The CISSP examination is a variable length computer adaptive examination. The examination is offered through Pearson VUE Testing Center throughout the world. During the test, candidates respond to between 100-150 items based on their ability. The majority of questions are four-option multiple-choice items with one correct key. However, some advanced innovative items such as drag-and-drop, hot spot, scenario-based questions, matching items etc. are included in the test. At the end of the exam administration, candidates receive their pass/fail decision. Failing candidates receive feedback on their exam performance by domains; however, candidates who pass the exam receive their congratulatory letter describing their next step in acquiring the credential. CISSP validates an information security professional's deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization.Candidates must score 700 out of 1000 points on the scaled score to pass the exam. A theta-cut set during the standard setting is applied in making pass/fail decision in the exam. Since each candidate takes different sets of items, the computer algorithm calculates the total ability based on the correct response provided to each item and compares the candidate's total ability to the theta-cut to make the pass/fail decision.
The CISSP exam requires candidates to demonstrate the following knowledge, skills and abilities: security and risk management (15 percent); asset security (10 percent); security architecture and engineering (13 percent); communication and network security (14 percent); identity and access management (IAM) (13 percent); security assessment and testing (12 percent); security operations (13 percent); and software development security (10 percent).