How Many Questions on CISSP Exam?

The certified information systems security professional (CISSP) is a highly sought-after qualification offered by ISC2.

It’s perceived as one of the leading certifications within the industry, covering multiple appears of cybersecurity.  

One of the reasons as to why it’s to prestigious is due to its difficulty and its tough prerequisites.  Every candidate must have 5 years of experience within two of the eight domains, or 4 years with an approved degree or approved certification.  

If it’s a certification you’re considering, then you might have asked how many questions are on the CISSP exam? Exam takers can expect between 100 & 150 questions during a CISSP exam.  The variances are due to the new Computerized Adaptive Testing (CAT), which considers your exam performance. The better you perform, the fewer questions you’ll be asked.  

The CISSP test is variable in length, which means it’ll dynamically adapt to your performance, giving you any number between 100 and 150 questions.  

If a candidate performs well and demonstrates a high level of competency, then they can expect to receive fewer questions.  Candidates that demonstrate issues with a domain can expect more questions on those domains to ensure competency.

CISSP Exam Format

The CISSP exam consists of a mixture of multiple-choice questions as well as advanced innovative questions.  Advanced innovative questions can be presented in several formats:

Hotspot: A hotspot question asks you to select an area or location on a visual diagram, for example on a network diagram.  These sorts of questions are most asking to locate where a network device would sit, where a network attack might take place, or to identify weak points.  

Drag and Drop: Drag and drop answers tend to ask you to put certain items in an order, select the correct items out of a list or match phrases together.  

During the 3 hour exam, candidates can expect several questions from the eight domains, with certain weightings, applies to each domain:

  • Security and risk management
  • Asset security
  • Security architecture and engineering
  • Communication and network security
  • Identity and access management
  • Security assessment and testing
  • Security operations
  • Software development security

When Are You Ready To Sit The Exam?

Preparing for the CISSP is a serious commitment and one that will heavily impact your preparedness.  It’s a hard exam.

You must allow plenty of time to study, I detail my recommendations here in how long to study for the CISSP article. 

Once you’re achieving competent passes on the CISSP practice exams, you’re all set to sit the CISSP exam.  

I prefer scheduling exams in advance so that I have a goal to work towards and it gives me some incentive to put the effort in.  

CISSP exams can be scheduled through the Pearson Vue website, but you will need to register for an ISC2 account first. 

You can access the Pearson Vue website here and the ISC2 registration page here

On the Day of the Exam

As with the exam, you’ll want to arrive early and well-rested, which is perhaps easier said than done.  

I like to understand exactly where I’m going on the day of the exam, which can be done with Google maps quite easily, you can even walk the route.  

Make sure to factor in time for traffic delays, a trip to the toilet, and any other unforeseen circumstances.  Aim to arrive around 30 minutes early to account for registration, which can be rigorous. 

When you arrive you will have your picture taken and you will need to empty out all your pockets, including removing watches and mobile phones.

Once you’ve signed in you’ll be given a whiteboard and a marker, given a quick tour and explanation of the exam process and you’ll be assigned a workstation to sit the exam. 

Final Thoughts

The Computerized Adaptive Testing (CAT) format for the CISSP is a welcome change in my book which removes some of the criticisms of the original CISSP exam, which would literally take a whole day to complete.

This format of 100 to 150 questions and a 3-hour time limit brings the CISSP inline with its peers in terms of length.  It’s better for candidates as concentrating for this length of time is much more manageable.  

Jonathan Holmes

Jonathan Holmes is a writer for HKS Siblab, an education and business blog. He has a MSc in Cyber Security & Digital Forensics from the University of Hertfordshire and has been working in the cyber security industry since 2010. In his spare time, he enjoys reading, playing guitar and spending time with his family.

Recent Posts