ThorTeaches.com CISSP, CISM, CC training logo

The CISSP is THE GOLD standard
of Cybersecurity certifications!

Getting your CISSP certification is a smart career move, it is:

  • Recognized The CISSP is widely recognized by recruiters and HR. It is seen as the GOLD standard of IT and Cybersecurity certifications.
  • In demand There are currently over 82,000 open CISSP jobs in the US. Meaning there are more open CISSP jobs than there are people who are certified.
(source: CyberSeek)
  • Growing fast Right now there are over 5.5 million filled Cybersecurity jobs worldwide and 4.8 million workforce gap. Jobs grew 8.7% last year (440,000 jobs).
(source: ISC2)
  • Well paid CISSPs in North America, on average, make $147,757 a year, and globally it is $119,571. Certified individuals make, on average, 35% more than their non-certified colleagues.
(source: ISC2)

Get Your Complete CISSP bundle now!

400,000+ Enrollments

4.7 Rating

Fully 2024 updated

  • 34 hours of CISSP videos Covering all 8 domains
    Study and Exam Tips, Tricks, and Approaches
  • 5,000+ CISSP questions 625 Hard questions
    750 Complex questions
    3,250 Easy/Mid questions
    - Both Exam mode and Per-Domain
    201 Major Topic questions
    240 End of Domain questions
  • 2,800 Upgraded CISSP Flashcards From anywhere, on any device, at any time (web, Android, iOS apps).
    Automated reminders, progress tracking, optimized spaced repetitions, confidence-based algorithm.
  • A 300-page PDF CISSP study guide 120-page PDF Quick Sheets
    PDF Mnemonics
    A CISSP Study Plan
  • The 24/7 CISSP ThorBot (chatbot)
  • A 2,500 word CISSP glossary
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil),
    French, Arabic, Chinese, Japanese, and Hindi
  • Lifetime or 12-months access
  • Updated in 2025

Your CISSP adventure awaits!

12-months access $329.95

I will pass the exam in less than 1 year.

Lifetime Access $449.95

Lifetime Access please, you just never know.

You will learn the 4 things you need to pass your CISSP exam!

  • The knowledge: So you can explain the where/when/why/how/what of any topic.
  • Question deconstruction: To figure out; what are they ACTUALLY asking here?
  • Answer logic: The ability to pick the MOST right answer in the eyes of ISC2, there may be 2 more or less right answers.
  • Time management: You have at least 72 seconds per exam question, assuming 150 questions.

Preview some of our Complete CISSP Bundle materials:

  • 34 hours of CISSP videos
  • 5,000+ CISSP questions 625 Hard CISSP questions
    750 Complex questions
    3,250 Easy/Mid questions
    - Both Exam emulation tests and Per-Domain tests
    201 After Topic questions
    240 After Domain questions

Try 25 of our CISSP practice questions:​

You get detailed explanations for ALL the questions!

