CISSP — how many questions in before you felt like you'd actually pass?
I'm sitting for the CISSP in three weeks and the adaptive testing format is messing with my head. I keep reading about people finishing at 100 questions and passing, and others going to 150 and also passing, and I can't tell if there's any real signal in the question count. I've been studying about four months, roughly two hours a day, and my Boson practice scores are consistently in the 78–82% range.
My background is eight years in network security, the last three focused on risk management and governance. Domains 1 and 5 feel solid, domain 4 is decent, but domain 3 (security architecture) and domain 7 (security operations) are weaker. I've been focusing the last few weeks on those gaps but there's a lot of ground in domain 3 especially.
The thing I keep hearing is to think like a manager, not a technician — but that's easier said than done when you've spent eight years being the technician. Does that framing actually help when you're sitting there second-guessing answer choices, or is it more useful in retrospect as an explanation for why you got something wrong?
78–82% on Boson is a solid indicator — Boson questions are harder than the actual exam in most domains. I was scoring similarly and passed at 100 questions. The real exam felt slightly more straightforward on the application-level questions.
I finished at 125 questions and passed. The whole drive home I was convinced I'd failed because a stretch around question 90 felt impossibly hard. Turns out that's normal — the CAT engine pushes you to your ceiling. Hard questions are not a bad sign.
The manager framing is real and it takes practice to internalize. When two answers are both technically correct, ask which one a CISO presenting to a board would choose. That shift changed how I read questions in a way no textbook explanation could.
Domain 3 tripped me up too. I made a one-page summary of the main security models — Bell-LaPadula, Biba, Clark-Wilson, Brewer-Nash — with their use cases and reviewed it every morning for two weeks before my exam. Made that domain manageable.
I'm actually in a similar boat but for AI-900, not CISSP, so take this with a grain of salt. Just hit 87% on my last practice run and I'm sitting the real thing next Tuesday. The adaptive format stuff you're describing honestly sounds exhausting, but from what I've read the question count really doesn't mean what people think it means.
What's been helping me is just not tracking the meta stuff and focusing on whether I actually understand the material. You've got three weeks which is solid time. Good luck with it.