Freedom, truth, love, beauty.

Let the Doubt Begin!

So, it’s more than a day since I completed the CISSP exam and the self-doubt has set in with a vengeance.

I made the mistake of flipping through a couple of my CISSP exam study books. Re-reading the questions and answers I started wondering “well, that questions sounds familiar, and I think I answered correctly, but is that the one where I went back and forth? Did I change to the wrong answer?”

So: 250 questions, six hours (of which I used three), ten “domains” of security knowledge.

The worst part of these kind of exams is that the questions are often poorly or intentionally misleadingly worded and the answers are often all OK, but only the “best” will be judged as correct. Many that aren’t downright misleading as simply trivia.

Here’s a misleading question: Q: In most cases, integrity is enforced through: a. Physical security b. Logical security c. Confidentiality d. Access controls

The answer they want is access controls. Never mind that access controls are a type of logical security, and if you don’t have physical security you don’t have any security, period. Confidentiality is wrong because it is one of the three foundations of security along with integrity and availability.

Here’s an example of a trivia question: Q: The Chinese Wall model was associated with the work of: a. Harrison and Ullman b. Brewer and Nash c. Glasser d. El Gamal

The important thing to know about the Chinese Wall model is that it provides a means of preventing conflicts of interest when a company provides consulting work for two or more companies that are competitors. The “study guides” I have (including the “Official” guide) don’t go into detail about how the model works (a quick google will tell you more than you want to know).

Asking who developed the model is way beyond the point, IMHO. It is just trivia: nice to know but the chances it will impact the quality of work you do day-to-day is miniscule.

As much as I’m doubting myself right now despite my positive test-day performance, the Indian I was sitting next too has to have it worse. He was obviously nervous before the test even began. He kept shifting his weight, moving things on the table around, asking questions that had already been answered, etc.

After the test started he just started reading his question book. Every once in a while he’d pull out the answer sheet quickly but then put it back under his question book. When I handed my test in a caught a glimpse of his answer sheet and he maybe had a hundred questions answered. With only half the time left to answer more than half the questions he was screwed.

I should get the official word in 1-6 weeks. That is going to be a tough wait. I take some solace in knowing that if I don’t pass I’ll have had plenty of time to come up with indignant rationalizations for my failure.