About the CISSP Examination
The CISSP examination itself is a grueling six-hour, 250-question marathon. To put that into perspective, in six hours, you could walk about 20 miles, watch a Kevin Costner movie 11⁄2 times, or sing “My Way” 540 times on a karaoke machine. Each of these feats, respectively, closely approximates the physical, mental (not intellectual), and emotional toll of the CISSP examination.
As described by the (ISC)2, you need a scaled score of 700 or better to pass the examination. Not all the questions are weighted equally, so we can’t absolutely state the number of correct questions required for a passing score.
You won’t find any multiple-answer, fill-in-the-blank, scenario-based, or simulation questions on the CISSP exam. However, all 250 multiple-choice questions require you to select the best answer from four possible choices. So the correct answer isn’t always a straightforward, clear choice. In fact, you can count on many questions to appear initially as if they have more than one correct answer. (ISC)2 goes to great pains to ensure that you really, really know the material. For instance, a sample question might resemble the following:
Which of the following is the FTP control channel?
A TCP port 21
B UDP port 21
C TCP port 25
D IP port 21
Many readers almost instinctively know that FTP’s control channel is port 21, but is it TCP, UDP, or IP?
Increasingly, CISSP exam questions are based more on situations than on simple knowledge of facts. For instance, here’s a question you might get:
A system administrator has found that a former employee has successfully logged in to the system. The system administrator should:
A Shut down the system.
B Confirm the breach in the security logs.
C Lock or remove the user account.
D Contact law enforcement.
You won’t find the answer to this in a book (well, probably not). But every exam question still has a best answer — perhaps not an ideal answer, but definitely a best answer.
A common and effective test-taking strategy for multiple-choice questions is to carefully read each question and then eliminate any obviously wrong choices. The CISSP examination is no exception.
Wrong choices aren’t necessarily obvious on the CISSP examination. You may find a few obviously wrong choices, but they only stand out to someone who has studied thoroughly for the examination and has a good grasp of all ten of the security domains.
Only 225 questions are actually counted toward your final score. The other 25 are trial questions for future versions of the CISSP examination. However, the exam doesn’t identify these questions for the test-taker, so you have to answer all 250 questions as if every one of them is the real thing.
The CISSP examination is currently available in English, Brazilian Portuguese, Chinese, French, German, Japanese, Korean, and Spanish. You’re permitted to bring a foreign language dictionary (non-electronic) for the exam, if needed. You need to indicate your language preference when you register for the exam.
Chapter 15 contains suggestions for preparation on the day of the exam.