What You Need to Know About the New CISSP Exam

A CCNA certified network associate checking servier performance


Posted by: Troy McMillan
Published: August 2, 2018


The new CISSP exam has caused a stir among CISSP candidates because the test domain weightings have been updated, the format is different, and there’s some new content. So what do you need to know about this new exam? Let’s take a look.

New CISSP Exam Domain Weightings

Here are the new domain weightings. You can use these to guide your study so you spend an appropriate amount of time on each domain.


 Domain Weight
 1. Security and Risk Management 15%
 2. Asset Security 10%
 3. Security Architect and Engineering 13%
 4. Communication and Network Security 14%
 5. Identity and Access Management (IAM) 13%
 6. Security Assessment and Testing 12%
 7. Security Operations 13%
 8. Software Development Security 10%


New CAT Format

The test is now adaptive. The questions change based on your answers and an assessment of your ability that occurs after you answer. Each time you answer a question, algorithms evaluate your ability to get the next question correct based upon previous submissions and the difficulty of previous questions. It is the position of (ISC)2  that CAT provides a more precise evaluation of your competency.

Because the CISSP CAT exam is a variable-length computerized adaptive examination, and the difficulty is based on your previous responses, item review is not permitted. Once you finalize an answer, it may not be reviewed or changed.

New Content

In the new CISSP exam, there is now content focusing on the Internet of Things (IoT), security auditing, and secure code development. Make sure you know the security issues associated with IoT devices and understand the importance of a strong personal device policy. Be prepared for questions about the value, roles, and steps of a security audit. You should also be ready to inspect source code or code input, and look for vulnerabilities in applications or potential attacks.

A Mix of Question Types

The exam is no longer just multiple-choice. It now includes drag-and-drop items and hotspot items as well.

Number of Questions and Time

The number of questions depends on how you are performing. It will be between 100 and 150 items, and the time allowed is now 3 hours instead of 6 hours.

No Experience? No Problem

Although you still must satisfy the experience requirements to earn the full CISSP, you can pass the exam and receive an Associate Certification while you gain the experience required for the full CISSP.

Be as Prepared as Possible for the New CISSP Exam

When it comes to studying, why go it alone? Kaplan IT Training offers
practice exams and exam-focused video eLearning for (ISC)2's popular CISSP certification.

thumbprint representing information security protection

Free 5-Question CISSP Quiz

Curious about the types of questions you might face on the Certified Information Systems Security Professional Exam? Take our free 5-question quiz to get a glimpse of some of the topics tested on the CISSP exam.

Take the Quiz



Train Smarter

Keep on top of industry news with Kaplan IT Training. You'll also be the first to get our exclusive product promotions and discounts.