<Easy/Mid question>
When designing site and facility security controls, which of the following should be the FIRST consideration?
A.
B.
C.
D.
<Easy/Mid question>
One of our employees is experiencing issues with receiving messages on their computer. We suspect there may be a problem with the delivery process. Which layer of the OSI (Open Systems Interconnection) model is responsible for ensuring the delivery of messages across a network to the correct application on the receiving host?
A.
B.
C.
D.
<Easy/Mid question>
Which of the following is the BEST approach for protecting data at rest?
A.
B.
C.
D.
<Easy/Mid question>
Francis is a security engineer who helps development teams decide on which controls should be included in new applications. He has a list of existing controls that have been implemented in other applications, a list of new controls that will be implemented soon in other applications, and a list of new designs for controls that probably cannot be implemented using the current technology. Which list provides no security protection?
A.
B.
C.
D.
<Hard question>
Which group of people would be the BEST for performing risk analysis on our organization?
A.
B.
C.
D.
<Hard question>
Natalie has detected a computer security incident. Which would be her BEST reaction strategy?
A.
B.
C.
D.
<Easy/Mid question>
Which of the following is the FIRST thing you should do when implementing a privacy program?
A.
B.
C.
D.
<Hard question>
Which of the following is the MOST effective strategy for achieving zero-defects in a software development project?
A.
B.
C.
D.
<Hard question>
In her company, access controls are rule-based. Naomi is creating an access control list for files in the financial department's share. Naomi wants all managers to have read access to any file, but only employees in Accounts Receivable (AR) to be able to update the file and only employees in Accounts Payable (AP) to read the files; no-one else should be permitted access. Given these four rules, what is MOST likely the sequence to place them in the ACL? 1. Deny 2. Allow Managers read access 3. Allow AR update access 4. Allow AP read access
A.
B.
C.
D.
<Easy/Mid question>
Your organization has recently suffered a client-side attack in which a malicious actor was able to gain access to sensitive data by compromising an employee's computer. As the Chief Information Security Officer, it is your responsibility to implement measures to prevent similar attacks from occurring in the future. Which of the following actions should be taken to mitigate the risk of future client-side attacks?
A.
B.
C.
D.
<Hard question>
Jane is the Information Security manager of an organization that spans the globe, meaning we need to follow the regulations of many different governments to ensure we follow all these regulations. Jane should:
A.
B.
C.
D.
<Hard question>
Which of these requirements would have the lowest level priority in Information Security?
A.
B.
C.
D.
<Hard question>
What is the FIRST step in determining security compliance and other requirements for a new system implementation?
A.
B.
C.
D.
<Easy/Mid question>
Which of these, if used right, is the MOST secure form of "something you have" authentication?
A.
B.
C.
D.
<Easy/Mid question>
Which of the following is the PRIMARY indicator of a successful security incident response plan?
A.
B.
C.
D.
<Easy/Mid question>
Which of the following is the LEAST effective strategy for protecting against a DDoS (Distributed Denial of Service) attack?
A.
B.
C.
D.
<Easy/Mid question>
What is the main purpose of a security policy?
A.
B.
C.
D.
<Easy/Mid question>
Which of the following is the HIGHEST level of external audit?
A.
B.
C.
D.
<Easy/Mid question>
What is the primary goal of data classification in the context of information security?
A.
B.
C.
D.
<Hard question>
As the head of IT security at a large multinational corporation, Rohit has been put in charge of assessing the inherent risk of each of the company's business units. He has gathered data on the potential impacts of a cyber-attack, including financial loss, damage to brand reputation, and legal liability. He has also evaluated the likelihood of a cyber-attack occurring based on factors such as the company's industry, the sensitivity of the data it handles, and the security measures in place. Which of the following business units is most likely to pose the highest inherent risk to the company in the event of a cyber-attack?
A.
B.
C.
D.
<Easy/Mid question>
Which of the following is the LEAST secure topology for a network?
A.
B.
C.
D.
<Easy/Mid question>
Your boss is considering switching to a cloud-based HR system but is unsure of which delivery model would be the most efficient. What is a delivery model that provides access to a specific type of technology or business function on demand?
A.
B.
C.
D.
<Hard question>
As a developer, Francis requires the privileges to write code and compile it, keeping the latest copy in the version control library. As a business analyst (BA), Tanya requires the privileges to update the requirements, but lacks the privileges to write and compile the code. Which of the following controls is the BEST term for this type of activity?
A.
B.
C.
D.
<Hard question>
Bob is working on assigning classification to files in ThorTeaches payroll department. He has identified all the files that need to be classified. Who would be BEST to work with to make sure the files are given the proper protection profile?
A.
B.
C.
D.
<Easy/Mid question>
Which of the following is the PRIMARY method used for syntactic validation?
A.
B.
C.
D.

 

  • 300-page CISSP PDF study guide
ThorTeaches CISSP Study guide by Thor PDF
  • 120-page CISSP PDF quick sheets
ThorTeachs CISSP quick sheets PDF
  • CISSP PDF Mnemonics
ThorTeaches CISSP CISM Mnemonics large PDF
  • Customizable CISSP study plan
ThorTeaches CISSP study plan by Thor Pedersen
ThorTeaches CISSP study plan by Thor Pedersen
  • 2,800 Upgraded CISSP Flashcards

Why these work better:

🧠 Spaced-repetition algorithm → Focus on weak spots, skip strengths
Quick study sessions → 5-minute bursts or longer sessions
🌍 Study anywhere, even offline → Web, iOS, Android stay in sync
🔍 Two explanation levels for every term → Brief answers plus detailed explanations

What you get:​

🎓 Complete deck → 2,800+ flashcards for all 8 CISSP domains
🔗 Learning links → Links to CISSP lectures and Wikipedia for deeper learning
📊 Progress tracking → Study reminders and motivation tools
📲 Cross-platform sync → Web, iOS, and Android apps

Phone previews:

Web dashboard:

Sample Flashcard:

  • The 24/7 CISSP ThorBot (chatbot)

Try the ThorBot (Light):​

You get the Full version with the course bundles.
The Light version is only trained on Domain 1 materials.

Type above here to try the ThorBot (Light)

ThorBot is using ChatGPT-4o

(We update to the latest model when they are released).

