The Certified Information Systems Security Professional (CISSP) certification, offered by (ISC)², is one of the most recognized credentials in the cybersecurity industry. It validates an individual’s ability to design, implement, and manage a best-in-class cybersecurity program. Let’s break down the CISSP exam structure and address a common question: Is there negative marking in the CISSP exam?
CISSP Exam Structure
The CISSP exam follows a Computerized Adaptive Testing (CAT) format, which means the questions you receive will adjust based on how well you answer previous questions. Here are the key details of the exam pattern:
Number of Questions: The CISSP exam consists of 100 to 150 questions. This range exists because of the adaptive nature of the test.
Duration: The exam must be completed in 3 hours.
Question Types: The majority of the exam consists of multiple-choice questions, but you may also encounter advanced innovative questions like drag-and-drop or hotspot items that test practical knowledge.
Domains: The exam covers 8 domains from the (ISC)² Common Body of Knowledge (CBK), which includes:
Is There Negative Marking in the CISSP Exam?
No, there is no negative marking in the CISSP exam. This means that you won’t lose points for incorrect answers. Given the adaptive nature of the test, each question aims to determine the level of your knowledge, so it's beneficial to attempt all questions. If you're unsure about an answer, it’s still worth taking a guess since you won't be penalized for it.
Scoring and Passing Criteria
The CISSP CAT exam uses an advanced algorithm that continuously evaluates your performance throughout the test. To pass, you must achieve a minimum score of 700 out of 1000. The algorithm stops the exam once it has enough data to determine whether you have met the passing criteria.
Advanced Innovative Questions Sample
Here are some examples of advanced innovative questions that you might encounter in the CISSP exam, focusing on drag-and-drop and hotspot question types. These are designed to test practical knowledge beyond simple multiple-choice answers.
1. Drag-and-Drop Question: Security Architecture and Engineering
Question: Drag the following security controls to their corresponding layers of the OSI model.
Items to Drag:
Target Layers (to drop into):
Correct Answers:
2. Drag-and-Drop Question: Risk Management Framework
Question: Match the steps of the Risk Management Framework (RMF) with their corresponding descriptions.
Items to Drag:
Target Descriptions (to drop into):
Correct Answers:
3. Hotspot Question: Network Security
Question: Click on the part of the diagram where you would place an Intrusion Prevention System (IPS) to block malicious traffic before it reaches the internal network.
Diagram: A simplified network topology showing:
Correct Answer: The correct location to click would be between the external network (Internet) and the firewall to prevent malicious traffic from entering the internal network.
These types of questions challenge candidates to apply their theoretical knowledge to practical scenarios, ensuring a deeper understanding of security concepts.
Conclusion
The CISSP exam is designed to challenge and adapt to your knowledge level, but one major relief is that there is no negative marking. This gives you the freedom to guess if needed, without fear of penalty. Prepare thoroughly across all eight domains, and you’ll be well on your way to earning this prestigious certification!