I passed the CISSP exam on Jun 2nd 2020, under 2 hours. I had 20+ years of IT experience in various industries. But I did not specialize in Security Industry. I prepared for the exam for about 3 months. I took ISC2 Instructor led online training course (did not help much regarding certification exam). The student handbook for the training course covered the CISSP exam curriculum(With additional NIST references).
The exam tests the candidate's understanding of the subject and rational to pick best available option. It does not test the rote memorization.If you understood the process, there is no need to memorize the steps.
I took Cybrary's kellyhandrans CISSP course (When it was free at Cybrary) and Latest Larry Greenblatt's recorded CISSP online video training( 99$, well worth it), both helped to understand CISSP exam concepts and high quality questions came with it, helped to decode the actual exam questions. Used the Kaplan CISSP tests for practice.
As recent candidates mentioned most of the questions in the exam were on BCP, DRP, OWASP ,SDLC ,IAM ,NETWORK LAYERS/PROTOCOLS, CLOUD(to answer the cloud questions you have to delve deep into cloud computing topics in my experience). Most of the Questions were clearly described without using the words like not, least, max, min and short (3 or 4 sentences). Questions were not page long as some of the practice exam portray. No drag and drop questions either. I was able to answer the question first time I read and did not change the answer after re reviewing. No calculations, no formula's in the exam, but only one question with NIST number (May be that was not counted for evaluation). Since I could not go back after answering the question , I took more time for each question .
In my opinion, the exam can be passed without going through the paid courses(Unless somebody pays for you). But I did not have any Idea how to study for this exam at the beginning. I tried to stich up the freely available resources ((*) marked ), which will cover most of the exam aspects.If you have already some experience in networking and software security, they can get you through the exam without paid resources.If you dont have network,security experience start with the official CISSP study guide. Most used CISSP study guide is: (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 8th Edition.
Listing the free resources I Used during CISSP Certification studies. I will keep updating resources in the future. Please let me know if the links are not working or any good free resources available to add to the web page.
Quick Way to Start studying for CISSP , Short chapter summary videos From Destination Certification
Destination Certification : Quick Review of CISSP chapters (*)
Another Source which can be a good start
CISSP EXAM PREP - Super Study Guide (*)
If you dont have experience in networking and security, go through one of the official CISSP study guides.The popular one is(You can choose which is more suitable to you): (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 8th Edition.
2020 CISSP Boot Camp
Larry Greenblats Latest 5 Day Prerecorded Boot Camp(with 100 Questions) - 99.95$ Well Worth purchasing
Larry Greenblatt's 8 Domains of CISSP 2015 Still Good For the exam (*)
MP3's from Kelly's Cybrary course. (*)
Kelly Handerhan's CISSP Course Powerpoint Presentation (*)
BCP/DRP By Larry Greenblatt (*)
Other Resources2020 CISSP Mentor Program
Read the important portions of the doucment like classification, etc make summary notes to remember later. NIST documents Condensed information is covered in various sections of the course materials.
of Ethics :
NIST SP 800-34 Rev 1: Contingency Planning Guide for Federal Information Systems
NIST SP 800-37 Rev 2: Risk Management Framework for Information Systems and Organizations:
NIST SP 800-41 Rev 1: Guidelines on Firewalls and Firewall Policy.
NIST 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations.
NIST 800-53A Rev 4: Assessing Security and Privacy Controls in Federal Information Systems and Organizations.
NIST SP 800-61, Rev 2: Computer Security Incident Handling Guide
NIST SP 800-88, Rev 1: Guidelines for Media Sanitization.
NIST SP 800-115: Technical Guide to Information Security Testing and Assessment.
NIST SP 800-122: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII).
NIST SP 800-124, Rev 1: Guidelines for Managing the Security of Mobile Devices in the Enterprise.
NIST SP 800-137: Information Security Continuous Monitoring (ISCM) for ederal Information Systems and Organizations
NIST 800-153: Guidelines for Securing Wireless Local Area Networks (WLANs):
FIPS PUB 140-2 Security Requirements For Cryptographic Modules
NIST 800-125 Guide to Security for Full Virtualization Technologies
Criteria in 5 minutes, What is Common Criteria? (05:07)
Kerberos Authentication Explained | A deep dive (16:51)(*)
Digital Certificates Explained - How digital certificates bind owners to their public key (10:05) (*)
Reflected XSS Cross-site Scripting) | CISSP Answers (06:15) (*)
Stored XSS (Cross-site Scripting) | CISSP Answers (06:20) (*)
What is the TCB | CISSP Answers (03:42) (*)
Bell LaPadula (13:44)
Clark Wilson Model (04:52)
Biba Integrity Model (5:31)
Webinar: Business Continuity Management: Impact Analysis and Risk Assessment (59:18)
Useful ArticlesOWASP Top Ten
-Practice Questions of the Day(Quotd)
Adam's - CISSP Quotd (*)
IT Dojo - CISSP Quotd (*)
FRSecure CISSP Mentor Program- Practice Questions (*)
Exam Prep Practice Quiz
Training Camp Free CISSP Quiz
GO-Certify Free Quizzes
On the exam previous day I did not read much. Reviewed the notes and Watched some CISSP summary charpter video's on YouTube (Destination Certification). Went to bed early.
Next Day, I just reviewed the some important notes I had written again and few memory map videos on YouTube, since my exam was in the afternoon. I tried to keep my body and mind fresh. I recommend not to read questions on the exam day because that may not help answering exam questions.
While answering the questions I did not spend too much time on managing the clock.(Checked like once in 30 min are so). When I was going too fast I slowed down, when I was too slow, I tried to pick up the pace.