Test taking strategies

The CISSP exam is not like most certification exams meaning memorization is not going to help as much as it might elsewhere. The ISC2 manual describes it as a cognitive exam and that's very true: you will need to apply your CISSP knowledge, not just regurgitate facts. Yes, there are some straight definition questions but by and large, you need to understand the material in order to correctly choose the right answers.
 
Here are a few observations and suggestions from folks who have successfully passed (on the first try, mind you):

  • There really isn't much of a brain dump for this test. Don't count on the OSI model or the risk formulas alone to help out on more than 2-3 questions. When studying, focus on understanding the concepts more than memorizing a table - very few questions are going to be answered by rote memorization.
  • Use the exam's marking feature. Mark the questions you aren't sure about, you can come back later (after your brain has warmed up and you've had other/similar questions in a given domain). Most people I know had marked half of the questions as they went along. The last hour of the test was spent passing back through the marked questions and were easy to confirm or fix after you've gone through 250 of them.
  • Don't panic over the first 30-40 questions. You'll likely feel like you are missing everyone of them. You aren't, don't worry. But you should mark them and circle back (see previous point.)
  • You've heard it before but I can explain why you should read the question, then the answers, then the question again: Often, the hard part of the question is actually in the answers. The question frames a set of data but the choices given are where the real thought is required. You'll get 4 options, you can usually discount 2 of them but there will be 2 remaining choices that are very close. The right answer will often hinge upon a word back up in the question that didn't seem important on the first time reading. That's why you go back and re-read the question.
  • System administrators, take note: This is a SECURITY test.  Don't assume "fixing the problem" is the right answer, despite the fact that there's almost always an answer that fits.  Remember the Secuity model is often as much about process as it practice.
  • Read the last word of the question carefully, this is usually where they will slip in an unbolded "except", "excluding" or "not" that will completely flip the question around. Similarly, look for "negative" phrases ("least likely", "least helpful", "not useful") to make sure that yo understand the question that is being asked.
  • Memorizing the acronyms won't give you free points/easy question answers. I spent a tremendous amount of time memorizing all of the buzzwords/three-letter-acronyms only to find most of them were defined in the questions. However, the answers rarely spell them out, so yes, you should know them, but don't expect many "what does PCI-DSS stand for" type questions.
  • Take breaks. Resist the urge to iron-man (or iron-woman) your way through. When you feel yourself getting frustrated over 2-3 questions in a row, hit the "previous question" button a few times and take a break. It is very easy to get into a fog, taking a break and grabbing some water, unclenching your shoulders, taking a deep breath - these are good ways to clear the webs.
  • Don't worry about any one question. You will inevitably see questions on material you haven't seen. Remember, the CISSP exam is always evolving, you should expect unknowns. (They could be the "beta test" questions for all we know.) The trick here is to move past those stumpers: don't dwell on them, don't get down on yourself. Remember, you can miss a lot of question (75?) and still pass, unless you get so wrapped around the axle that you miss 4 in a row because you are steaming about the one question five back.
  • Shoulder roll every 15-20 questions. Stretch your neck, take a deep breath, fix your posture every so often. Don't let the stress build up. Whether you've spent too much or too little time studying, this is going to be an intense event. Recognize the pressure and counteract along the way.
  • Pace yourself. This is an endurance test that you do not want to rush. I've heard of people bragging about getting it done in 3 hours - that baffles me, why in the world would you take that risk. There are zero bravado points for failing and exactly the same for finishing first. As with many things in life, finishing first is not always the best plan. 'Nuff said.
  • Bring water, bring a snack. Pack some Advil (or Tylenol or whatever you take to chase a stress headache away). If you stayed up all night cramming or were just too keyed up to sleep (because you were afraid of oversleeping *cough*) and have an 8 AM test, pack a Red Bull or 5-hour energy drink. The last thing in the world you want to feel is tired on question 97 of 250.