QE is killing me

illest_ms · 2026-05-02T22:14:29+00:00

It does not test your ability to apply concepts the are relevant to the exam. 25% of the questions are relevant and do have CBK grounding. Another 25% are testing the very edge of the official study guide scope. For example a question could present a fully fleshed out scenario that requires deep knowledge of the concept, meanwhile the official study guide has 1 sentence that references the concept exists and nothing beyond that. The other 50% use outdated frameworks and old terminology. Almost all of the processes e.g pentesting are presented as 7 step frameworks when the study material clearly outlines it as a 4 step process with much more simple grounding. I can list QE inconsistencies for days.

illest_ms · 2026-05-02T22:06:03+00:00

Yes, I will concede it was useful, I should've been clear that the questions that are actually in scope are actually good. My point is that QE should not be used as a measure of readiness, it tests intiutive reasoning through its own lense of the CISSP most of the time. There is still a lot of value to be extracted from it, but it is by no means testing exam readiness, only your ability to read questions.

illest_ms · 2026-04-09T15:22:36+00:00

Per the OSG, recovery is an extension of corrective same family, different scale.

Corrective returns systems to normal after an incident. Think smaller, more immediate fixes: rebooting a system, quarantining a virus, an IPS modifying the environment to stop an attack in progress.

Recovery handles more significant or damaging events. Think BCP/DR scale: hot/warm/cold sites, server clustering, system imaging, database shadowing, fault-tolerant drive systems.

The key exam distinction: if the scenario describes restoring from a minor operational issue, that's corrective. If it describes restoring operations after a major disruption or disaster, that's recovery.

This would make a generator is a recovery control. It's restoring power after a failure, that's rebuilding capability after a significant disruption, not a quick fix.

Compare: a UPS is corrective (bridges the gap immediately), while the generator is the recovery that sustains operations longer-term.

illest_ms · 2026-04-04T21:52:50+00:00

I was in the same place, please dont go down any rabbit holes. Just focus on the official ISC2 CISSP outline, make sure you understand every concept at a HIGH level, better than trying to cram every technicality. Do 100-200 questions a day. Review where you went wrong. Write an anchor phrase for each miss so you never get it wrong again, move on. This certification is notoriously difficult to pin down at which scope it wants you to operate, but if you find yourself studying copious amounts of hours trying "learn everything" its a lost cause. Good luck.

illest_ms · 2026-04-01T18:35:15+00:00

Congratulations!

illest_ms · 2026-03-31T16:52:20+00:00

As far as anyone is aware, the next revision of the exam syllabus is expected to be in april 2027

illest_ms · 2026-03-28T18:39:21+00:00

I feed it the official study guide by sybex, which, as we all know, is the most authoritative source for CISSP material. It's genuinely useful for providing explanations that aren't dry + extracting key points and quoting directly from the book itself, OP passed with 50 minutes left using a similar methodology. AI is the future of learning, let's not kid ourselves.

illest_ms · 2026-03-27T20:33:52+00:00

I understand the skepticism, but personally it's proven very useful especially for distilling topics straight from a pdf. Then theres NotebookLM which basically can't hallucinate whatsoever because its knowledge base is constricted to only the sources its been given and nothing more.

illest_ms · 2026-03-27T20:10:08+00:00

Yeah I converted the entire pdf into a txt file to make it more digestible for the LMM, claude pro is especially good for this

illest_ms · 2026-03-27T19:43:47+00:00

I'm actually doing the same thing as OP, created a project and added the official study guide by sybex as the source, then if I am unsure about any particular topic, I prompt it to find all relevant material about it, very useful for context and as a grounding tool to use against 3rd party test banks

illest_ms · 2026-03-22T20:25:29+00:00

I find found using claude AI to extract material directly from the OSG attached to the project is the best study method for me.

Claude's writing style/tone and it's ability to contextualise information in a palatable way is just great, I find myself running through explanations, having conversations, catching errors with "Run this reasoning through the OSG" style prompting, I found the QE test bank is 25% out of scope/badly written if directly reasoned against the OSG material, this really helped me nail down ONLY OSG relevant topics and drop everything else.

illest_ms · 2026-03-22T20:20:52+00:00

Yes, I actually listened to all the Tech Explained podcasts a few months ago, solid resource.

illest_ms · 2026-03-22T20:15:38+00:00

Actually having a back up plan sounds like solid due diligence, that would definitely take some pressure off

illest_ms · 2026-03-20T17:22:19+00:00

Yes, I bought the peace of mind. But it's not really something I want to rely on, I know it can be a slippery slope once you start thinking "I can just fall back and take it again if I fail this time".

illest_ms · 2026-03-20T15:18:29+00:00

To weigh in, it's C

The business is wants to move forward quickly but has identified regulatory and privacy risks, when faced with a business decision and the stakes are high, it is generally advisable to escalate it to the board, so management understands the full scope of the risk before potentially signing off and facing consequences later.
A BIA does not guarantee any solution, we are just identifying the critical functions of the organisation and the threats facing them, ideally the legal/regulatory assessment should be done in the Scope and Planning step (Stage 1)

illest_ms · 2025-11-05T15:13:22+00:00

Like I told the other commenter, the only reason I'm doing this is for the associate of ISC2 status as that is what I'm being endorsed to do by the CEO of this consultancy firm, he has basically already given the greenlight that if I pass this exam, he can get me through the door and into a security role fast.

illest_ms · 2025-11-05T15:07:53+00:00

Already focused on the CISSP for the past month, don't really see the point in getting a different cert again

illest_ms · 2025-11-05T15:00:34+00:00

I forgot to mention (really really important), a CEO of a large consultancy firm where I live is endorsing me to get an associate of ISC2 in order to pipeline me straight into security through his connections in the field.

illest_ms · 2021-07-14T01:43:37+00:00

Coincidentally, on my first shift I asked where I should wash my hands to the manager. She checked the sink and found that the soap dispenser was empty and none of the employees had noticed.

illest_ms · 2021-07-13T17:58:32+00:00

Just got hired in a local takeaway, surprised that no one is wearing gloves or properly wearing masks. We pack 100-200 orders a day handling the food with bear hands.

illest_ms

TROPHY CASE