CISSP Tips and Tricks | How to use practice questions, deconstruct them, and time management – Part 2

In this lecture, we’re going to talk about how to approach the actual questions.
Read the entire question, take the time you need to completely read it, probably read it twice and then deconstruct it.
What are they really asking?
You need to find the keywords and you need to find the indicators.
Indicators are most, best, least, can, always.
And then the keywords is what is this question actually about?
That could be PKI or self directed or something like that.
And when I say deconstruct, boil it down to its essence, it might be a full paragraph of a question but really what they’re asking is the last 10 words.
If we look at this question, “Jane is the lead of our incident response team, they have proof hackers have gained access to some of our systems and they have successfully altered some of our customer information.
Jane reports that to Bob, the IT security manager, who should notified first?”
Not a super long question, but there’s still a ton of fluff.
The fact that Jane is the lead of our incident response team, doesn’t really matter.
That we have proof does, hackers have gained access to some of our systems, the fact that Jane reports it to Bob, who should Bob notify first.
So really, the question is, we have been attacked, they have compromised us, who do we notify first?
That’s it.
Then we look at the answer options, the data owner, the regulatory agencies that govern our sector, the IT security steering committee or the customers who are compromised.
Now, very likely we would talk to all of those.
We would inform them at some point.
The question is first, would we notify the data owner?
I would say probably.
How about the agency that governs our sector?
No, we have to notify them, but they’re definitely not first.
The IT Security Steering Committee again, no, we do need to notify them, but the data owner needs to know first, and then finally, the customers.
Maybe, I don’t know.
It depends on the laws, the regulations, how bad the breach was and many other things.
And this is a question I would say is easy or mid.
It’s,not a hard question, but for the purpose of showing you how to deconstruct questions, I think it works pretty well.
Now, I have heard from many students that use different techniques to make this better.
Some read the question once they look at the options and then pick the best answer, others read the answers first.
These are the four options I have.
Then they read the question and they kind of have in the back of their mind, these are the options.
Regardless of how you do it, I suggest reading the question at least once, preferably twice, deconstruct it, figure out what are they actually asking, and then go through the answer options and argue with yourself.
Sure, we need to let the IT Security steering committee know, but do we do that first?
No, we don’t.
We let the data owner know and so on.
Does the answer option that you pick meet all the requirements that the question poses?
We need to be both accurate and precise.
Here, they’re probably all right answers but what is the most right answer.
In this specific question you have four possible right answers.
But in many questions, you have two possible right answers and you have two distracters.
That means that you can eliminate one, maybe two of the answer options.
Some of them can be just completely they don’t match.
They ask about something in the OSI model and two of the answers have to do with fire suppression and PKI.
Those are easy to eliminate.
Some of them will also list things that we do, but in the wrong order or not appropriate in this situation.
So let’s say you have a question and you’re like, I think this is the answer but it could also be this.
Well then, look through the last options.
If you have no clue and you’re not sure on any of the four, well, then you have 25%.
If you can eliminate two of them now you have 50% chance of getting it right, then you do the internal dialogue.
You argue this is a better answer because of this and once you have gone through that, it is most likely the right answer.
Another way you could think through the question is, if we can only implement or do one thing, what would best solve the problem.
In this case, if you can only notify one thing, one person, one agency, one, whatever, which one should you choose.
Again, we get the same answer, the data owner, but it can in some cases help you to argue with yourself, this is a better answer because if I can only pick one, then I would choose this.
And now that we have talked about how to approach the questions, let’s finish this lecture out with talking about some more practical stuff.
It is perfectly normal when you start on your easy questions to score somewhere around 60%, perfectly normal.
It is what you should expect because you’re just starting out.
Even if you score 50%, it really doesn’t matter, those are just numbers.
Now, what you do after the test is really what matters.
This is where you restudy, you look at all the questions you had marked for review and all the questions you got wrong.
