The Certified Information Systems Security Professional (CISSP) certification examination is a grueling 6-hour, 250-question marathon. To put that into perspective, in 6 hours you could walk about 25 miles, watch a Kevin Costner movie 1-1/2 times, or sing "My Way" 540 times on a karaoke machine. Each of these feats respectively closely approximates the physical, mental (but not intellectual), and emotional toll of the CISSP examination.

As described by the International Information Systems Security Certifications Consortium — the (ISC)2 —a minimum score of "70 percent" is required to pass the examination. Not all the questions are weighted equally, so it's not possible to absolutely state the number of correct questions required for a passing score.

The examination isn't computer based. It's administered the old-fashioned way: exam booklet, answer sheet, and lots of pencils. You may write in the exam booklet, but only answers recorded on the answer sheet are scored.

You won't find any multiple-answer, fill-in-the-blank scenario or simulation questions on the CISSP exam. However, all 250 multiple-choice questions require you to select the best answer from 4 possible choices. This means that the correct answer isn't always a straightforward, clear choice. In fact, you can count on many questions to initially appear as though they have more than one correct answer. (ISC) 2 goes to great pains to ensure that you really, really know the material. For instance, a sample question might resemble the following:

Which of the following is the FTP control channel?

A. TCP port 21 B. UDP port 21 C. TCP port 25 D. IP port 21

You might immediately know that FTP's control channel is port 21, but is it TCP, UDP, or IP?

Increasingly, CISSP exam questions are based more upon situations than on simple knowledge of facts. For instance, here's a question you might get:

A system administrator has found that a former employee has successfully logged in to the system. The system administrator should:

A. Shut down the system. B. Confirm the breach in the IDS logs. C. Lock or remove the user account. D. Contact law enforcement.

All of these are possible answers, but there is still a best answer to every exam question — perhaps not an ideal answer, but there is a best answer.

A common and effective test-taking strategy for multiple-choice questions is to carefully read each question and then eliminate any obviously wrong choices. The CISSP examination is no exception.

Wrong choices aren't so obvious on the CISSP examination. You will find a few obviously wrong choices, but they stand out only to someone who has studied thoroughly for the examination and has a good grasp of all ten of the security domains.

Only 225 questions are actually counted toward your final score. The other 25 are trial questions for future versions of the CISSP examination. However, these questions aren't identified within the exam, so you have to answer all 250 questions as if they're the real thing.

The CISSP examination is currently available in English only. Foreign-language dictionaries are permitted. (ISC)2 also recommends that non–English speaking candidates pass the Test of English as a Foreign Language (TOEFL) exam prior to attempting the CISSP examination.