What is the structure of the CISSP exam?
Certification: ISC CISSP - Certified Information Systems Security Professional
People who sit for the Certified Information Systems Security Professional (CISSP) exam have to sign a form forbidding them from sharing about the content or nature of the CISSP exam. For this reason, people share little about the nature of the CISSP exam. However, some few details are obvious and past candidates, instructors and even exam composers have disclosed these details.
The CISSP certification exam has 250 questions, which a candidate should answer in six hours time. Nonetheless, 25 of these questions are experimental and only 225 questions account for the score of a candidate. The exam composers randomly distribute the experimental questions throughout the exam and a candidate cannot identify a question that is experimental and one that is not.
The questions on the exam carry different weighting and add up to 1000points. Therefore, you cannot point out the exact number of questions you have to answer correctly to pass the exam. In fact, the instructions require that you answer all the questions in the exam. In order to pass the exam, a candidate must score 700 points out of the possible 1000 points. To achieve 700 points, you must have answered most of the questions because you cannot point out the experimental questions, which can never earn you points. You pass the CISSP exam if you have a score of 70 percent. However, less than 8 percent of candidates who pass the exam achieve a score of more than 85 percent.
The weighting of questions
In the old CISSP exam, the average mark for every question used to be was.4. The minimum weighting was.2 and the maximum weighting was.6. For this reason, candidates had to focus much on the weighting. They had to attempt all questions and manage time on management concepts too. Even if candidates tried to point out questions, which carried more marks than the others did, they would not be in a position to do so with certainty.
In the CISSP exam version introduced in 2014, there are new Hotspot and Drag and Drop questions. The new CISSP exam concentrates on measuring the cognitive skills of students, diverse skills, substitutes real scenarios with simulations and ensures coverage of more content than the older version did. The new CISSP version contains innovative and multiple-choice questions, which are of equal weighting.
Candidates sit for the CISSP exam in the traditional way; you need an exam booklet, answer sheet and pencils. There is no computer-based version of the exam. You have to write all your answers on the answer sheet if you are to score marks for answering the questions. You may write on the booklet but you will not gain marks for what you write on the booklet.
The exam contains questions covering the ten domains in the Common Body of Knowledge (CBK).
These are:
- Access control systems and methodology
- Telecommunications and Networking security
- Application and systems development security
- Business continuity and disaster recovery planning Law, investigations and ethics
- Operations security
- Security architecture and models
- Security management practices
- Cryptography
- Physical security
Number of Questions per Domain
The number of questions derived from each domain differs. However, the exam must ask a minimum number of questions from each domain to harmonize the exam. The least number of questions from a single domain is 14 questions, approximately 6 percent of all questions. The most number of questions derived from a single domain is 32 questions, approximately 14 percent of all questions.
Many questions are likely to come from the following top domains, information and security, telecommunication and access control. The second most popular questions come from the following domains, Business Continuity, Application security and Legal, Regulation, Investigation and compliance domain. The least number of questions ask about the following domains, cryptography, and security Architecture, Physical Security and Operations.
In recent times, exam composers incorporate new questions about new security technologies into the exam. They introduce about 100 to 150 new questions every year. The new questions focus on recent technologies, standards and practices.
Nature of Exam Questions
The exam does not have simulation questions, multiple answer questions or fill-in-the-blank questions. All the 250 questions are multiple-choice questions and the candidate has to select one answer, the best answer, from the four choices. However, the CISPP exam is tricky; you may find that more than one answer seem to be correct.
The exam questions ask for precise answers. For this reason, you must deeply study the material before sitting for your exam. In addition, CISPP exam questions do not ask straightforwardly for simple facts, they require you to apply knowledge to situations.
How hard is the Exam?
The questions in the CISSP exam test the knowledge of a practitioner who has practiced for at least three to five years. It aims at assessing the minimum level of expertise required for an individual to acquire professional certification in informational systems security. Thus, a candidate who has gained knowledge in his profession should not find the exam to be difficult. Most people claim that the exam is difficult because the exam covers expansive knowledge—knowledge in 10 domains—which might be difficult for an individual to develop.
The CISSP exam can be tricky. The exam composers may design questions with the aim of confusing you. For instance, they may design a telecommunication question that is very similar to cryptology question. Most instructors will make such questions in class to prepare their candidates for the exam.
What is the relation between questions in the study guide and questions in the exam?
The format of questions in the study guide is similar to the actual questions in the CISSP exam. However, the questions in the study guide do not match the questions in the exam in term of difficulty.
The CISSP’s exam format is linear in nature.