The ThorBot has been trained on:

  • All our Curriculum videos
  • All relevant NIST documents
  • 500+ relevant Wikipedia pages
  • The Official ISC2 and ISACA websites
  • Our "How to study" course
  • OWASP top 10
  • The Memory Palace study guide
  • The Sunflower notes study guide
  • The CISSP Process Guide
  • Our own Study guides and more ...
  • A 2,500 word CISSP glossary

Try our CISSP Glossary!

Start today!
Get the Complete CISSP Bundle

12-months access $329.95

I will pass the exam in less than 1 year.

Lifetime Access $449.95

Lifetime Access please, you just never know.

Don't need the videos? Get ONLY the Questions:

Reminder: These courses ONLY have the questions, they do NOT have the curriculum videos,
the study guides, the 2,800 flashcards, the ThorBot chatbot, or the 2,500 word glossary.

Easy/Mid/Hard Question ONLY​

  • 4,625 questions:
  • 625 Hard questions
  • 750 Complex questions
  • 3,250 Easy/Mid questions
    both as exam emulation and domain tests.
  • Lifetime or 12-months unlimited access
  • (Optional +$75) 700 Boson Hard questions.
  • Updated for the 2024 curriculum

12-months access $224.95

I will definitely finish studying in less than 1 year.

Lifetime Access $299.95

Lifetime Access please, you just never know.

Hard Questions ONLY

12-months access $119.95

I will definitely finish studying in less than 1 year.

Lifetime Access $159.95

Lifetime Access please, you just never know.

Frequently asked CISSP questions:

This is the approach I use for all my own studying and it seems to work for the majority of my students.

I cover it all in my Free CISSP study course, get it here! >>

Find your CISSP study materials, get 1-3 good video courses, 1-2 good books, and do 3,000 – 5,000 practice questions before the exam.

  • Watch each video class once without/with taking notes.
  • Read the primary book once, read everything, and highlight what you think is important or what the book tells you is important. Add to your notes.
  • (Do some per domain practice tests, restudy EVERYTHING you get wrong/are unclear on).
  • (Re-watch each video class, and add to your notes).
  • (Re-read the primary book /and or) read the secondary book if you have it, read everything, and highlight what you know is important. Add to your notes.
  • Read the free study guides and supplement your notes.
  • Start on per-domain practice tests, start with easy/mid practice questions. Do a test then restudy EVERYTHING you get wrong/are unclear on. Do this for 2,000-3,000 questions or you consistently hit 80%+ on easy/mid questions. Add to notes as appropriate.
  • ̉Switch to Hard/Complex questions, same process as easy/mid. Take a test, then restudy EVERYTHING you get wrong/are unclear on. It is perfectly normal to score 50-60% on your first Hard/Complex tests, it is normal and OK. The whole idea of Hard/Complex questions is to get you ready for complex scenarios and deconstructing questions. Spend more time deconstructing questions with Hard/Complex questions.

Books, videos, study guides, google, GenAI, and study groups are for gaining knowledge.

Easy/mid questions are for finding the large knowledge gaps.

Hard/Complex questions are for getting the right mindset and learning to logic your way through complex scenarios and deconstructing questions.

You will need all 3 categories to gain a higher chance of passing your exam.

The CISSP exam question pool is supposedly over 10,000 questions large and growing. This means that no practice test engine will ever “be like the exam” and brain-dumps will NOT work.

You need to understand ALL the concepts, be able to explain them and be able to logic your way through complex convoluted exam questions.

Most students score 80-85% on easy/mid practice questions, then move to Hard/Complex questions and score 50-60%, remember, this is normal and OK. I have many students who do not score over 60-65% on my Hard/Complex questions and pass the exam.

Use easy/mid questions early in your studying and Hard/Complex questions the last 1-2 months.

You need to spend a good deal of time learning to deconstruct questions; what are they really asking here?

Do not worry if you spend 3-5 minutes on a question to begin with; just learn to deconstruct the question.

Deconstruct questions and answers:

  • Read the question; spot the keywords (PKI, Integrity, HIPAA) and indicators (FIRST, MOST, BEST), then deconstruct the question; what are they really asking here?
  • Once you have deconstructed the question, read the answer options.
  • Deconstruct the answer options too, if needed.

Many questions have 2 distractors and 2 possible right answers.

In rare cases, there can also be 4 wrong answers (you then pick the LEAST wrong answer) or 4 right answers (you then pick the MOST right answer).

Do not use the same practice questions more than once. You will get higher scores, but it will be inaccurate scores; you have seen the questions before.

After each practice test, review all the questions you got wrong and the ones you marked for review, and read the question explanation. Then re-read the book and, re-watch the video, use Google on the topics you answered wrong on the test.

