CISSP computerized adaptive testing (CAT): 25 of your questions answered
The Certified Information Systems Security Professional (CISSP) exam switched to a Computerized Adaptive Testing (CAT) format for all English-language exams back in 2017. Compared to the traditional, linear exam format, the CAT format constantly reassesses a candidate’s knowledge and tailors the exam for a more efficient and productive test.
This format is wildly different from standard exams, so it takes some prep to feel comfortable. In this article we’ll explain the format in-depth so you fully understand what to expect.
For more CISSP exam advice, get our free CISSP exam tips ebook, or watch our free one-hour CISSP exam prep course with an instructor whose students have a 95% pass rate.
Earn your CISSP, guaranteed!
Basics of computerized adaptive testing
1. What is computerized adaptive testing (CAT)?
Computerized Adaptive Testing (CAT) is a computer-based testing format where the test taker’s ability is estimated and updated continuously as they answer questions. It uses a special algorithm to tailor each test question difficulty to the individual test taker. Traditional exams are in a linear, fixed format where all candidates see the same amount of questions in the same order.
The adaptive nature of the CISSP CAT makes the test as efficient as possible.
2. How does it function?
The CISSP CAT exam begins by asking candidates questions below the passing standard. Once the candidate answers, their skill level is reassessed by the test algorithm. Then, the candidate is presented with questions based on the algorithm’s determination of their difficulty level.
Instead of the old six-hour-long exam, the more efficient CISSP CAT is completed within three hours with a reduced number of questions from 250 on the fixed-form, linear exam to just 100 on the new version.
3. How does computerized adaptive testing (CAT) work?
The CISSP CAT exam begins with questions that are below the difficulty standard required to pass the exam. As candidates answer correctly or incorrectly, the computer reevaluates their ability to answer the next question correctly based on their previous answers.
The more questions the candidate answers correctly, the more difficult the exam will become.
4. Why did ISC2 change the CISSP exam to the computerized adaptive testing (CAT) format?
The CISSP exam receives frequent updates; the CAT model was rolled out in 2017, and ISC2 recently updated the certification in April 2024. These continuous updates utilize new testing formats like the CAT model, redistribute the importance of different domains, and update exam content with the newest technology and real-life scenarios.
5. Will the change in exam format affect the updated versions of the exam?
Yes, moving forward, all new CISSP exam updates will remain in the CAT format.
6. Which ISC2 exams will change to the computerized adaptive testing (CAT) format?
All English-based CISSP exams will change to the CAT format. All other languages for CISSP and other ISC2 certification programs will still use the previous fixed-form linear format.
7. Can I take the old, linear format for my English CISSP exam?
No, not after 2017.
8. Is the CAT format of the CISSP exam more expensive?
No, the English CISSP CAT exam costs the same as non-English CISSP exams. Review the current pricing for the test in the CISSP exam overview.
9. Where can I take the CISSP CAT exam?
While the exam is on a computer, the test must be taken at physical, accredited Pearson Vue testing centers. Visit the ISC2 exam registration page, and after completing the signup process, you’ll be redirected to the Pearson VUE website to schedule your CISSP certification exam at your nearest testing center.
Format of CISSP exam
10. How many questions will I have to solve on the CISSP CAT exam?
With the CAT model, each candidate will answer a different amount of questions. However, each test will have a maximum of 150 questions and a minimum of 100 questions. To receive a pass-fail result, the candidate must enter a minimum of 75 scored questions and a maximum of 125 scored.
11. Will the CISSP CAT exam contain experimental questions like the previous format?
Yes, it will contain up to 25 unscored experimental questions that will be used for future tests. These do not impact the candidate’s final score.
12. Will I get section-based questions on the CISSP CAT exam?
No, the questions are randomly presented based on previous answers. With this adaptive model, candidates might not see content from certain subdomains.
Earn your CISSP, guaranteed!
13. What kind of content will be tested on the CISSP CAT exam?
The 2025 CISSP exam covers eight comprehensive domains and is one of the most in-demand cybersecurity certifications. The eight domains include:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
While it’s a challenging exam, salary expectations are on the rise for CISSP-qualified individuals. Download our Cybersecurity salary guide for more salary data.
14. Can I change or review the answers on the CISSP CAT exam?
No, once a question is submitted, there are no changes or reviews as the test adapts immediately for the next sections based on your response.
Scoring rules for the CISSP CAT exam
15. Is the CISSP CAT format more difficult than the old CISSP exam format?
While the ISC2 expects the exam pass rates to remain the same, the change in test format might psychologically affect certain candidates, which might influence the passing rate. The CISSP exam is a mid-career certification, so explore other advanced programs as well in the cybersecurity roadmap for mid-career professionals.
16. How does the CISSP CAT end, and how are results determined?
The CISSP exam ends in one of three ways: the three-hour time limit is reached, a confidence interval rule decides whether the candidate has passed or failed, or the exam runs out of questions without determining the candidate’s final score or ability.
