Options
Looking for advice on the CAP
scjohnson1988
Member Posts: 12 ■□□□□□□□□□
in SSCP
I'm not quite sure specifically what I want, but any sort of recommendations, feedback, or advice would be much appreciated. I apologize in advance if my post is a bit disjointed.
I've been studying the past month or so for the CAP, and I'm having a really hard time gauging how ready I am for the exam. Unlike any other exam that I have taken to this point, there have been a wide variety of available choices in terms of study and preparation tools. Thus far, I have read the CBK once cover-to-cover while highlighting important concepts, which I later typed out in the form of a study guide in a text document. I just started listening to the (ISC)2 podcasts/web casts and I am presently working through the (ISC)2 provided flashcards. Once I complete my review of those, I will have no which other resources to use. Most notably, there is a dearth of practice questions. I know better than to try to memorize practice questions, but I think it is invaluable to study with the mindset of the types of questions that you will see on the exam. I am likely going to spend the $15 to buy all 75 available CAP questions from (ISC)2, but honestly, I was very underwhelmed by the types of questions (and content in general) provided from the CAP and CISSP CBKs, so I was hoping to find something more applicable at a somewhat cheap price or free. I have read a few posts on the TE forums which have helped, but there doesn't seem to be a lot of discussion.
In regards to my studying, I feel pretty comfortable with most of the steps in the RMF. I have a pretty sound understanding of which roles perform which tasks (although I sometimes struggle on differentiating which role will do which job if the question provides two answer with similar positions) and the deliverables/documents generated from the various steps in the RMF. I am very comfortable with what I consider the 'common sense' questions that pertain to a lot of the project management, the necessity of assessor independence, team assembly, etc. What I am most concerned with at this point is how heavily tested are the specific NIST SPs, FIPS, and OMBs. I was previously only studying the cursory, high-level concepts of these laws/guides/regulations, but I have read on these forums that you are expected to know them in-depth - which is not something the CBK really focused on.
As for myself/background: Lately, our company has been assisting with DIACAP authorizations, and I wanted to familiarize myself with the RMF before we made the change. Most of my role/experience is under assessing/testing web applications (STIGs) and tracking vulnerabilities with a POAM, but I am lacking in a lot of the bigger picture concepts and felt this was a good opportunity to educate myself. I have passed a number of other exams before, but I have only sat for one exam from (ISC)2, which makes me a bit uncomfortable in terms of lack of familiarity with their format and styles of questions. While I have yet to fail a certification exam, I don't think I am the best test taker and typically rely on a greater than usual amount of study and preparation, which is unavailable for the CAP. This would also be a pretty poor time for me to be setback $419, as I do not have the highest salary and it's around Christmas time.
I've been studying the past month or so for the CAP, and I'm having a really hard time gauging how ready I am for the exam. Unlike any other exam that I have taken to this point, there have been a wide variety of available choices in terms of study and preparation tools. Thus far, I have read the CBK once cover-to-cover while highlighting important concepts, which I later typed out in the form of a study guide in a text document. I just started listening to the (ISC)2 podcasts/web casts and I am presently working through the (ISC)2 provided flashcards. Once I complete my review of those, I will have no which other resources to use. Most notably, there is a dearth of practice questions. I know better than to try to memorize practice questions, but I think it is invaluable to study with the mindset of the types of questions that you will see on the exam. I am likely going to spend the $15 to buy all 75 available CAP questions from (ISC)2, but honestly, I was very underwhelmed by the types of questions (and content in general) provided from the CAP and CISSP CBKs, so I was hoping to find something more applicable at a somewhat cheap price or free. I have read a few posts on the TE forums which have helped, but there doesn't seem to be a lot of discussion.