Re-study the topic until you understand WHY the right answer is the right answer, and why you answered it wrong.

This is critical; you need to grow your knowledge, not just grind out practice tests.

For the last 2-4 weeks, do Hard/Complex questions, use the free study guides, read the 11th hour, and re-watch all the videos at 1.5x – 2x speed; this is just to refresh the topics you covered earlier in your studying.

I normally do not recommend studying on exam day, but it can be beneficial to do 5-10 questions right before the test to get in the right mindset just prior to the exam (read in the parking lot or similar).

I can’t promise you anything, but there is a huge demand for Certified Information Systems Security Professional (CISSP) certified professionals, there are currently over 74,228 open CISSP jobs in the US alone and we are seeing the same picture across the world. 
The average CISSP salary in the US is over $147,757 per year, worldwide that number is $119,571. CISSPs on average make 35% more than their non-certified colleagues.

Sources: Cyberseek  ISC2

Yes, you can see examples of the videos, study guides, mnemonics, practice questions, glossary, flashcards, and the ThorBot (Chatbot) below.

Preview our CISSP materials >>

The short version:

The Exam changes are minor, maybe 2-4% total.

The CISSP 2024 exam update, includes a 1% weight shift from Domain 8 to Domain 1, fewer exam questions (100 to 150 instead of 125 to 175), and a shorter exam duration (3 hours instead of 4). Additionally, there’s an update in curriculum content across various domains, including new and expanded topics.

My video on the CISSP 2024 exam changes:

The longer version:

What are the actual curriculum changes?

Most of the changes is more emphasis on topics that are more relevant and in focus now like cloud computing, AI, privacy, etc.

Domain 1: Added external dependencies in business impact analysis.
Domain 2: No changes we know of.
Domain 3: Added Secure Access Service Edge (SASE), Quantum key distribution, and managing the information system lifecycle.
Domain 4: Added transport architecture, performance metrics, traffic flows, physical segmentations, edge networks, virtual private clouds, and network monitoring and management.
Domain 5: Added services in the control of physical and logical access to assets, policy decision and enforcement points, and service account management.
Domain 6: Emphasis on location context (on-premise, cloud, hybrid) for audit strategies.
Domain 7: Added communication during the testing of Disaster Recovery Plans (DRP).
Domain 8: Added Scaled Agile Framework and software composition analysis.

Are your courses updated for the 2024 CISSP changes?

Yes, completely.

 

When new exams come out do I need to buy your courses again?

No,  we always do in-place upgrades, meaning if you have access you always get our updates for free on ThorTeaches.com and Udemy.

Can I take the CISSP exam remotely?

No, all exams must be taken in-person at an authorized Pearson-Vue testing center.

Can I use materials from the old exam version?

You should be fine, the changes are very minor. It is advisable to review the new topics from other sources as the update will introduce new content.

Did the format of exam change in the updated CISSP exam?

No, the format will remain Computer Adaptive Testing (CAT), but there will be a total of 100 to 150 questions instead of the previous range of 125 to 175. 

How much time will I have per question in the updated exam?

If you receive the maximum of 150 questions in your exam, you will have approximately 72 seconds per question within the 3-hour time limit.

What is the passing score for the updated CISSP exam?

The passing score for the CISSP exam remains the same, which is a scaled score of 700 out of 1000 points.

 

Are beta questions be included in the updated CISSP exam?

Yes, there are be 25 beta questions randomly dispersed within the first 100 questions of the exam.

Are the beta questions counted towards the final score?

No, beta questions are not counted toward your final score. They are used by ISC2 to validate the questions for future exams.

Are the beta questions be distinguishable from the scored questions?

No, you will not be able to distinguish beta questions from scored questions during the exam.

Are there new types of interactive questions in the updated CISSP exam?

There is no specific mention of new question types; the update focuses on content rather than question format.

How did the changes affect the weight of each domain in the CISSP exam?

All domains except for Domain 1 and Domain 8 will maintain their previous weights. Domain 1 increased by 1%, compensated for by a 1% decrease in Domain 8.

How often are the CISSP exam and the exam questions updated?

The exam updates every 3 years, the actual exam questions are updated continually.

