CISSP Official (ISC)2 Practice Tests is a companion volume to the CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide. If you’re looking to test your knowledge before you take the CISSP exam, this book will help you by providing a combination of 1,300 questions that cover the CISSP Common Body of Knowledge and easy-to-understand explanations of both right and wrong answers.
If you’re just starting to prepare for the CISSP exam, we highly recommend that you use the CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition Stewart/Chapple/Gibson, Sybex, 2015, to help you learn about each of the domains covered by the CISSP exam. Once you’re ready to test your knowledge, use this book to help find places where you may need to study more, or to practice for the exam itself.
Since this is a companion to the CISSP Study Guide, this book is designed to be similar to taking the CISSP exam. It contains multipart scenarios as well as standard multiple-choice questions similar to those you may encounter in the certification exam itself. The book itself is broken up into 10 chapters: 8 domain-centric chapters with 100 questions about each domain, and 2 chapters that contain 250-question practice tests to simulate taking the exam itself.
The CISSP certification is offered by the International Information System Security Certification Consortium, or (ISC)2, a global nonprofit. The mission of (ISC)2 is to support and provide members and constituents with credentials, resources, and leadership to address cyber, information, software, and infrastructure security to deliver value to society. They achieve this mission by delivering the world’s leading information security certification program. The CISSP is the flagship credential in this series and is accompanied by several other (ISC)2 programs:
There are also three advanced CISSP certifications for those who wish to move on from the base credential to demonstrate advanced expertise in a domain of information security:
The CISSP certification covers eight domains of information security knowledge. These domains are meant to serve as the broad knowledge foundation required to succeed in the information security profession. They include:
The CISSP domains are periodically updated by (ISC)2. The last revision in April 2015 changed from 10 domains to the 8 listed here, and included a major realignment of topics and ideas. At the same time, a number of new areas were added or expanded to reflect changes in common information security topics.
Complete details on the CISSP Common Body of Knowledge (CBK) are contained in the Candidate Information Bulletin (CIB). The CIB, which includes a full outline of exam topics, can be found on the ISC2 website at www.isc2.org.
The CISSP exam is a 6-hour exam that consists of 250 questions covering the eight domains. Passing requires achieving a score of at least 700 out of 1,000 points. It’s important to understand that this is a scaled score, meaning that not every question is worth the same number of points. Questions of differing difficulty may factor into your score more or less heavily. That said, as you work through these practice exams, you might want to use 70 percent as a yardstick to help you get a sense of whether you’re ready to sit for the actual exam. When you’re ready, you can schedule an exam via links provided on the (ISC)2 website—tests are offered in locations throughout the world.
Questions on the CISSP exam are provided in both multiple-choice form and what (ISC)2 calls “advanced innovative” questions, which are drag and drop and hotspot questions, both of which are offered in computer-based testing environments. Innovative questions are scored the same as traditional multiple-choice questions and have only one right answer.
Almost all CISSP exams are now administered in a computer-based testing (CBT) format. You’ll register for the exam through the Pearson Vue website and may take the exam in the language of your choice. It is offered in English, French, German, Portuguese, Spanish, Japanese, Simplified Chinese, Korean, and a format for the visually impaired.
You’ll take the exam in a computer-based testing center located near your home or office. The centers administer many different exams, so you may find yourself sitting in the same room as a student taking a school entrance examination and a healthcare professional earning a medical certification. If you’d like to become more familiar with the testing environment, the Pearson Vue website offers a virtual tour of a testing center: https://home.pearsonvue.com/test-taker/Pearson-Professional-Center-Tour.aspx
When you sit down to take the exam, you’ll be seated at a computer that has the exam software already loaded and running. It’s a pretty straightforward interface that allows you to navigate through the exam. You can download a practice exam and tutorial from Pearson at: http://www.vue.com/athena/athena.asp
If you don’t pass the CISSP exam, you shouldn’t panic. Many individuals don’t reach the bar on their first attempt but gain valuable experience that helps them succeed the second time around. When you retake the exam, you’ll have the benefit of familiarity with the CBT environment and CISSP exam format. You’ll also have time to study up on the areas where you felt less confident.
After your first exam attempt, you must wait 30 days before retaking the computer-based exam. If you’re not successful on that attempt, you must then wait 90 days before your third attempt and 180 days before your fourth attempt. You may not take the exam more than three times in a single calendar year.
Candidates who wish to earn the CISSP credential must not only pass the exam but also demonstrate that they have at least five years of work experience in the information security field. Your work experience must cover activities in at least two of the eight domains of the CISSP program and must be paid, full-time employment. Volunteer experiences or part-time duties are not acceptable to meet the CISSP experience requirement.
You may be eligible to waive one of the five years of the work experience requirement based on your educational achievements. If you hold a bachelor’s degree or four-year equivalent, you may be eligible for a degree waiver that covers one of those years. Similarly, if you hold one of the information security certifications on the current (ISC)2 credential waiver list (https://www.isc2.org/credential_waiver/default.aspx), you may also waive a year of the experience requirement. You may not combine these two programs. Holders of both a certification and an undergraduate degree must still demonstrate at least four years of experience.
If you haven’t yet completed your work experience requirement, you may still attempt the CISSP exam. Individuals who pass the exam are designated Associates of (ISC)2 and have six years to complete the work experience requirement.
Once you’ve earned your CISSP credential, you’ll need to maintain your certification by paying maintenance fees and participating in continuing professional education (CPE). As long as you maintain your certification in good standing, you will not need to retake the CISSP exam.
Currently, the annual maintenance fees for the CISSP credential are $85 per year. Individuals who hold one of the advanced CISSP concentrations will need to pay an additional $35 annually for each concentration they hold.
The CISSP CPE requirement mandates earning at least 40 CPE credits each year toward the 120-credit three-year requirement. (ISC)2 provides an online portal where certificants may submit CPE completion for review and approval. The portal also tracks annual maintenance fee payments and progress toward recertification.
This book is composed of 10 chapters. Each of the first eight chapters covers a domain, with a variety of questions that can help you test your knowledge of real-world, scenario, and best practices–based security knowledge. The final two chapters are complete practice exams that can serve as timed practice tests to help determine if you’re ready for the CISSP exam.
We recommend taking the first practice exam to help identify where you may need to spend more study time, and then using the domain-specific chapters to test your domain knowledge where it is weak. Once you’re ready, take the second practice exam to make sure you’ve covered all of the material and are ready to attempt the CISSP exam.