

https://thorteaches.com/

https://www.facebook.com/groups/ThorTeaches/
 CISSP certification
Questions and answers
THE 8 CISSP DOMAINS PERCENTAGE OF THE EXAM:
The 8 CISSP domains draw from a range of information
security topics within the (ISC)² Common Body of Knowledge
(CBK).
1. Security and Risk Management 16%
2. Asset Security 10%
3. Security Engineering 12%
4. Communication and Network Security 12%
5.Identity and Access Management 13%
6. Security Assessment and Testing 11%
7. Security Operations 16%
8. Software Development Security 10%

RECOMMENDED BOOKS AND PRACTICE EXAMS:

When choosing the books you use for your CISSP certification I
think it is important to understand your own skill level and how
much knowledge you would need to both pass the certification,
but ultimately do your job well as an IT security professional.

I would recommend these two for people with some IT security

experience I would suggest these 2 books:
CISSP Study Guide, Third Edition.

Eleventh Hour CISSP®, Third Edition: Study Guide.

For people with limited or no IT security experience I would

suggest either or both of these books, on top of the CISSP
knowledge they also have more in depth IT security knowledge.
CISSP All-in-One Exam Guide, Seventh Edition.

CISSP (ISC)2 Certified Information Systems Security

Professional Official Study Guide

4 full 250 question CISSP practice exams on udemy.com

Questions and answers are randomized, it will feel like a new
test each time, and you will have lifetime access to the tests.
Use the links below and get each of the tests for $10.

CISSP certification: Full 250 question practice test #1

CISSP certification: Full 250 question practice test #2
CISSP certification: Full 250 question practice test #3
CISSP certification: Full 250 question practice test #4

https://thorteaches.com/

https://www.facebook.com/groups/ThorTeaches/