CISSP and Adaptive Testing

Posted by in Security+ | 0 comments

Did you hear that the (ISC)2 CISSP exam is now using adaptive testing for the English version of the exam?

This is a welcome change for many people. It reduces the time length of the exam from up to 6 hours to up to 3 hours. It also reduces the number of questions from 250 to a range of 100 to 150. A passing score in both versions is 700 (out of 1000) and they typically include 25 experimental or beta questions that don’t count towards your score.

New CISSP Objectives Go Live April 15

(ISC)2 updates the objectives every three years and the 2018 version is effective April 15, 2018. You can download the updated objectives here.

If you’re looking for study materials, check out the updated CISSP: Certified Information Systems Security Professional Official Study Guide (8th Edition).

What is Adaptive Testing?

Adaptive testing asks you different questions based on how you answered previous questions to identify your competence level. As an example, imagine the exam wants to determine your knowledge about vulnerability assessments.

  • If you answer a question correctly, the next question will be more difficult.
  • If you answer a question incorrectly, the next question will be easier.
  • You cannot go back to see previous questions.

Imagine that the exam has five questions on vulnerability assessments For simplicity, let’s call them Question 1 through Question 5. Question 1 is the easiest and Question 5 is the most difficult.

The algorithms for adaptive testing vary. However, the following scenarios show different ways the adaptive exam may work. For each one, imagine that you see Question 4 first.

Adaptive Testing Scenario 1 – Pass (2 Questions)

The Quiz shows you Question 4.

  • You answer it correctly.
  • You will then see Question 5 (the most difficult question for the sub-objective).
  • You answer Question 5 correctly.
  • The quiz assumes you understand this topic and gives you a Pass for the topic.

Note that you only had to answer two questions for the topic.

Adaptive Testing Scenario 2 – Pass (5 Questions)

The Quiz shows you Question 4.

  • You answer it incorrectly.
  • You will then see Question 3 (a question less difficult than Question 4).
  • You answer Question 3 correctly.
  • You will then see Question 5 (the most difficult question for the topic).
  • You answer Question 5 incorrectly.
  • You then answer Question 2 and Question 1 correctly
  • You have answered three questions correctly (1 through 3) and the quiz gives you a pass for the topic.
  • If you answer it correctly, you’ll see Question 1.

Note that you had to answer all five questions for the topic in this scenario.

Adaptive Testing Scenario 3 – Fail (3 Questions)

The Quiz shows you Question 4.

  • You answer it incorrectly.
  • You will then see Question 3 (a question less difficult than Question 4).
  • You answer Question 3 incorrectly.
  • You will then see Question 2 (a question less difficult than Question 3).
  • You answer Question 2 incorrectly.
  • At this point, you’ve answered three questions incorrectly and the quiz gives you a fail for the topic.

Note that you only answered three questions for the topic. However, because you didn’t get any of them correct, the exam assumes you do not have an adequate understanding of the topic and stops giving you additional questions.

Are These Adaptive Testing Scenarios Accurate?

The exact algorithm that (ISC)2 test developers used to create the exam is probably protected as a proprietary secret and I don’t know it. However, the scenarios are accurate descriptions of how an adaptive exam can evaluate your understanding. They also show how one person may see only two questions for a topic, and why another person may see five questions for the same topic.

Additionally, it’s unlikely that any topic has only five Questions. Instead, it may have 15 questions, with three questions in each difficulty level of Question 1 (least difficult) to Question 5 (most difficult). This allows the exam to give different test takers different questions, but at the same difficultly level.

Also, (ISC)2 weighs objectives differently, so another topic may have ten different difficulty levels, again, with multiple questions in each difficulty level.

What Happens if I Fail a Topic

If you fail a topic, it doesn’t mean you failed the exam. However, you are required to pass a specific number of topics to pass the exam.

For simplicity, imagine that the exam covers only ten topics, they are all weighted equally, and you are expected to pass seven of them.

Adaptive Testing Scenario 1 Quick Fail

If you fail the first four topics, you fail the exam because you can only answer six topics correctly at this point.

It’s highly likely that the testing engine will not show you the rest of the questions knowing that you already failed.

Adaptive Testing Scenario 2 Quick Pass

If you pass the first seven topics, you pass the exam. The testing engine may stop the exam and let you know that you passed.

However, (ISC)2 puts beta questions in for testing, so you’ll probably still see questions from the other three topics.

Adaptive Testing Scenario 3 Pass

You see all ten topics and pass at least seven of them. You pass.


700 Out of 1000

A passing score for the (ISC)2 CISSP exam is 700 out of a total of 1000.

Unlike the simple testing scenario, topics are worth more than a single point. In other words, you won’t see 1000 topics (thank goodness!). Instead, the topics are weighted differently and (ISC)2 has assigned different values for each of their topics.

Adaptive Testing Tips

When taking an adaptive exam, the following tips may help.

  • Do your best on every question. The earlier questions typically weigh more so the better you do on early questions, the less questions you’ll likely see.
  • Do not skip questions.  If you skip a question it will be marked wrong and you can’t go back.
  • Do not analyze the exam. While taking the exam, you may see a string of “easy” questions and think you’re about to fail the topic or even the exam. However, it’s entirely possible that your mastery of the topic makes difficult questions look easy to you. If you start stressing about issues that aren’t issues, the anxiety may impact your ability to answer other questions.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.