All this is included in our courses:

  • 34 hours of CISSP videos (over 200 lectures covering all 8 CISSP domains).
  • 5,000+ CISSP practice questions.
    • 625 hard CISSP practice questions, in 5 tests.
    • 750 Complex practice questions, in  6 tests.
    • 3,250 Easy/Mid CISSP questions – both as exam emulation (26 tests) and domain tests (32 tests).
    • 201 topic questions after each major topic.
    • 240 domain questions, 30 after each domain.
  • CISSP Study Guides – 300+ pages.
  • 2,800 Upgraded CISSP Flashcards 
    • Access from anywhere, on any device, at any time (web, Android, iOS apps).
    • Automated reminders, progress tracking, optimized spaced repetitions, confidence-based
  • A 2,500 word Glossary
  • CISSP Quick Sheets – 120 pages (for review sessions).
  • ThorBot: Your 24/7 AI study assistant, clarify concepts, tailor your learning, and enhance your CISSP preparation.
  • A CISSP study plan.
  • 450+ CISSP links.
  • CISSP Mnemonics.
  • Subtitles in English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Chinese, Japanese and Hindi
  • (optional) 700 Boson practice questions.
  • 2024 curriculum updated.

Yes!

You have access to our courses for either Lifetime or 12 months, you can watch the videos and do the practice questions as many times as you want.

The CISSP CAT (Computerized Adaptive Testing) exam format uses an adaptive algorithm that tailors questions to the test taker.

You will get between 100 and 150 questions, and you have 3 hours to finish the test, that is 72 seconds per question (assuming 150 questions) which should be plenty, but still, keep an eye on the clock.

If you go above 100 questions do not panic, you still have a good chance of passing, the exam will keep giving you questions until it predicts with 95% probability that you will pass or fail or when you hit question 150. 

25 of the first 100 questions are beta questions, they do not count, you do not know which they are. and it is not the first 25, it is random. They are used by ISC2 to test possible future exam questions.

You need to score proficient (around 70%) in all 8 CISSP domains to pass the exam, if you are below in certain domains the exam will keep giving you questions from those domains until you pass or fail.

To get your Certified Information Systems Security Professional (CISSP) certification you must have at least 5 years of professional experience in the information security field.

Your work experience must fall within two or more of the eight domains of the ISC2 CISSP CBK:
Domain 1. Security and Risk Management
Domain 2. Asset Security
Domain 3. Security Architecture and Engineering
Domain 4. Communication and Network Security
Domain 5. Identity and Access Management (IAM)
Domain 6. Security Assessment and Testing
Domain 7. Security Operations
Domain 8. Software Development Security

You may satisfy one year of required experience by holding one of the following below (you will then need four years of relevant work experience):

Four-Year College Degree or Regional Equivalent or Approved certification on the ISC2 Approved List

https://www.isc2.org/Certifications/CISSP/experience-requirements

There are 8 domains in the ISC2 CISSP Common Body of Knowledge (CBK) 2024.

Domain 1: Security and Risk Management – making up 16% of the weighted exam questions.
Domain 2: Asset Security – making up 10% of the weighted exam questions.
Domain 3: Security Architecture and Engineering – making up 13% of the weighted exam questions.
Domain 4: Communication and Network Security – making up 13% of the weighted exam questions.
Domain 5: Identity and Access Management (IAM) – making up 13% of the weighted exam questions.
Domain 6: Security Assessment and Testing – making up 12% of the weighted exam questions.
Domain 7: Security Operations – making up 13% of the weighted exam questions.
Domain 8: Software Development Security – making up 10% of the weighted exam questions.

CISSP certification holders are required to earn 120 CPEs per 3-year cycle, pay a $135 Annual Maintenance Fee (AMF) and adhere to ISC2’s Code of Ethics.

ISC2 CPE FAQ: 
https://www.isc2.org/Insights/2024/05/Managing-Your-ISC2-CPE-Credits-and-Activities

ISC2 CPE YouTube videos on how to submit CPEs:
https://www.youtube.com/playlist?list=PLZEQg62IaANAJwZQGat-AjihyrYmS8wEq

You can add CPEs here: https://cpe.isc2.org/s/

LIVE!!

Our Upgraded CISSP Flashcards are OUT!

15% off Launch SALE!

Get the Standalone CISSP Flashcards!
Get the
Complete CISSP Bundle
  • 2,800+ Flashcards from all 8 CISSP domains
  • Study from anywhere on any device at any time (web, Android, iOS)
  • Learn more in less time with optimized spaced repetitions
  • Focus on your weak areas first with the confidence-based algorithm
  • Do short 10-term sessions or longer ones as they match your schedule
  • Strengthen your long‑term memory using active recall with immediate answer reveal and self‑rating
  • Track your progress instantly - Mastery %, Confidence Gained, and Cards Studied update after each round
  • Keep motivation high - Instant feedback, progress meters, variable rewards, and social leaderboards
  • Stay on schedule with automated study reminders
Brainscape_s CISSP mobile dashboard