CISSP Tips and Tricks | How to use practice questions, deconstruct them, and time management – Part 1

In this lecture, we’re going to talk about how you should approach practice questions, which really is how you will succeed on the exam.
The CISSP exam is really different than any other certification I have taken and probably will take.
And it is different for a few reasons.
Some of it is the structure of the questions, what they are asking.
But a lot of it stems from most of the questions being scenarios.
In this scenario, what will be the best?
The first, the least? That means you could have four right answers, but one is a better answer or something you do first.
This is not an exam where you can just cram all the facts into your hand and pass the exam.
There are definitely things that you need to know, that you need to memorize, but with most of it, you need to explain it.
This specific topic, what is it?
Where would we use it?
How, why and when?
You might know all the facts about PKI, public key infrastructure, but if you can’t articulate that in this specific scenario, this is a better or worse implementation, then you’re not going to get those questions right.
And that really goes back to the same four things I keep talking about.
You need the knowledge.
You need to be able to explain it.
Then you need to be able to deconstruct the questions.
What are they actually asking here?
From that, using the knowledge, what is the most right answer in this scenario?
And then finally, time management.
And this is also why I say most students use between three to 5000 questions and the majority of the ones I talk to are on the higher end of that.
Most of them use at least 5000.
And if you’re not sure on where to get all those questions, well, then go back and watch the video where I cover study materials and specifically questions.
How you use the questions is also super important.
I have talked to many people after they fail, where they say, “Well Thor, I did 10,000 questions and now you say do 5,000. Why did I not pass?”
And then when I dig into it, when I talk to them, they say, I took a test, I scored 70%, then I took another test, which is the completely wrong way to do it.
If you just take another test and another test, you don’t learn anything new.
You’re not going to progress.
It’s not just grind out 3,000 or 5,000 questions.
It is take a test, everything you are not completely sure on mark it for review, and then at the end of that test, everything that you had marked for review and everything you got wrong, you restudy those areas and you don’t do another practice test until you have restudied them, you are completely clear on why you got that question wrong.
You are able to explain the concepts, then and only then do you move on to the next test.
You have actually expanded your knowledge and on the next test you’re going to do better in those areas.
In the video where I covered the practice questions, I said get 1,500 to 3,500, mid to easy questions.
Use those first.
And then when you hit about a month or two before the exam, use the hard questions and get at least 1,500 of those.
And remember, don’t reuse practice questions.
If you take a test now you score, let’s say, 70% and then you retake it in two days, then you might score 80%.
It is very likely that you’re scoring 80% because you remember some of the questions.
So use each set of questions only once.
Getting the harder questions is more of an investment, but this whole thing, see it as an investment in yourself and investment in your career.
You can buy all the materials that you need, pay for the exam and do that for somewhere between a thousand and fifteen hundred dollars.
And I completely understand that is still a lot of money.
I think what I did my CISSP in 2010, 2011, between what I spent and my company spent, we were somewhere over 10,000 dollars, which means study resources are much more plentiful now and they’re much cheaper.
Isn’t this a wonderful time to get certified?
All right.
Now back to the actual questions and the exam.
So on the exam you’re going to get if you do the CAT exam between a hundred and one hundred and fifty questions.
25 of those are experimental.
That means it doesn’t matter if you answer them right or wrong.
They don’t count towards anything.
They’re just there for ISC2 to test out new questions.
So really, if you pass at a hundred questions, you have to answer less than 75 right, and for those of you that are not completely comfortable or know enough about the CAT exam, basically the more questions you answer right, the harder questions you get.
Let’s say the first question I get is worth two points because every question have a different weight.
It is not just answer 70% of the questions right, it is answer 70% of the weighted questions.
So I get a question, first question, two points.
I answer that right, then the next question, let’s say it’s going to be worth three points.
I answer that right, then four, five, six, seven.
Let’s say this is on a scale from one to 10.
Then the sooner I get my questions up to where they score 10 points, the sooner I’m going to pass, the less right answers I need.
Now, if I start out my exam by answering the first five questions wrong, well then the curve that we want for the CAT exam where I get the harder questions sooner we just don’t get there.
And this is also why I suggest on the first 10, maybe 20 questions, spend more time on them, because those are the ones that determine the curve of your CAT scoring.
So that is the CAT exam, if you do the linear test, that is the old version, 250 questions and six hours.
Here, answering one question right doesn’t change the next question.
It is still 25 questions that are abated questions.
But for the six hour exam where most students struggle is how to keep your mind fresh after hour four or five, you really need to find a way to reset your mind and combat the brain fry.
I assume most of you are going to take the CAT exam, but regardless of which one you do remember, this is very much an English test and you have probably heard this before, answer questions like an IT security manager, a risk advisor, and I want to add to that, answer like a lawyer.
And what I mean by that is lawyer’s answer exactly what they are asked.
They don’t read into questions.
They don’t try to interpret.
You ask them a question,
they give you the exact answer.
And you need to train yourself to do this, because this is one of the biggest problems people have on the exam.
They either read into the question, try to answer more than they’re actuallybeing asked or they’re used to doing stuff.
This happens, then I want to respond with this.
If at all possible, answer from a management point of view, we don’t fix things.
We follow the process.
We do what the procedures tell us.
And that really is the right response.
When you take the exam, I would expect you to see maybe 75% management questions and 25% technical questions.
And I would expect about the same ratio between scenario questions and definition questions.
The scenario questions are the ones where what would be the best thing or the first thing?
The definitions are not going to be direct definition.
It’s not going to be.
This is what a digital signature is but there might be a sequence where this is the result we want to achieve, which order should we do this in?
Now, if they ask for public key infrastructure, we want integrity and we want non repudiation and confidentiality.
Well, then, you know, we need to encrypt with the sender’s private key that gives us the integrity and the non repudiation and then we need to encrypt with the receivers public key that gives us the confidentiality.
And also remember, this is the perfect world of ISC2.
It’s rainbows and unicorns.
We have enough time.
We have enough money to implement the right solution.
And the right solution is not the most expensive, it is the appropriate solution for whatever we are protecting.
We have the right top down leadership and we do everything right.
This is most likely not the world you live in and work in every day but for the exam, answer from that point of view.
I think this is probably an appropriate place to stop this lecture.
We have talked about the mindset, so thank you for being here and I will see you in the next lecture where we talk about how to approach the actual questions.