Study Tips

The question(s) I often get from members are: what are some tips to help me prepare?  What tools should I use?  How should I study?  What was your approach and what advice can you offer?

I believe these questions are on everyone’s mind as they muddle through the books and the innumerable resources on the web.  Keep in mind that preparing for this exam cannot be a “one-size-fits-all” approach, since everyone has different levels of experience and knowledge.  Some of you may have 30 years in the industry across all domains, while others may only have 5 years in 2 domains.  That said, here are 11 tips to help you navigate the sea of study and preparation possibilities:  

# 1 – Mindset

You should start your preparation with the right goal in mind, with an understanding that you will succeed.  You must have the mindset that you’ll do whatever it takes to pass – meaning read the book, research topics you’re unfamiliar with, take practice exams, listen to MP3’s, watch YouTube tutorials, etc.  Personally, I listened to Cybrary’s MP3’s while in the gym, on the bus, on the train, and while doing yard work.  When I wasn’t doing that I was taking practice exams, and when I wasn’t doing that I was discussing topics with my study group.  Understand that your success on this exam hinges entirely on the amount of effort and energy you put into it.  Nobody can guarantee your success except you.  If you come across websites, training programs, or classes that claim to have a 100% pass rate guaranteed, they are either lying or gross exaggerations.  It doesn’t mean they aren’t good, just remember that ISC2 does not give away what’s on the exam and they will only complement the effort you put in; they won’t replace it.  

# 2 – Memorization Sheet

Create a memorization sheet as you go through the CBK and write down concepts you’re struggling with and need to memorize.  Some instructors tell you to do a “brain dump” once you can touch the whiteboard, but that involves cramming, and you can’t cram for this exam.  The better approach is to copy things down by hand, such as the OSI layers/table.  Start with our memorization sheet and then add to/delete from it: https://drive.google.com/file/d/1vujKUltEEawzs3BPKd062LX4Pm1YUqSR/view you can create a personal copy by clicking “open with Google Docs” or “Create a Copy” and you will be able to add additional content, as long as you have a Google account.  

# 3 – Study Group

Study groups are critical to your success, and guess what? ISC2 now has an official platform where you can form or join existing study groups! Here is the link: https://community.isc2.org/t5/Study-Groups/ct-p/CertificationStudyGroups .  Some of the many obvious benefits include connecting you to other professionals, offering varied viewpoints/expertise, and also provide accountability for your study habits.  If the ISC2 venue doesn’t work out, consider forming one via Facebook or social media, or look for one on Reddit or Discord – many of these are fairly active and helpful (beware of scammers though, they are everywhere).  Together you can go over practice exams, discuss topics you don’t understand, learn from each other, and have fun in the process.

# 4 –  Recommended Books: 

Update: we’ve stopped recommending the 2021 books because of the discrepancies among them. We’ve been analyzing two particular authors whose content does not align with the self-paced training, which we consider to be the only real Common Body of Knowledge.

That said, the formerly-known-as “Official Student Guide” (not to be confused with ‘Official Study Guide’ by Chapple) which is published by ISC2 itself, is rebranded as “Self-Paced Training” and is the only official source of knowledge, however, there is a major cost to consider ($850 currently). https://www.isc2.org/Training/Online-Self-Paced Sadly it is no longer available in PDF format, and we recommend asking your employer to reimburse or pay for it…

# 5 – Learning and Understanding 

Rote memorization is good, but understanding how things work, and what happens at each “step” or “phase” is even better, because a majority of questions will be like that.  For example, you’ll never be asked “what are the phases of XYZ”, but instead you’ll be asked “if this is happening, what is the phase?”.   

# 6 – English Proficiency

Even the best native English speakers have trouble with this exam, because each question is worded tricky.  The key is being able to lock on to the key words and filter out the irrelevant ones. Practicing answering questions will help you in this area.

# 7 – Multiple Test Banks

We recommend using at least 2 online quiz engines.  We are no longer aware of what’s good or bad, but this is partly why we created CISSPrep, because we truly felt like none of the exam banks reflected the current style of questions.  Most test banks right now are geared toward teaching you the basic material, which is fine.  CISSPrep is different; we give candidates a more realistic exam experience.  In our studies, we used CCCure (not recommended as this is simply a bank where users have entered old questions from previous books), Kaplan, and the “Official” practice questions from Mike Chapple.  These are possibly great resources for preliminary learning, but in the end don’t reflect the current style of questions and won’t fully prepare you for the exam. 

# 8 – Beware of “Exam Dump” Sites

Exam dumps are unreliable and violate the ISC2 code of ethics.  If you’re not familiar with this term, an exam dump is basically when someone takes the exam and then runs to their car afterward and jots down all the questions they can remember.  These dumpers are unreliable because they create content from what they remember and can make critical errors when transcribing from memory; more importantly it’s unethical.  If you are considering supporting one of these sites, think about whether or not it’s the right thing to do in terms of the profession – you would be misrepresenting yourself to all future employers and doing a disservice to them, to ISC2, and the industry.  

# 9 – Elimination

Use the process of elimination to find the “best of the worst” choice, because often all the answers will seem wrong, or all of them will seem right.  Pick the lesser of all evils, or the cream of the crop.

# 10 – Training / Class

If you don’t have an official training class or can’t afford one, head over to Cybrary.it. While Cybrary is no longer free, the resources there helped us prepare immensely, between the MP3 versions of each lesson to the practice exam questions and flash cards.  In addition to Cybrary, you can also use our Super Study Guide (sm) and some of our educational videos that have helpful mnemonics: https://www.youtube.com/channel/UCQBmmdW2PjGegLAd8ARcu6Q.  When it comes to instructors, beware of those who say “XYZ will/won’t be on the exam” because they really don’t know! Nobody actually knows what you will face during the exam. We had instructors flat out tell us what would/wouldn’t be on the exam, all of which turned out to be wrong.  ISC2 also can change the exam at any time.  That’s why understanding the CBK is much more important than trying to figure out what will or won’t be on the exam.  

# 11 – Day of Exam: Beta Questions

Remember that a portion of the exam consists of “beta” questions that don’t count toward your score.  These could be at the beginning or scattered throughout the exam, the point is to stay calm when you see questions that are completely unfamiliar.  Take a deep breath, and try to answer to the best of your ability.