Congratulations! You decided to take the CISSP exam, you prepared for it for months, you practiced so hard and you even scheduled an exam date. You are not done yet. Don’t get so excited, you need to prepare for the exam day and eliminate or reduce the factor of surprise by understanding what to expect in the CISSP exam day.
To verify I actually passed the exam, you can find my CISSP badge here. This blog post is part of a blog series:
- How To Prepare for The CISSP Exam Day and Pass
- How I Passed CISSP Exam – My Personal Experience
- How I Passed CISSP – My Three Months CISSP Exam Study Plan
In a different blog post, I talked about my CISSP Exam personal experience, why I decided to take the CISSP exam in the first place, what motivated me, and are the different CISSP domains that you will be tested against. I highly recommend reading that blog post for further preparation.
In this blog post, I am going to share with you from my personal experience, how to prepare for the CISSP exam day, the new format of the CISSP exam (the CAT format), my methodology of picking the right answer, and most importantly, how to manage your time during the exam.
The last couple of days before the CISSP exam day are important. What you do and how you spend your time 24 hours before your CISSP exam day makes a difference. The exam is hard and expensive, so make it count. Don’t worry though, I will help you and walk you through all this. I also appreciate if you leave a comment after reading and let me know what do you think and how you prepared for the exam day.
You might be wondering about the big day when you go to the testing center and take the exam. In this section, I want to help you prepare for that day and share with you what I did at my CISSP exam day that made me relaxed and more confidant.
The Day Before The CISSP Exam Day
I remember that I had a plan for what to do and what not to do on that day. It is T-24 hours till the CISSP exam day and you will be nervous and you would question your whole studying on that day. So, don’t worry.
My plan on the day before the CISSP exam day is to make sure I relax, perhaps go home early directly after work, cancel any commitments I might have and trying to hit the bed early to have at least 8 hours of good deep sleep.
My goal was to go the exam day fully focused with my mind crystal clear to handle all CISSP questions, as I knew it is going to be long 3 hours the requires extra focus. I knew that by sleeping well the day before, I would increase my chances of answering the CISSP questions the next day with more focus. I hit the bed by 9 PM that day and I slept really well.
On that day also (the day before the exam), I made sure not to do any studying, but rather to solve one practice CISSP exam that I saved for that day. I wanted to gain confidence by taking one practice exam on that day. I knew I studied a lot during the last three months, and I didn’t want to be under pressure on this day by studying and reviewing the material again.
On the exam day, I made sure I woke up early, had a very good breakfast because I need good energy in the exam, and then went to the exam center at least 30 minutes earlier.
Make sure you know exactly where your testing center is and how to reach there in time. I can’t stress how important this is. It happened to me once that I scheduled an exam at a new testing center and I spent one hour trying to locate it.
For me, I arrived one hour earlier to the testing center. I had two different identification papers with my photo on them. Please don’t forget to do that. (ISC)² requires two forms of identification (ID) to take your exam:
- Your IDs must be valid (not expired).
- They must be original documents (not photocopies or faxes).
- Your primary ID must include your photo and signature. (The photo needs to be a permanently affixed to the document.)
- Your secondary ID must include your signature.
After providing your identification papers, there are couple of steps you will be asked to do before starting your test:
- Show two acceptable forms of ID (as defined above).
- Provide your signature.
- Submit to a palm vein scan (unless it’s prohibited by law).
- Have your photo taken. Hats, scarves and coats may not be worn for your photo. You also can’t wear these items in the test room.
- Leave your personal belongings outside the testing room. You’ll have access to secure storage. Storage space is small, so plan ahead.
It took good time actually to do all that and remember there are other people taking other tests which means you need to come early enough for the testing center to spare some time for you. Here is the full official information by (ISC)² about the exam registration and testing environment. Please read it very carefully and make sure you arrive early to the testing center.
CISSP Exam Information
Now that you know how to prepare for the exam, let’s talk about the exam itself. You should pay serious attention to the exam format and practice a lot to get the right mindset for the CISSP exam questions. Knowing the material alone most likely will not make you pass the test, you should learn how to read questions carefully yet quickly, how to eliminate the wrong answers first, how to think like a security manager not as an IT person, and how to do reasonable choices.
