CISSP For Dummies
Book image
Explore Book Buy On Amazon
The Certified Information Systems Security Professional (CISSP) examination itself is a grueling six-hour, 250-question marathon. To put that into perspective, in six hours, you could almost run a back-to-back marathon and mini marathon, watch a good movie 3-1/2 times, or play "Slow Ride" 91 times on Guitar Hero. Each of these feats, respectively, closely approximates the physical, mental (not intellectual), and emotional toll of the CISSP examination.

There are three types of questions on the CISSP exam:

  • Multiple-choice. Select the best answer from four possible choices. For example:

Which of the following is the FTP control channel?

A. TCP port 21 B. UDP port 21 C. TCP port 25 D. IP port 21

The FTP control channel is port 21, but is it TCP, UDP, or IP?

  • Drag and drop. Drag and drop the correct answer (or answers) from a list of possible answers on the left side of the screen to a box for correct answers on the right side of the screen. For example:

Which of the following are message authentication algorithms? Drag and drop the correct answers from left to right.


MD5, SHA-2, and HMAC are all correct. You must drag and drop all three answers to the box on the right for the answer to be correct.

  • Hotspot. Select the object in a diagram that best answers the question. For example:

Which of the following diagrams depicts a relational database model?


Click one of the four panels above to select your answer choice.

As described by (ISC)2, you need a scaled score of 700 (out of 1000) or better to pass the examination. All three question types are weighted equally, but not all questions are weighted equally, so the number of correct questions required for a passing score can't be stated exactly.

All 250 questions on the CISSP exam require you to select the best answer (or answers) from the possible choices presented. The correct answer isn't always a straightforward, clear choice. (ISC)2 goes to great pains to ensure that you really, really know the material.

A common and effective test-taking strategy for multiple-choice questions is to carefully read each question and then eliminate any obviously wrong choices. The CISSP examination is no exception.

Wrong choices aren't necessarily obvious on the CISSP examination. You may find a few obviously wrong choices, but they only stand out to someone who has studied thoroughly for the exam.

Only 225 questions are actually counted toward your final score. The other 25 are trial questions for future versions of the CISSP examination. However, the exam doesn't identify these questions for the test-taker, so you have to answer all 250 questions as if every one of them is the real thing.

The CISSP examination is currently available in English, Portuguese, Chinese (simplified), French, German, Japanese, Korean, and Spanish. You're permitted to bring a foreign language dictionary (non-electronic and non-technical) for the exam, if needed. Testing options are also available for the visually impaired. You need to indicate your preferences when you register for the exam.

About This Article

This article is from the book:

About the book authors:

Lawrence Miller, CISSP, is a security consultant with experience in consulting, defense, legal, nonprofit, retail, and telecommunications. Peter H. Gregory, CISSP, is an executive advisor at a global security advisory firm. He is also a cybersecurity advisor and adjunct instructor for the University of Washington and the University of South Florida and the author of more than 40 books.

This article can be found in the category: