How to Set Your Expectations for CISSP Exam Day and Beyond

Written by Mark Hillyard

The Certified Information Systems Security Professional (CISSP) certificate can be a seriously powerful tool in your career (especially if you’re looking to become DoD 8570 compliant). But before you reap the rewards, you have to pass the exam, and it’s always best to pass the first time.

Whether you’re planning on sitting for the CISSP exam in the immediate future, in the process of studying for the exam, or at the start of your journey; it’s never too early to start thinking about your exam day and how to get the best possible outcome.

The CISSP Exam is Changing

If you’re planning on taking the exam soon, the most relevant recent change took place on December 18, 2017. This is when (ISC)2 introduced Computerized Adaptive Testing (CAT) for exams in English

What does this mean for you? Some things are still the same: the exam content is still based on the previous linear format. What has changed is the methodology of how you will be screened for proficiency.

For example, you can now expect the first question of each domain topic to be relatively easy. Each consecutive question within that topic will be gradually harder than the last until the algorithm determines that you have a 50% chance of getting the next question correct. At this point, the idea is that your level of mastery on the topic will have been figured out.

Also, questions are not grouped by domain topic. You’ll get a mix of questions across each of the domains throughout the exam instead of one after the other.

There are some other changes, too. What used to be a 250-question, 6-hour long physical and mental endurance challenge has been reduced to between 100 and 150 questions, with administration time shortened to 3 hours.

You might be thinking you’ve hit the CISSP exam jackpot here. Well, not so fast…

  • Although the number of questions and exam duration is considerably shorter, you will need to answer a minimum of 75 scored questions.
  • In addition, you will receive 25 pre-test questions that are not scored. What’s more, you won’t be able to tell which questions are pre-test and which are operational, scored questions. (So, why include the pre-test questions at all? It’s for determining your eligibility for future exams, which is extremely important to achieving your future career goals.)
  • You will be unable to review a question without providing an answer.
  • Once a question has been responded to, you will be unable to return to it to change your answer.

When do you finish?

While three hours is the maximum exam duration, the scoring algorithm uses one of three rules to determine when you have completed the exam and whether you have passed or failed:

  • Confidence Interval Rule: You’ve answered the minimum number of questions (100) and the testing engine has 95% confidence that you either passed or failed.
  • Maximum Length Exam Rule: This rule kicks in if the Confidence Interval Rule is not invoked. If you’ve reached the maximum number of questions and the system is unable to determine with 95% confidence whether you passed or failed, it will use the last 75 operational questions you answered to determine your score.
  • Run-Out-of-Time Rule: If you exceed the 3-hour time limit and the Confidence Interval Rule has not been invoked, the exam will conclude and your ability will be evaluated against passing standards.

Visit the (ISC)2 website for more information on CAT.

You’ve Finished the Exam, Now What?

So, you’ve finished the exam with a sigh of relief and mixed emotions as to how well you fared. What’s next?

In most cases, you’ll know whether you passed or failed before you leave the room, and you’ll receive a proficiency level for each of the domains.

If you don’t pass the first time, don’t give up! You can take the exam up to three times within a 12-month period. Check out our CISSP boot camp to see how we can help you achieve a passing score the next time you take the exam.

And if you passed? After the party has died down, it’s time to start work on achieving your next career goal, whatever that may be. Visit our CyberSecurity training page to see how we can take you beyond your current CISSP qualifications.

Originally published February 02 2019, updated June 06 2019