Didier Stevens

Monday 16 April 2007

About the strategy I followed during my CISSP exam

Filed under: Certification — Didier Stevens @ 8:54

In a previous CISSP exam post I promised to blog about the exam-taking strategy I followed.

The CISSP examination consists of 250 multiple-choice questions with 4 choices each. You probably know that it’s a form-based exam: you don’t get to sit in front of a computer to take the exam, but you get a booklet with questions and a form you have to complete with your answers using a number 2 pencil. You’re allowed to write on the pages of the booklet.

Here is how I tackled my 250 questions.

I read the first question. If I don’t understand the question, or if I don’t like the question, or if I even don’t feel like answering the question right now, I just move on to the next question. However, even if I skip a question but I’m certain that one or more of the answers are not correct, I cross them out (every time I tell I write something down or make a mark, I do it on the question booklet, unless stated otherwise).
If I try to answer the question but I’m not sure of the right answer, I will cross out the incorrect answers and move on to the next question.
If I answer a question I’m sure about, I put a circle around the number of the question and another one around the letter of the correct answer.

After tackling the last question, I just start the process again from the beginning, skipping the questions I already answered (remember, there’s a circle around the number of an answered question). I repeat this process several times, each cycle gives me more answers. After 3 hours, I’ve answered about 80% of the questions and I decide to transcribe my answers to the form (I have to be careful to skip the unanswered questions on the form). I review each answered question and transcribe the correct answer to the form. At the same time, I compile a list of all unanswered questions.
I decided to transcribe the answers after completing about 80% because:
1) I want to take the time to correctly transcribe the answers, I don’t want to make mistakes by rushing the job at the end of the 6 hour period allowed for the exam
2) I don’t want to start second-guessing my answers

After 45 minutes, I’ve transcribed all answered questions.

Now I focus on the list of remaining questions. I try to answer each question by eliminating all incorrect answers: what remains must be the correct answer. If more than one answer remains, I select one at random. I start guessing because I don’t want to stay until the end of the exam trying to find the correct answers, I feel confident because of all the other questions I answered. Since a wrong answer does not impact your score, you’re better of answering all questions than leaving some unanswered. Finally, I transcribe the remaining answers to the form. The list of remaining questions I compiled helps me to identify which answers remain to be transcribed.

The complete process took about 4 hours. And I don’t want to do it again, I’ll do all the necessary to have 120 CPE credits for my recertification.

In the days following the exam, you’ll start to doubt some of the answers you gave. I looked up several questions and discovered I answered them incorrectly. But don’t despair, your memory is biased, you’re focusing on the wrong answers, and not on all the correct ones you gave.


  1. I took the exam in ’99. I followed an almost-identical process as what you listed. Before taking the exam, my employer had sent me to one of the two-week review courses…the first day, we were told that the course was NOT intended to prepare us for the exam! In fact, the primary instructor said that he’d written the Legal Domain, and during the review, he said, “I need to get rid of this slide” for about half the slides!

    The key to taking the exam isn’t to get the correct answer…it’s to get the answer that ISC^2 *wants you to get*. Sometimes when going through the practice tests, you’ll see this. There was a practice exam available online at the time, and we had one in the course, as well. There were several questions that were verbatim on both practice exams, but the answers were different. 😉

    Maintaining 120 CPE points can be tough…keep your eye on the forum and see what applies. For example, writing a book is a good way to get a couple of CPE points! 😉 Attending a conference is another, but giving a presentation at a conference gets you more points.

    author: “Windows Forensics and Incident Recovery” & “Windows Forensic Analysis”

    Comment by keydet89 — Monday 16 April 2007 @ 11:42

  2. […] About the strategy I followed during my CISSP exam […]

    Pingback by Liquidmatrix Security Digest » Your April 16th Morning Coffee — Monday 16 April 2007 @ 13:05

  3. […] About the strategy I followed during my CISSP exam In a previous CISSP exam post I promised to blog about the exam-taking strategy I followed. […]

    Pingback by www.andrewhay.ca » Suggested Blog Reading - Monday April 16th, 2007 — Monday 16 April 2007 @ 19:47

  4. I don’t know when you have been taking the exam but I just got through (MArch 31st). To read about my experience, go to securecyber.blogspot.com
    I have “10 rules for success”. Best to all who read and try to pass!

    Comment by zbatia — Tuesday 17 April 2007 @ 13:07

  5. Love your blog Didier. I made a few notes about my experience which might be useful to others http://www.networkadminsecrets.com/2011/09/cissp-review-strategy-and-advice.html

    Comment by Anonymous — Wednesday 14 September 2011 @ 2:11

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.