The CISSP® Exam: 5 Test-taking Strategies

The CISSP® Exam: 5 Test-taking Strategies

The CISSP® Exam: 5 Test-taking Strategies

By Ajay Kumar D, B.Eng., M.Tech., PMP, PMI-RMP, CISSP, CISA, CISM, ITIL SM

The Certified Information Systems Security Professional (CISSP®) exam is designed to ensure that someone handling computer security for a company or client has mastered a standardized body of knowledge. The six-hour exam, which asks 250 questions, certifies security professionals in eight (previously ten) different areas:

  1. Security and Risk Management
  2. Asset Security
  3. Security Engineering
  4. Communications and Network Security
  5. Identity and Access Management
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

The exam is designed for professionals with a minimum of 3-5 years of experience. This 6 hour exam will probably be one of the most difficult exams that you’ll ever take. With the following tips and pieces of information, you can approach the exam with a lot more confidence:

  1. Understand the nature of the exam.

    As of January 15, 2014, (ISC)²® included new innovative Drag & Drop and Hotspot questions in its flagship CISSP® certification examination. Innovative question types provide several benefits over simple four-option multiple choice items. Benefits of the new CISSP® questions include:

  • Measures knowledge at higher cognitive levels
  • Measures a broader range of skills
  • Provides more realistic simulation of practice in the field
  • Provides opportunities for broader content coverage than may be possible with multiple choice questions
  1. Practice as many full-length exams as you can, preferably under ideal exam conditions.

    The best site for free CISSP sample questions is* The usual preparation time is anywhere from 3 months to a year. After taking the requisite training from a training provider, such as IIL, follow the path of successful candidates by making and sticking to a study plan. It is highly recommended that you do this before you begin your preparation and after your classes. During your classes, you might have had the opportunity to understand your strengths and weaknesses with respect to information security knowledge. Focus your effort on the domains where you feel you are the weakest.

  2. Approach the exam methodically, without spending too much time on a particular question.

    Pace yourself and allow for scheduled breaks to refresh yourself. However, at the cost of rushing through the exam, do not forget to understand the long-winded scenarios. Often the difference between choosing the right or wrong option lies in understanding the nuances of the question and making the right inferences. Also remember that the CISSP® is touted as ‘a mile wide and an inch deep’, so there may be questions on the exam that do not seem to be a part of what you’ve studied. Do not fret if this happens. Make an educated guess. Also, do not leave any question unanswered. Two of the answer options are usually easy to strike off.

  3. Get in touch with other candidates preparing for the exam through the forums on* and share exam preparation strategies.

    The CISSP® exam is constantly evolving so talking to those who have taken the exam can give you information about the newly introduced topics.

  4. Lastly, understand that this is an exam that can make you feel that your preparation is inadequate, no matter how much effort you actually put in.

    The test doesn’t want you to know and regurgitate memorized text from the book. The exam tests your ability to apply information security concepts to real life scenarios. This is part of what makes the preparation for the exam challenging. But with sufficient preparation and by following these 5 test strategies, it can be conquered and you’ll soon join the respected ranks of CISSP® credential holders world-wide.

Learn more about IIL’s CISSP training at

Ajay Kumar D is Director of IT and Security Training at IIL. He has vast experience in strategy implementation, business process re-engineering, information security assessment, organizational transformation, change management, Business – IT alignment, PMO setup, and Project, Program and Portfolio Management.

*IIL is neither affiliated with not does IIL provide any warranties or guarantees with regards to the information on the said site.