NISTand FIPS documents for SSCP

jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
Hi there,

I'm going to start focusing on the SSCP soon. Would studying the NIST and FIPS documents be doing too much just to study for the SSCP? I enjoy reading the NIST documents but I don't wanna get way too much information that it could possibly hurt me when taking the SSCP.
Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****

Comments

  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    I would guess that NIST docs are a major reference source for (ISC)2 exam items. However, the danger is pending too much time doing a deep dive for an exam that is the proverbial "mile wide and an inch deep." I would suggest looking at the stanard study guide for the SSCP and check what NIST docs they referenced.

    I would say FIPS docs are only useful for the cryptography domain and only for AES, DES, and 3DES in particular. Like the NIST docs, they contain way more information than you need for the SSCP exam.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Thanks for the response JDMurray.

    I just really want to pass the test when I take it so I'm a little concerned.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • exspiravitexspiravit Member Posts: 44 ■■□□□□□□□□
    The CISSP and I'm assuming the SSCP is to be country agnostic. The CISSP domains were derived from NIST SP800-12 but ISC has started to move away from being strictly US centric. My CISSP exam had a few questions on particular publications from the UK, USA, and an ISO but that was it. I don't think memorizing them would really help.

    Now, reading them for the information they contain is another matter in itself. There is a lot of really good info that is broken down and some decent explanations such as quantitative versus qualitative in regards to IA/Cyber security concerns. So, as reference material you have a good source if you want something broken down for, say, an executive to understand.
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    I would stay with just the SSCP study materials and Google any topics that you still don't understand. Reading standards and RFCs will just be a waste of your study time.
  • TeKniquesTeKniques Member Posts: 1,262 ■■■■□□□□□□
    I agree with what has been mentioned already, but just wanted to offer an opinion on study material. The Gibson book and a quality practice test bank will be enough to get through the exam if you understand the material. Myself, I just used the Gibson book (read it twice) and used the ISC2 test bank which in my opinion those questions were more difficult then the ones on the test.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    I've been reading Gibson's and Harris's book and googling things that I don't understand. I'll buy the studyiscope questions as soon as I can, I would really like to see what I need to work on in addition to the other subjects.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
Sign In or Register to comment.