17. Do all the questions count equally towards the final score of the CISSP CAT exam?
No, the questions are not counted equally towards the final score. With the dynamic CAT model, the early questions create a threshold for candidates, so if they underperform initially, it isn’t easy to pass the exam.
Time limit for the CISSP CAT exam
18. Is there a time limit for the CISSP CAT exam?
The CISSP CAT exam’s time limit is three hours.
19. Does a more extended session mean I’m doing well and close to passing the CISSP CAT exam?
Not necessarily, as the exam continually adapts based on the accuracy of your answers. The length of the test varies from person to person, depending on their responses.
20. Can I take breaks during the CISSP CAT exam?
Yes, but breaks are included in the three-hour time limit, so ensure you allot enough time for mental rest, personal breaks, and the exam itself.
CISSP CAT results
21. When do I receive the results of the CISSP CAT exam?
Candidates receive the results immediately after submission.
22. Is it possible to retake CISSP CAT exams?
Yes, candidates can retake the CISSP exam (CAT and linear) three times within a 12-month period. However, each time the candidate fails, they have to wait longer between tests.
- If a candidate is unable to pass the exam on the first try, they must wait a minimum of 30 days before retesting
- After a second failure, the candidate must wait a minimum of 90 days
- If the candidate is unable to pass on the third try, they must wait a minimum of 180 days before retesting
23. Will I see my score if I fail the CISSP CAT exam?
Yes, you’ll see your score immediately after submission, whether you pass or fail. Just like the traditional linear exam, candidates who fail the exam will be given diagnostic feedback highlighting strengths and weaknesses within each domain.
Earn your CISSP, guaranteed!
Preparing for the exam
24. How should I prepare for the CISSP CAT exam?
The CISSP exam is not considered an entry-level security certification, so adequate preparation is crucial. CISSP Boot Camp options include live online or in-person training for those wanting the premium study experience. Self-paced programs are useful for busy professionals or those who want to study the material slowly.
Download the free CISSP exam tips and tricks e-book to familiarize yourself with best practices. You can also take our free one-hour CISSP exam prep course from an expert instructor. Lastly review the official 10th edition CISSP Study Guide for a more in-depth look at the exam format and content.
25. Where can I find more information about the CISSP certification?
Learn more about the different exam domains and their weights in the detailed updated exam outline. For more self-study, check out the comprehensive CISSP training hub with additional study guide recommendations, practice questions, career roadmaps and comparisons of the CISSP to other popular cybersecurity certifications.
- Exam Pass Guarantee
- Live expert CISSP instruction
- CISSP exam voucher
In this Series
- CISSP computerized adaptive testing (CAT): 25 of your questions answered
- CISSP domains overview: Your complete preparation guide
- Mitigating access control attacks in the CISSP exam
- CISSP DoD 8140: What changed from DoD 8570?
- CISSP jobs in 2025: Cybersecurity manager outlook and career opportunities
- Understanding the CISSP exam schedule: Duration, format, scheduling and scoring
- CISSP interview prep: 10 common questions and answers
- CISSP resources: Free books, videos, practice exams and other study tools
- CISSP certification cost and requirements (2025): Your complete preparation guide
- Perimeter defenses: What you need to know for the CISSP exam
- Understanding control frameworks and the CISSP
- Due care vs. due diligence: What you need to know for the CISSP exam
- The ISC2 code of ethics: A binding requirement for certification
- Security governance principles: What you need to know for the CISSP exam
- Understanding access control: A CISSP certification guide
- Renewal requirements for the CISSP certification
- Secure communication channels: What you need to know for the CISSP exam
- Risk management concepts and the CISSP
- CISSP: Business continuity planning and exercises
- Data and system ownership in the CISSP exam
- Information and asset classification in the CISSP exam
- Incident management and the CISSP exam: What you need to know
- CISSP prep: Security policies, standards, procedures and guidelines
- Earning CPE credits to maintain the CISSP
- Data security controls and the CISSP exam
- CISSP: Disaster recovery processes and plans
- Vulnerability and patch management in the CISSP exam
- Secure system design principles: CISSP exam concepts and frameworks
- Certification and accreditation: What’s on the CISSP exam?
- Change management and the CISSP
- Threat modeling and the CISSP
- CISSP exam questions: 5 drag & drop and hotspot questions
- CISSP certification salary: A comprehensive 2025 salary guide
- 8 tips for CISSP exam success in 2025
- Environmental controls and the CISSP
- The CISSP experience waiver [updated 2022]
- What is the CISSP-ISSAP? Information Systems Security Architecture Professional [updated 2021]
- What is the CISSP-ISSEP? Information Systems Security Engineering Professional [updated 2021]
- What is the CISSP-ISSMP? Information Security System Management Professional [updated 2021]
- CISSP concentrations (ISSAP, ISSMP & ISSEP) [updated 2021]
- CISSP domain - Physical and environmental security
