CISSP Exam Structure

The exam is made up of three types of items: multiple-choice questions, innovative questions, and scenario questions. The last two types of questions are legacy, meaning ISC2 will not be making any more questions of that type. The bulk of the questions are multiple-choice, and that is what this book will be focusing on. The other two types have been mentioned because you may see one or two in your exam.

“Innovative questions” is a fancy term for drag and drop. Imagine a graphic with four or five different boxes, where you have to drag the concept or term from one side of the screen to the other to match it up with an appropriate concept. If you know the material in this book, you should have no problem with this type of question. Another rare type of question is scenario questions. These questions have a long introduction scenario, followed by two to five questions based on that scenario.

As mentioned previously, today’s CISSP exam is predominantly made up of multiple-choice questions (MCQs). These questions have a to-the-point question portion (known as the item stem) and they have four options (A, B, C, and D). Only one option is the key or the correct answer; there cannot be more than one correct answer. The other three options are called distractors; they are incorrect answers.

To pass the exam, you need 700 out of 1,000 points. These points are scaled, which means that not all the questions are worth the same. Additionally, 25 questions are worth zero points. These are known as pre-test questions. If a pre-test question performs well, it will be promoted to a scored item in a future exam. Obviously, ISC2 does not indicate which questions are pre-test and which are scored, so try your best on all the questions.

So, what makes one question worth more than another? The more cognitively difficult the question, the more points it is worth. This cognitive difficulty is based on Bloom’s Taxonomy. See https://packt.link/eLxTU for more information on Bloom’s Taxonomy. In short, Bloom explains that there are different levels of understanding regarding concepts, with the most basic being Knowledge and the highest being Evaluation. For the CISSP exam, you only need to learn Knowledge, Application, and Analysis, as shown in the following diagram:

Figure 1.2: Bloom’s Taxonomy

You can think of a knowledge-level question as pure memorization of a term or a concept you read. Application-level questions can be thought of as a deeper understanding of the underlying concept. Finally, the most challenging of cognitive levels is Analysis. It requires a deep understanding of multiple concepts; in particular, applying multiple concepts to solve a specific problem.

The idea of cognitive difficulty is best made clear with a few examples. Consider a concept from Domain 4, Communication and Network Security; specifically, 4.1:

• At which layer of the Open System Interconnection (OSI) reference model does the Address Resolution Protocol (ARP) operate?
  1. 2 – Data Link
  2. 3 – Network
  3. 6 – Presentation
  4. 7 – Application

This is an example of a knowledge-level item. You only need to remember from reading or seeing an OSI model graphic that ARP is a layer 2 protocol. You need not know what it does, how it does it, about security issues with ARP, or how to fix them.

• What is the purpose of the Address Resolution Protocol (ARP)?

1. To resolve a Fully Qualified Domain Name (FQDN)
2. To request an Internet Protocol (IP) address for a host
3. To resolve an Internet Protocol (IP) address to a Media Access Control (MAC) address
4. To build a loop-free topology in Internet Protocol (IP) networks

This is an example of an application-level item. It requires a deeper understanding of what the ARP does, why it is needed, and where it fits into the OSI and Transmission Control Protocol/Internet Protocol (TCP/IP) models.

• Which attack leverages the Address Resolution Protocol (ARP)?

1. Transmission Control Protocol (TCP) spoofing
2. Distributed Denial of Service (DDoS)
3. Man-in-the-Middle (MitM)
4. Dynamic Host Configuration Protocol (DHCP) starvation

This is an example of an analysis-level item. Here, the exam is still just talking about ARP, but each question requires a progressively deeper understanding of the underlying ARP concept. For this item, you must understand what ARP is, how ARP works, and the cybersecurity attacks that use it. Notice that all the items are single sentences. Note that there is no correlation between the length of a question’s portion (item stem) and its cognitive difficulty.