Introduction

ISC2 CISSP® Certified Information Systems Security Professional Official Practice Tests Fourth Edition is a companion volume to ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, Tenth edition (Sybex, 2024). It includes questions that cover content from the CISSP Detailed Content Outline and exam that became effective on April 15, 2024. If you're looking to test your knowledge before you take the CISSP exam, this book will help you by providing more than 1,300 questions that cover the CISSP Common Body of Knowledge (CBK) and easy-to-understand explanations of both right and wrong answers.

If you're just starting to prepare for the CISSP exam, we highly recommend that you use the ISC2 CISSP Certified Information Systems Security Professional Official Study Guide to help you learn about each of the domains covered by the CISSP exam. Once you're ready to test your knowledge, use this book to help find places where you may need to study more or to practice for the exam itself.

Since this is a companion to the CISSP Study Guide, this book is designed to be similar to taking the CISSP exam. It contains multipart scenarios as well as standard multiple-choice and matching questions like you may encounter on the certification exam. The book is broken up into 12 chapters: 8 domain-centric chapters with 100 or more questions about each domain, and 4 chapters that contain 125-question practice tests to simulate taking the exam.

CISSP Certification

The CISSP certification is offered by the International Information System Security Certification Consortium (ISC2), a global nonprofit organization. ISC2's mission statement says that "ISC2 strengthens the influence, diversity and vitality of the field through advocacy, expertise and workforce empowerment that accelerates cyber safety and security in an interconnected world." ISC2 achieves this mission by delivering the world's leading information security certification program, the CISSP. ISC2 also offers additional certifications including the following:

• Certified in Cybersecurity (CC)
• Systems Security Certified Practitioner (SSCP)
• Certified Cloud Security Professional (CCSP)
• Governance, Risk and Compliance Certification (CGRC)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Information Systems Security Architecture Professional (ISSAP)
• Information Systems Security Engineering Professional (ISSEP)
• Information Systems Security Management Professional (ISSMP)

The CISSP certification covers eight domains of information security knowledge. These domains are meant to serve as the broad knowledge foundation required to succeed in the information security profession.

• Security and Risk Management
• Asset Security
• Security Architecture and Engineering
• Communication and Network Security
• Identity and Access Management (IAM)
• Security Assessment and Testing
• Security Operations
• Software Development Security

The CISSP domains are periodically updated by ISC2. The most recent revision on April 15, 2024, slightly modified the weighting for Security and Risk Management from 15% to 16%, while decreasing the focus on Software Development Security from 11% to 10%. It also added or expanded coverage of topics such as intellectual property, privacy laws and regulations, software bills of materials, end-of-life support, SASE, operational technology, high-performance computing, intermediate distribution frame, Compute Express Link, and a variety of other topics.

Complete details on the CISSP CBK are contained in the 2024 CISSP Detailed Content Outline. It includes a full outline of exam topics, which can be found on the ISC2 website at www.isc2.org.

Taking the CISSP Exam

The English version of the CISSP exam uses a technology called computerized adaptive testing (CAT). With this format, you will face an exam containing between 100 to 150 questions with a three-hour time limit. You will not have the opportunity to skip back and forth because the computer selects the next questions that it asks you based upon your answers to previous questions. If you're doing well on the exam, it will get more difficult as you progress. Don't let that unnerve you!

You can find more information about computerized adaptive testing directly from ISC2 at www.isc2.org/certifications/cissp/cissp-cat.

The computerized adaptive testing version of the exam is offered in English, Chinese, German, Japanese, and Spanish. Unlike earlier versions of the exam, the CISSP exam will no longer be offered in linear exam format after April 15th, 2024.

While it's impossible to directly simulate a CAT exam in book form, as you work through these practice exams you might want to use 80% as a goal to help you get a sense of whether you're ready to sit for the actual exam. When you're ready, you can schedule an exam at a location near you through the ISC2 website.

Questions on the CISSP exam are provided in both multiple-choice form and what ISC2 calls advanced innovative questions, which are drag-and-drop and hotspot questions, both of which are offered in a computer-based testing environment. Innovative questions are scored the same as traditional multiple-choice questions and have only one right answer.

ISC2 exam policies are subject to change. Please be sure to check www.isc2.org for the current policies before you register and take the exam.

Computer-Based Testing Environment

CISSP exams are administered in a computerized adaptive testing (CAT) format. You'll start the registration for your exam through your ISC2 login at www.isc2.org/register-for-exam. You may take the exam at a Pearson VUE authorized center in the language of your choice. It is offered in English, Chinese, German, Japanese, and Spanish.

You'll take the exam in a computer-based testing center located near your home or office. The centers administer many different exams, so you may find yourself sitting in the same room as a student taking a school entrance examination and a healthcare professional earning a medical certification. If you'd like to become more familiar with the testing environment, the Pearson VUE website offers a virtual tour of a testing center.

https://home.pearsonvue.com/Test-takers/Pearson-Professional-Center-tour.aspx

When you take the exam, you'll be seated at a computer that has the exam software already loaded and running. It's a pretty straightforward interface that allows you to navigate through the exam. You can download a practice exam and tutorial from the Pearson VUE website.

https://home.pearsonvue.com

Like all exams, the CISSP certification from ISC2 is updated periodically and may eventually be retired or replaced. At some point after ISC2 is no longer offering this exam, the old editions of our books and online tools will be retired. If you have purchased this book after the exam was retired, or are attempting to register in the Sybex online learning environment after the exam was retired, please know that we make no guarantees that this exam's online Sybex tools will be available once the exam is no longer available.

Exam Retake Policy

If you don't pass the CISSP exam, you shouldn't panic. Many individuals don't reach the bar on their first attempt but gain valuable experience that helps them succeed the second time around. When you retake the exam, you'll have the benefit of familiarity with the exam environment and CISSP CAT exam format. You'll also have time to study the areas where you felt less confident.

After your first exam attempt, you must wait 30 days before retaking the computer-based exam. If you're not successful on that attempt, you may re-test after 60 days. If you don't pass after your third attempt, you can re-test after 90 days for that and any subsequent attempts. You can't take the test more than 4 times within a 12-month period. You can obtain more information about ISC2 and its other certifications from its website at www.isc2.org.

Work Experience Requirement

Candidates who want to earn the CISSP credential must not only pass the exam but also demonstrate that they have at least five years of work experience in the information security field. Your work experience must cover activities in at least two of the eight domains of the CISSP exam outline and must be paid, full-time or qualified part-time employment or paid or unpaid internship. Volunteer experiences are not acceptable to meet the CISSP experience requirement.

You may be eligible to waive one of the five years of the work experience requirement based upon your educational achievements. If you hold a bachelor's degree or four-year equivalent, you may be eligible for a degree waiver that covers one of those years. Similarly, if you hold one of the information security certifications on the current ISC2 approved credential list (www.isc2.org/certifications/cissp/cissp-experience-requirements), you may also waive a year of the experience requirement. You may not combine these two programs. Holders of both a certification and an undergraduate degree must still demonstrate at least four years of experience.

If you haven't yet...