I passed the CISSP exam on Jun 2nd 2020, under 2 hours. I had 20+ years of IT experience in various industries. But I did not specialize in Security Industry. I prepared for the exam for about 3 months. I took ISC2 Instructor led online training course (did not help much regarding certification exam). The student handbook for the training course covered the CISSP exam curriculum(With additional NIST references).
The exam tests the candidate's understanding of the subject and rational to pick best available option. It does not test the rote memorization.If you understood the process, there is no need to memorize the steps.
I took Cybrary's kellyhandrans CISSP course (When it was free at Cybrary) and Latest Larry Greenblatt's recorded CISSP online video training( 99$, well worth it), both helped to understand CISSP exam concepts and high quality questions came with it, helped to decode the actual exam questions. Used the Kaplan CISSP tests for practice.
As recent candidates mentioned most of the questions in the exam were on BCP, DRP, OWASP ,SDLC ,IAM ,NETWORK LAYERS/PROTOCOLS, CLOUD(to answer the cloud questions you have to delve deep into cloud computing topics in my experience). Most of the Questions were clearly described without using the words like not, least, max, min and short (3 or 4 sentences). Questions were not page long as some of the practice exam portray. No drag and drop questions either. I was able to answer the question first time I read and did not change the answer after re reviewing. No calculations, no formula's in the exam, but only one question with NIST number (May be that was not counted for evaluation). Since I could not go back after answering the question , I took more time for each question .
In my opinion, the exam can be passed without going through the paid courses(Unless somebody pays for you). But I did not have any Idea how to study for this exam at the beginning. I tried to stich up the freely available resources ((*) marked ), which will cover most of the exam aspects.If you have already some experience in networking and software security, they can get you through the exam without paid resources.If you dont have network,security experience start with the official CISSP study guide. Most used CISSP study guide is: (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 8th Edition.
Listing the free resources I Used during CISSP Certification studies. I will keep updating resources in the future. Please let me know if the links are not working or any good free resources available to add to the web page.
Quick Way to Start studying for CISSP , Short chapter summary videos From Destination Certification
Destination Certification : Quick Review of CISSP
chapters
(*)
Another Source which can be a good start
CISSP EXAM PREP - Super Study Guide (*)
If you dont have experience in networking and security, go through one of the official CISSP study guides.The popular one is(You can choose which is more suitable to you): (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 8th Edition.
Larry Greenblatt - CISSP 2018 Exam Tips
(35:48)(*)
Kelly Handerhan - Why you WILL pass the CISSP
(16:51)(*)
CISSP
Exam Changes: Tips and tricks to pass the new CAT format
(34:01)(*)
Larry
Greenblatt's Questions
(*)
How
to Answer Hard CISSP Questions in 5 Steps
(08:17)(*)
How
to Answer CISSP Exam Questions
(10:06)(*)
2020 CISSP Boot Camp
(*)
Larry Greenblats Latest 5 Day Prerecorded Boot Camp(with 100 Questions) - 99.95$ Well Worth purchasing
OR
Larry
Greenblatt's 8 Domains of CISSP 2015
Still Good For the exam (*)
MP3's from Kelly's Cybrary course.
(*)
Kelly Handerhan's CISSP Course Powerpoint Presentation
(*)
BCP/DRP By Larry Greenblatt
(*)
Other Resources
2020 CISSP Mentor ProgramRead the important portions of the doucment like classification, etc make summary notes to remember later. NIST documents Condensed information is covered in various sections of the course materials.
(ISC)' Code
of Ethics :
NIST SP 800-34 Rev 1:
Contingency Planning Guide for Federal Information Systems
NIST SP
800-37 Rev 2:
Risk Management Framework for Information Systems and Organizations:
NIST SP 800-41 Rev 1:
Guidelines on Firewalls and Firewall Policy.
NIST 800-53 Rev 4:
Security and Privacy Controls for Federal Information Systems and Organizations.
NIST
800-53A Rev 4:
Assessing Security and Privacy Controls in Federal Information Systems and Organizations.
NIST SP
800-61, Rev 2:
Computer Security Incident Handling Guide
NIST SP
800-88, Rev 1:
Guidelines for Media Sanitization.
NIST SP 800-115:
Technical Guide to Information Security Testing and Assessment.
NIST SP 800-122:
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII).
NIST SP
800-124, Rev 1:
Guidelines for Managing the Security of Mobile Devices in the Enterprise.
NIST SP 800-137:
Information Security Continuous Monitoring (ISCM) for ederal Information Systems and Organizations
NIST
800-153:
Guidelines for Securing Wireless Local Area Networks (WLANs):
FIPS
PUB 140-2
Security Requirements For Cryptographic Modules
NIST
800-125
Guide to Security for Full Virtualization Technologies
Common
Criteria in 5 minutes, What is Common Criteria? (05:07)
(*)
Kerberos
Authentication Explained | A deep dive
(16:51)(*)
Digital
Certificates Explained - How digital certificates bind owners to
their public key
(10:05) (*)
Reflected
XSS Cross-site Scripting) | CISSP Answers
(06:15) (*)
Stored
XSS (Cross-site Scripting) | CISSP Answers
(06:20) (*)
What is the TCB | CISSP Answers
(03:42) (*)
Bell LaPadula (13:44)
Clark Wilson Model (04:52)
Biba Integrity Model (5:31)
Webinar:
Business Continuity Management: Impact Analysis and Risk Assessment (59:18)
Useful Articles
OWASP Top Ten
Destination Certification : Quick Review of CISSP
chapters
(*)
CISSP - Work
note
Memory Palace -Prashant Mohan.pdf
Sunflower CISSP Summary
Wentz Wu
-Practice Questions of the Day(Quotd)
(*)
Adam's - CISSP Quotd
(*)
IT Dojo - CISSP Quotd
(*)
FRSecure CISSP Mentor Program- Practice Questions
(*)
Free-daily-cissp-questions
(*)
Test
Questions
Exam
Prep Practice Quiz
CISSP-practice-exam-free-online-test-questions
Training Camp Free CISSP Quiz
cissp-certification-sample-questions
GO-Certify Free Quizzes
On the exam previous day I did not read much. Reviewed the notes and Watched some CISSP summary charpter video's on YouTube (Destination Certification). Went to bed early.
Next Day, I just reviewed the some important notes I had written again and few memory map videos on YouTube, since my exam was in the afternoon. I tried to keep my body and mind fresh. I recommend not to read questions on the exam day because that may not help answering exam questions.
While answering the questions I did not spend too much time on managing the clock.(Checked like once in 30 min are so). When I was going too fast I slowed down, when I was too slow, I tried to pick up the pace.