How Long is the CISSP Exam?

In 2018 the CISSP exam format was revised for candidates taking the exam in English.  The 250 questions 6-hour exam was abandoned and replaced with a Computer Adaptive Test or CAT for short.

This new exam format promised a less grueling exam schedule and fairer experience for test-takers.  I for one, prefer the newer format.  I can’t imagine anything worse than spending 6 hours answering questions on cybersecurity.

With the new CISSP CAT format, the number of questions was reduced from 250, down to between 100 and 150.  The exact amount of question you’ll face varies based on your performance – more on this later.

At this point you might be wondering, how long is the CISSP exam? The English version of the CISSP CAT exam is 180 minutes long (3 hours) and consists of between 100 – 150 questions.  Other language options will still need to take the older CISSP linear examination, which is 6 hours and 250 questions.

To book your exam you can visit the ISC2 website here.


With the new CISSP CAT, candidates no only have a shorter exam length to contend with but are given exams of varying question length depending on performance.

Every candidate will receive a minimum of 100 questions, and a maximum of 150.

Out of the 100 questions that every student answers, only 75 are used to grade a passing score.  The other 25 are randomly interspersed throughout the exam are used to evaluate the suitability of the questions for future exams.

Once you’ve answered 100 questions, the adaptive system looks at your score so far and determines if you’re likely to pass. If the system determines that you have a 95% chance or higher of passing, then the exam finishes with a passing mark.

If the exam determines that you have a 95% chance of failing, then exam finishes at this point with a failure.

If your pass or failure rate is undetermined at the 100-question mark, then you’ll be presented with another question to answer.  After each question answered your probability of passing or failing is reassessed and if it remains undetermined, you’ll continue answering questions until the 150 question mark.

Only the 75 most recent questions answered is used to determine your passing mark.  So, as you answer question 101, question 1 is disregarded and no longer used to determine your passing mark. When you answer question 102, question 2 is no longer used to determine your passing mark.  This continues until you get to question 150.

In addition to the exam format changing to a more adaptive manner, you’ll also no longer be able to flag and return to questions you were unsure of the answer.  Any unanswered questions are marked as incorrect.

All of these changes make for a shorter exam process and in theory, will allow you to still do well even if a particular question or series of questions unnerved you.

CISSP Exam Domain Weightings

Not all domains within the CISSP are treated equally, which means doing well in a domain such as Security and Risk Management will increase your chances of passing versus doing well in an area such as Asset Security.

That’s not to say that Asset Security is not an important domain, it’s just that ISC2 gives a heavier scoring weight to certain domains.  But the overall difference is not significant.  You can see the exact weighting below:

  1. Security and risk management             15%
  2. Asset security 10%
  3. Security architecture and engineering 13%
  4. Communication and network security 14%
  5. Identity and access management             13%
  6. Security assessment and testing             12%
  7. Security operations                                     13%
  8. Software development security             10%

How To Maximize Your Chances of Passing the CISSP?

There are no two ways about it, the CISSP is a hard exam.  However, it’s not an insurmountable challenge, especially if you approach the study process scientifically and in a smart manner.

I cover the exact methods I used to study for the CISSP in this article.

I also cover the best CISSP study material here, as well as answer a bunch of other questions.

If you follow these and perhaps put your own twist on them, then there’s no reason why you can’t pass the CISSP on the first attempt.

Final Thoughts

The newer 180-minute time frame for the CISSP is a massive improvement over the previous version.  It no longer takes a whole day to complete, in fact, I managed it in under two hours.

Don’t be put off by the adaptive nature of the exam, it’s not that bad and in theory, will increase your chances of gaining a passing score.

Jonathan Holmes

Jonathan Holmes is a writer for HKS Siblab, an education and business blog. He has a MSc in Cyber Security & Digital Forensics from the University of Hertfordshire and has been working in the cyber security industry since 2010. In his spare time, he enjoys reading, playing guitar and spending time with his family.

Recent Posts