Open question to hiring managers and recruiters putting a CISSP requirement on a 0-4 YoE position:

Are you willing to accept candidates who passed the exam but don't have the experience yet (and as such will appear as an "associate of ISC2" when you go to verify them)? If so, how do you plan to verify that they passed the CISSP, rather than a different ISC2 certification? If not, what's the reason requiring a cert that requires 5 years of infosec experience on a position asking for less?

If you're not a recruiter, please keep it civil in the comments. I'm genuinely curious about the methodology here, not trying to attack a practice.