CertPrepX Start free practice

How Hard Is the CISSP Exam? CAT Format, Passing Score & 8 Domains (2026)

The CISSP is ISC2's flagship credential and one of the most respected certifications in cybersecurity. It's also one of the most misunderstood exams — mostly because of how it's scored. Here's what you're actually up against.

CISSP exam format at a glance

What "CAT" actually means

Unlike a fixed exam, Computerized Adaptive Testing adjusts question difficulty based on your answers. Get one right and the next tends to be harder; miss one and it eases off. The algorithm is building a precise estimate of your ability with each item.

Practical consequences:

The eight CISSP domains (and weights)

The CISSP Common Body of Knowledge (CBK) spans eight domains:

Domain Weight
Security and Risk Management 16%
Asset Security 10%
Security Architecture and Engineering 13%
Communication and Network Security 13%
Identity and Access Management (IAM) 13%
Security Assessment and Testing 12%
Security Operations 13%
Software Development Security 10%

The weighting is unusually flat — no single domain dominates, which is exactly why breadth is the challenge.

What makes CISSP hard

  1. It's a mile wide. Eight domains span risk, cryptography, networking, IAM, secure development, and operations. Few people are strong in all eight.
  2. "Think like a manager." CISSP rewards risk-based, business-aligned answers over the most technically aggressive option. The "best" answer is often the one that protects the organization's interests, not the coolest control.
  3. The CAT format is unforgiving of careless early mistakes and rewards consistency.

How to prepare

Because CISSP is adaptive and broad, you want to find and close your weakest domains before exam day:

That's the CertPrepX approach — a readiness score per domain so "ready" is a measurement, not a feeling.

See the full CISSP exam prep guide, or start free practice.

Frequently asked questions

What is a passing CISSP score? 700 out of 1000 on the scaled CAT score. It does not map to a simple percentage of questions correct.

How many questions are on the CISSP CAT? Between 100 and 150 items; the exam ends when the algorithm is confident in your result.

How long should I study for the CISSP? Most candidates spend 3–6 months given the breadth — though experienced practitioners move faster. Plan backwards from your exam date and prioritize weak domains.

Know exactly when you're ready to pass

Adaptive practice, full-length mock exams, and a readiness score for CISA, CISM, CISSP, PMP, ISO 27001 and AAIA.

Start free practice

Related exam guide

More from the blog