Then you restudy those areas until you can explain what it is, where we use it, how we use it, why we use it and when we use it.
And since most people don’t have someone, they can talk to, talking to yourself works just as fine, explain the concept, all the intricacies, because when you’re able to explain something, you actually understand it.
Now, as you do more questions, you restudy more.
You’re obviously going to do better.
At some point, probably when you hit somewhere consistently, 80 to 85 percent% on the easy to mid questions that is an appropriate time to move to the hard ones.
And as mentioned, that is normally somewhere between 1500 and 3500 questions on the easy to mid.
Now, when you start on the hard questions, it’s going to feel like you’re starting over.
You’re all of a sudden going to score 60 percent or lower again.
Perfectly normal, nothing to worry about.
You do the exact same thing here, you take a test, you mark for review, you look at the ones you got wrong, and then you restudy.
You do also at some point have to start looking at time management.
Normally, I suggest it somewhere halfway in the mid to easy questions.
Let’s assume you get 150 questions on your exam.
That means with three hours you have 72 seconds per question.
And there might be questions where you spent two, three, four, five minutes on.
Well, then other questions you need to answer faster.
For the test engines where they have that timer, keep an eye on it and maybe set a pace saying, at 50 questions, I should have spent an hour.
At a hundred, two hours.
At 150, three hours.
Because I have talked to so many students that say, “I spent too much time on the first 50 questions.
I spent an hour and a half or two hours and then at some point I just started skimming over the question, answering really quickly and clicking next”, which at that point is completely fair.
You have to do that.
But if at all possible, let’s not get to that point.
Let’s learn the time management before you get to the exam.
And then when you sit in the exam and you can see you’re in question 42,
but you spent an hour and ten minutes already, you’re 75% sure that this is probably the right answer, well then choose that answer and move on.
And once you move on, once you click next, completely forget the question you just answered, you can’t go back and change the answer.
So put it out of your mind.
It’s not going to help anything if you keep obsessing about that one.
And then let’s talk about breaks, take them when you need them and preferably take them before you need them.
At this point, let’s say you’ve done 10 full, 100 to 150 question tests, then you probably also know when you’re going to hit the wall.
At one hour and 15, I’m just going to start staring blankly at the screen.
I’m going to read the same question five times and I still don’t understand it.
And it is less of a problem now because the test is shorter, but it is still a problem.
So if you know, at one hour and 15 minutes-ish, I hit the wall, well maybe take a break at one hour.
Either just close your eyes for 20 seconds, meditate, do whatever you can or get up, walk around, go to the bathroom if possible, eat some sugar, drink some caffeine, and then get back to the test.
The test does not stop.
If you take a ten minute break, you have ten minutes left for the exam.
If you take half an hour, well then half an hour.
That said, I still think they’re a good idea.
Reset your mind and back to the exam, and do as much of this as you can when you take practice tests to emulate what would actually happen on the exam.
Do the full test, three hours, lock yourself in a room, take the breaks but don’t let anything else distract you, because if you just take 50 questions here, 50 questions there, you don’t really know how your brain is going to react when you hit question 100 or 125.
And I think to finish this lecture out,I’m going to talk about what happens when you hit question 101.
Most students I talk to, when they don’t pass at 100 starts to panic, and saying don’t is obviously easier said than done, but don’t.
If the exam gives you question 101, that means you’re still in the game.
The exam engine has not yet predicted with 95% certainty that you pass or fail.
So in your preparation, mentally prepare to do 150 questions.
100 is the earliest point you can pass, 150 is the last.
Now from 100 to 150, as soon as the test engine can predict with 95% certainty that you fail or pass, well, then you fail or pass.
If it never gets to that point, well, then you go all the way to 150.
I hope all of this has helped you demystify the exams, help you figure out how to approach questions and how you can most effectively and efficiently prepare for your tests and pass your exam.
And with that, we’re done with this lecture.
I will see you in the next one.