The vast majority of current CISSPs took their test in the old format. The test was a grueling 250 question test in which nearly 85% of the testers would take the entire allotted 6 hour exam time. But the exam was modernized at the end of 2017
The CISSP exam is now a “Smart Exam”
Beginning in December of 2017 the CISSP exam was changed to an adaptive format. The official name for this is Computerized Adaptive Exam (CAT). The CISSP is one of the first certification exams to move to this new platform. But the rest will soon follow.
The adaptive format helps prevent cheating
Since IT certifications are very valuable, there is a high incentive for folks to try to take study shortcuts by cheating. This cheating incentive has lead to online marketplaces where you can buy questions and answers.
If you do a web search for “CISSP Brain Dump”, you will find many websites that sell practice exams that they claim to be actual exam questions. The CISSP exam has always maintained a high level of security and integrity in keeping their test questions out of reach of cheaters who try to buy the questions and answers.
Some nefarious companies pay people to take tests and attempt to record the questions or memorize the questions to write them down.
The adaptive format of the CISSP exam adds a higher layer of security to the test. An exam taker no longer has access to all of the questions on the test. An unprepared test taker will receive very few questions that would lead to a passing score.
Here is how the CISSP Adaptive Test Works
First, you will go through the very high standard of security at the testing center – The ID check, Photo, Biometric Hand Scan, etc. – then you will be escorted to the testing room. You will be on camera at all times, and the test administrator will watch from behind a glass window.
You will sit down at your testing station and will receive instructions on how the test works and the general functionality of the testing terminal.
The test will start with questions that are quite easy. These questions test knowledge that is well below the standard required for passing the exam.
After you answer each question, the testing algorithm determines your competence by analyzing all of the questions and answers that you completed.
The algorithm analyzes many factors. The exact details of the algorithm are proprietary, but the following list of likely factors.
- The correctness of the answer – Was the “best correct” answer chosen?
- The candidate’s aptitude on each of the testing domains based on the questions answered correctly
- The candidate’s ability to know or ascertain the best answer on obscure domain topics
- The time that it takes the candidate to answer each question (This data is used to help identify potential cheaters)
After you answer one question, the next one is determined.
Based on the above factors, the next question to be presented is determined. The candidate cannot go back and change previous answers because the answers are locked in as soon as you click the “Submit” button.
If you answer a question correctly, then the next question will be 50% more difficult to answer. In other words, there will be a 50% greater chance that you will get the next question wrong.
Get a question right, and the test gets harder – much harder!
The questions get exponentially more difficult as you continue to do answer correctly. The objective of the algorithm is to test your breaking point: The point at which you can no longer answer the questions correctly.
Your breaking point determines your success on the CISSP exam.
The exam candidate will undoubtedly get to the point where the test questions are so obscure that the answers will come down to educated guesses. The further you get while maintaining an overall score of at least 80% in each of the testing domains will determine if you pass the whole exam.
Is the Adaptive CISSP exam harder than the old one?
The adaptive CISSP exam will seem pretty tricky because, if the tester does well, the questions will get to the point that they seem almost impossible to answer. The test may be considered more comfortable by some because it is no longer a marathon 6-hour test with 250 questions. Most test-takers will complete the test when the question count reaches between 100 and 150.
Most people – including me – have never taken both the old format CISSP and the new format adaptive CISSP test. Therefore, it is difficult to say which format is harder.
For some people, the old format may be more difficult due to the stamina required to sit and concentrate for 6 hours. For others, the new format might be more of a challenge because of the escalating difficulty of the questions.
In theory, both formats of the test are equally challenging to pass. This is the stance and the objective of the adaptive test according to ISC2
Don’t let the CISSP test scare you.
Part of the value of holding a CISSP certification is that it is difficult to obtain. Not everybody is going to pass this test. However, that does not mean that you can’t do it. If you prepare well, understand the material, and do a ton of practice questions you can certainly succeed on the exam! Here is a great study plan that worked for me – How to pass the CISSP exam without reading any books.
Donald Korinchak is a Cybersecurity Program Director serving customer in the Washington DC area. Donald holds an MBA from the University of Pittsburgh Katz School of Business. Donald is considered a thought leader in leadership and cybersecurity issues.