As an information security practitioner, the gold content of CISSP is still quite high. Therefore, I bought books early last year to prepare for the exam. Due to work reasons, I did not register for a long time. I always felt that I was not ready and did not want the $699 registration fee. Drifted. This year I have a little more time for review, so I signed up for today’s exam in June.

Background: 10 years of IT experience, development, security, etc., PMP, cloud computing multiple certificates, English can be used as a working language, Cambridge Business English Advanced.

Books: Combine your own test experience, don’t be greedy, and only choose the most important, "All In One Chinese Version Seventh Edition", plus "CISSP Offical Practice Tests 2nd" bought by Amazon.

Exam preparation time:

On the basis of familiarity with the contents of the 8 fields, intensive reading started in February. AIO and Sybex, read twice respectively, combined with after class Exercises. This process is basically to read the book thickly and cover all the test sites. Of course, there are places where there is no practical experience and poor understanding. The correct rate of the exercises at the end of each chapter is about 75%. Due to the characteristics of the CISSP exam, it is not sure. .

In the last month, I started a intensive review, took notes on some important and vague knowledge points, and went through the exercise set again. The accuracy rate was about 90%. For each question, master the idea of ​​the question. Test sites and so on, instead of memorizing the answers, because 1300 questions may not be touched at all, but the following knowledge points are those, this is certain. In the end, 8 fields, any chapter, page, feel familiar.


I'm nervous and excited. I want to see what the real exam questions look like and accept the test. I took two breaks in between, mastering my progress and adjusting my state.

Knowledge points:

To tell the truth, I basically forgot when I went out of the examination room. Generally speaking, there will be many important fields. Change the method to ask questions, such as BCP, BIA, DRP, Incident Response, SDLC, LIfe Cycle, IAM, cryptography, network, various attacks, various basic concepts.

A few thoughts:

  1. The content of CISSP is very instructive for work, so the entire exam preparation process is also a process of sorting out knowledge points and learning.
  2. "Think like a manager, or a risk advisor!", I think this mentality can help solve 5 or so problems. The thinking of technical staff is to solve problems, but management The reader will first consider the process and management perspective, which requires empathy.
  3. Don’t be too greedy for exercises. Hope that the original problem will appear. This possibility is very small. You can rely on the mastery of the knowledge points.
  4. Because of the large number of exam questions, reading more questions, finding the point and some key words, and making good use of the elimination method is a way to improve the efficiency of answering questions.

Although no system is ever 100 percent protected, the ability for differentiating between typical network traffic as well as potentially harmful malware is considered crucial and provides the focus of this associate-level certification path. Also, if you wish to acquire this certification, you should gain the ISC CISSP Dumps, which are being offered at the ITCertDumps.


Leave a comment