Certification FAQs

Series of questions gathered by CISSP.com to help prospective CISSPs in getting a better idea about the CISSP certification, the CISSP exam and what to expect.

 

How much is the CISSP Examination cost?

The CISSP exam cost is $549.00 if you submit your registration 16 days or more in advance of the test date. If you register 15 days or less before the exam date, then you pay $599.00

What does the CISSP examination consist of?

The CISSP exam is a 250 question English language examination. Candidates are given 6 hours to complete the exam although most complete it in about 4 hours.

Are there different versions for each country?

No, the test is based on Internationally accepted information security standards and practices. There are no country specific questions or language. The same English language version is given throughout the world.

What do the questions cover?

The CISSP Certification examination consists of 250 multiple-choice questions. Candidates have up to 6 hours to complete the examination. Examination questions cover all ten domains in the Common Body of Knowledge (CBK). Questions are "scrambled" on the examination, they are not presented in domain order. The domains are:

  • Access Control Systems & Methodology
  • Applications & Systems Development
  • Business Continuity Planning
  • Cryptography
  • Law, Investigation & Ethics
  • Operations Security
  • Physical Security
  • Security Architecture & Models
  • Security Management Practices
  • Telecommunications, Network & Internet Security

Are the pre-test questions identified?

No. They are scrambled into the examination along with the scored items.

What type of questions are there?

All test questions are multiple choice with four possible answers. They are designed to test a candidate's knowledge of information security facts and concepts and their application.

How hard is the examination?

The examination tests the expected knowledge a 3-5 year practitioner should have. It is designed to test for the minimum level of competency acceptable for someone to be certified as an information systems security professional. A knowledgeable candidate should not find the examination difficult.

If the examination isn't particularly difficult, why don't more people pass it?

What makes the examination difficult is the expansive knowledge base it covers. It's difficult to develop expertise in all ten domains.

Are the questions in the Study Guides really representative of examination questions?

The study guides questions are good examples of the format and type of questions you would see on the exam but are not necessarily representative of the difficulty.

The domains that are not commonly used in every day security management such as cryptography, system architecture, and physical security usually score the lowest.

How current is the CISSP examination?

Each year between 100 and 150 new questions are added to the question pool, many are based on new security technologies. You can expect to find questions on current technologies, practices and standards.

How detailed are the questions, what depth of knowledge is being tested?

The CISSP examination is designed to evaluate the ability of a security manager, engineer or architect to properly evaluate, select, deploy and assess security measures. A candidate should have a detailed enough knowledge of security designs, measures, vulnerabilities, etc. to successfully accomplish these tasks.

What's the CISSP Examination passing score?

There is no fixed passing score for the examination. The cut score for each examination is calculated by equating the scoring values associated with each question. Passing rates estimated to be in the 70% to 80% range. Less than 8% of those tested achieve scores higher than 85%.

 

To sit for the CISSP examination, a candidate must:

The eligibility requirements to sit for the CISSP examination are completely separate from the eligibility requirements necessary to be certified as a CISSP.

  • Submit the examination application with the required feeexam application
  • Assert that he or she possesses a minimum of five years of professional experience in the information security field or four years plus a college degree. Or, an Advanced Degree in Information Security from a National Center of Excellence or the regional equivalent can substitute for one year towards the five-year requirement.
  • Complete the Candidate Agreement, attesting to the truth of his or her assertions regarding professional experience and legally commit to adhere to the CISSP Code of Ethics.
  • Successfully answer four questions regarding criminal history and related background.

 

To become certified as a CISSP, a candidate must:

  • Pass the CISSP exam with a scaled score of 700 points or greater.
  • Meet the CISSP experience eligibility requirements.
  • Submit a properly completed and executed Endorsement Form. endorsement form
  • If the candidate is selected for audit, they must successfully pass that audit of their assertions regarding professional experience.

 

The Endorsement Process:

A candidate applying for certification must be endorsed by another (ISC)² certified professional in good standing before the credential can be awarded.

A candidate receiving a pass letter informing the candidate that he or she has passed the certification examination will also receive a blank endorsement form. The form must be completed and signed by an (ISC)² certified professional. The (ISC)² certified professional  is anyone who:

  • Is able to attest to the candidate's professional experience
  • Is an active (ISC)² credential holder in good standing

The endorser will attest that the candidate’s assertions regarding professional experience are true to the best of the endorser’s knowledge, and that the candidate is in good standing within the information security industry.

You can also download the endorsement form, Then, print it out, have it completed and signed by a proper endorsing party, and return it to:

(ISC)² Services
2494 Bayshore Blvd, #201
Dunedin, FL 34698
United States

  • (ISC)² Services staff will review the form upon receipt to ensure that it is properly completed and executed. If so, (ISC)² Services will mail you your certificate.
  • Please note: A percentage of the candidates who pass an (ISC)² examination and submit endorsements will be randomly subjected for audit and required to submit additional information, as required, for verification.
  • If you cannot find a certified individual to act as an endorser, (ISC)² will act as an endorser for you in consideration of which, (ISC)² will require the same documentation that is submitted by a candidate who is randomly selected to be audited.What happen if you get audited?
  • A percentage of the candidates who pass the CISSP examination and submit endorsements will be randomly subjected to audit and required to submit a resume for formal review and investigation. If audited (subject to results), the credential will be awarded within seven business days and notification sent via e-mail. Naturally, there may be some delays due to mail service or the number of forms received. Also, audits may require additional time for verifying information and/or contacting references.

 

Post Certification - Now that you are a CISSP

Once an individual has successfully passed an (ISC)² credentialing examination, continuing education is required to maintain their certification in good standing.

 

Continuing Professional Education Credits:

In addition to paying an annual maintenance fee and subscribing to the Code of Ethics, a CISSP must earn continuing professional education credits every three years - or retake their certification examinations. CPE credits are earned by performing activities largely related to the information systems security profession including, but not limited to, the following:

  • Educational courses or seminar attendance.
  • Association chapter membership and meeting attendance - Like ISSA, ISACA, etc.
  • Security conference attendance.
  • Vendor presentations .
  • University/college course completion.
  • Providing security training.
  • Publishing security articles or books.
  • Self-study cources that are related to the industry.
  • Volunteer work, including serving on (ISC)² volunteer committees.

We use cookies to maintain login sessions, analytics and to improve your experience on our website. By continuing to use our site, you accept our use of cookies, Terms of Use.