The New Computerized Adaptive Testing (CAT)
Mainly, the exam is more dynamic and the exam will adjust the time and the number of questions depending on how well you perform throughout the exam.
Every time you answer a question, the computer evaluates your ability to get the next question right based on your previous submissions and the difficulty of the questions. As you get answers right, the computer delivers more difficult questions and increases its estimate of your ability – you get things right, it gets harder, if you get things wrong then the computer serves up an easier question.
As you answer more questions, the computer’s estimate of your ability gets more precise. Each question affects the next question so there is no going back to change your answer to a previously answered question. If you reach a point where it is no longer possible to earn a passing score, the exam will terminate prior to the completion of all of the questions.
Exam Time & Number Of Questions
The CISSP exam had been updated in December 2017. Lucky you, the exam time and number of questions had been changed also.
Instead of 6 hours exam, the CISSP exam is only three hours long. Instead of 250 questions, you get a minimum of 100 questions and a maximum of 150 questions depending on how well you perform during the exam. So, at a minimum, you need to get through at least 100 questions in three hours. But the exam may need up to 50 more questions to evaluate your competence so you should plan to answer 150 questions in three hours.
Keep also in mind that there are total of 25 questions in the CISSP exam that are unscored, they exists in your exam for experimental purposes.You won’t be able to distinguish between the scored and unscored questions so don’t try. These experimental questions appear in the first 100 questions.
Unfortunately, In the new CISSP exam, you can move in one direction: forward. Test-takers will be unable to skip, flag, or revisit questions. The exam also costs 699$ as per today, you need to score at least 700 out of 1000 to pass.
You can take the CISSP exam up to three times within a 12-month period. For both the CISSP CAT and linear examinations:
- If you don’t pass the exam the first time, you can retest after 30 days.
- If a you don’t pass the exam on the second attempt, you can retest after an additional 90 days.
- If the third time still isn’t the charm, you can retest after 180 test-free days from their most recent exam attempt.
Increased Question Security: CAT reduces question exposure and the security risks that come with it. By switching to a CAT, (ISC)² can limit the number of times certain questions are revealed. For instance, someone who fails on the first attempt will not see all 150 questions, and thus will not have the benefit of experiencing some questions if they reappear on a retake of the exam at a later date.
How The Exam Ends?
The CISSP CAT exam will end in one of three different ways:
- Sudden Death (Confidence Interval Rule) – At any point from questions 100-149 this rule can be invoked. This rule simply means the the exam determines based on statistical data that you have either passed or failed the exam.
- Maximum Length – This rule is invoked when you hit the maximum number of questions, 150. At this point, to determine if you passed or failed, the exam will look back at your last 75 questions. In order to pass, your Confidence Interval had to be above the passing threshold at all times. If, at any point, your Interval dips below the passing threshold, the exam results in a fail.
- Run Out of Time (R.O.O.T.) – This rule is invoked when the three hour time limit runs out. If the time runs out before you reach 100 questions, you automatically fail. If you make it past question 100, and the time runs out, the exam will look back at your last 75 questions. In order to pass, your Confidence Interval had to be above the passing threshold at all times. If, at any point, your Interval dips below the passing threshold, the exam results in a fail. Sound familiar? The Maximum Length rule discussed above is identical to the R.O.O.T rule. That’s part of what makes the CISSP exam so challenging. That’s why it’s important to do well early to ensure you are well above the passing threshold when entering the homestretch of the exam.
My Personal Exam Experience
Now enough talking about the exam format and let’s talk about what you will face when the exam actually starts. I will share my personal experience and by that, I hope this helps you prepare for the exam.
So the exam started. The first thing that crossed my mind after going through the first couple of questions is how thankful I am to the time I spent solving questions during my preparation. Studying alone the CISSP material is only 50% of this battle. Even the practice questions that comes with every CISSP book are not nearly enough. Thank god that one week before my exam I tried two different exam engines to get my self familiar with the nature of CISSP exam. I spent a whole week before the exam practicing with two different test engines, which opened my mind on many things. If you don’t do that, you will be surprised when you see the actual CISSP exam!
Understanding how to look at the question, find the key words, going through each answer and then master the science of elimination is a key thing. I read once in a blog that the best way to answer CISSP questions is to:
- Start by read the answers (yes the answers not the question itself) very quickly so that when you read the question later, you will have proper context of what you are looking for.
- Then read the question carefully and try to understand what the question is asking you for.
- Go back and read each answer carefully, and you would most likely be able to eliminate two of them.
- This leaves you with two possible answers that most of the time will look perfectly correct to you. This makes the question a true and false question instead of multiple answers questions. Smart right?
- Then to choose the correct answer from these two possible choices, you have to think as a security manager. If you are a technical IT guy and you are hard-coded to choose the answer that asks you to go and solve the problem, then most likely you will fail. You need to ask yourself, what a security manager will do in this situation. As a security manager, you don’t go and fix things. You calculate risks, you look at the business objectives and you report to senior manager. Don’t forget this.
I have a separate blog post that talks about how to study and prepare for the CISSP exam which will help you get the right mindset before going to the exam.
I discovered while taking the exam, and with each question I answered, that I am not sure if I am doing well or not. This is normal, so don’t worry. I also know that the CISSP CAT exam will give me a next question based on how well I did so far in the exam. In my case, I did very well in the first couple of questions, and the exam engine started to through more difficult questions on me, which is how CAT works. With each correct answer, the questions get harder and harder. When I reached 100 questions, I knew the CAT engine might do something anytime, because you will get a minimum of 100 questions and a maximum of 150 questions.
It is so important that you keep calm and just believe that you did all your best preparing for the exam, and never think about the previous question that you answered. After all, in this exam, you can’t go back and change your answer, because of the CAT nature of the exam. Just keep moving forward with the questions and treat each question like it’s the only question you have to answer now.
In some questions, I could only eliminate one answer and was left with three choices to pick from. To me, the three answers make perfect sense. As I know I have a limited time for each question (3 hours * 60 minutes divided by max of 150 questions = 1.2 minute per question), I just picked one of the answers that I feel is the right one from a security manager perspective. You have to do this occasionally, don’t overthink as you have limited time, but at least try to pick the answer that might be right and move forward to the next one.
When I reached the question number 105 If I am not wrong, and hit next, the screen froze and then I received a message (thank you for taking the exam, the exam is ended) or something like that. I literary froze and didn’t get what’s happening. It is the sudden death that I heard about, but no matter how much you read about it, nothing prepares you to that moment when it happens to you.
The only idea that was in my mind back then is that the CAT engine realized I am not good enough and I answered many questions in a wrong way, that no matter how well I will perform in the remaining questions, I will still fail, so the CAT engine decided to save me time and end the exam.
After all, the message on the screen didn’t say “Congratulations” or “You Passed”! So, with a sad heart, I walked to the guy in the exam center, and asked him to give me my phone from the locker, I thanked him and I walked towards the door. Before I reached the door, the printer in the room started printing something which the guy picked up and then shouted “CONGRATULATIONS, YOU PASSED!!!”.
I was already at the door when I heard him screaming. I didn’t understand what happened. He came to me and show me the printed paper that proves I have passed, but I was shocked! How this happened. I can’t describe my feelings at that moment, I was happy, shocked and couldn’t move. I then thought about it and reached a conclusion that I answered very well in the exam that the CAT engine didn’t need me to answer more questions and decided to end the exam and pass me. Screw you CAT engine!! You could say “congratulation you passed” on the screen when the exam ended.
I will never forget my CISSP exam day. I was so glad I passed the exam from first time and I decided to share my experience in this blog post. I hope if you are considering taking the exam that you pass it also from the first time. If you do so, please leave a comment and share your experience.
If you are considering taking other security exams, then I have blogged about how I passed couple of security certifications. Here is how I passed CISM (Certified Information Security Manager) from the first time, how I passed AZ-500 Azure Security Engineer Exam, and how I passed MS-500 Microsoft 365 Security Administration Exam
Get my latest book about Cloud Migration
This book covers a practical approach for adopting and migrating on premises systems and applications to the Public Cloud. Based on a clear migration master plan, it helps companies and enterprises to be prepared for Cloud computing, what and how to successfully migrate or deploy systems on Cloud, preparing your IT organization with a sound Cloud Governance model, Security in the Cloud and how to reach the benefits of Cloud computing by automation and optimizing your cost and workloads..
Subscribe to my YouTube Channel
In my YouTube channel, I post videos about cloud security and Microsoft MVPs story to help people understand cloud and cybersecurity in simplified and professional way.