In regards to my studying, I feel pretty comfortable with most of the steps in the RMF. I have a pretty sound understanding of which roles perform which tasks (although I sometimes struggle on differentiating which role will do which job if the question provides two answer with similar positions) and the deliverables/documents generated from the various steps in the RMF. I am very comfortable with what I consider the 'common sense' questions that pertain to a lot of the project management, the necessity of assessor independence, team assembly, etc. What I am most concerned with at this point is how heavily tested are the specific NIST SPs, FIPS, and OMBs. I was previously only studying the cursory, high-level concepts of these laws/guides/regulations, but I have read on these forums that you are expected to know them in-depth - which is not something the CBK really focused on.
As for myself/background: Lately, our company has been assisting with DIACAP authorizations, and I wanted to familiarize myself with the RMF before we made the change. Most of my role/experience is under assessing/testing web applications (STIGs) and tracking vulnerabilities with a POAM, but I am lacking in a lot of the bigger picture concepts and felt this was a good opportunity to educate myself. I have passed a number of other exams before, but I have only sat for one exam from (ISC)2, which makes me a bit uncomfortable in terms of lack of familiarity with their format and styles of questions. While I have yet to fail a certification exam, I don't think I am the best test taker and typically rely on a greater than usual amount of study and preparation, which is unavailable for the CAP. This would also be a pretty poor time for me to be setback $419, as I do not have the highest salary and it's around Christmas time.
Comments
-
OptionsLaurenKaspro
Registered Users Posts: 3 ■□□□□□□□□□
Hi, Just saw your post and was wondering the same thing you are. Did you have any luck with the exam? I am currently planning to take it next month, I have the CAP CBK book and was planning on reading all of the NIST documents and then go through the (ISC)2 podcasts. Did you find any other helpful materials? Any info would be appreciated! Thank you!
-
Optionsscjohnson1988
Member Posts: 12 ■□□□□□□□□□
Personally, I'm in the midst of changing employers, so I have not yet taken the exam, because they will reimburse me if I pass. I began studying in November, but I took a break until January/February, my study materials are below:
*Official CAP Guide - In my opinion, I think this is a very poor guide. There is a lot of outdated material, which is quite frustrating, as I am unsure if I should be studying this guide or studying the newer, more relevant materials. Regardless, I did a cover-to-cover read while highlighting areas of confusion and then re-reading and taking notes on those areas.
*ISC2 App Questions - This felt like a total scam. Half the questions are not in the CBK, there are typos, missing questions, word-for-word duplicates of questions from the CBK, and the app itself is riddled with errors. I do not recommend this at all, unless the Android version is better. Save the $5.
*FedVTE's CAP Guide - I found this to be helpful, but there are certain portions of the course which seemed oriented towards the CISSP and entirely unrelated to the CAP (which is true of most all study materials I found). It helped clarify some areas of confusion for me, and I think hearing/watching a presenter makes the information more digestible.
*DoD Instructions - While the exam is on the NIST interpretation, the DoD RMF is obviously very similar. A quick read-through of related summaries reinforced my other readings. There are also other DoD resources for the RMF that are very good at providing succinct summaries of the information (unlike my posts).
*NIST SPs/FIPS/CNSSIs - I did a cover-to-cover reading of most of the key players in these. Some I found much, much better than others. I thought 800-30 and 800-39 were good, but I found myself borderline "studying" for a test on the SP 800-30/800-39. I occasionally lost sight that this is really all about the RMF and how those publications play into it.
*Cram/Quizlet flashcards - This is dangerous, since a lot of these may be inaccurate, but I found a few sets from Googling which were basically book/publication definitions in flashcard format, which was great for quick refreshers during my breaks at work.
If I remember to do so, I'd be happy to let you know if I do anything else and how my studying goes. -
OptionsLaurenKaspro
Registered Users Posts: 3 ■□□□□□□□□□
Just saw your response. Thanks for responding, I definitely agree about the Official CBK book not being much help. I have been mostly focusing on the actual NIST docs. I am actually taking my exam today (yayyy).... Will report back later.
-
Optionsrazorbackz
Member Posts: 28 ■■□□□□□□□□
Read ISC2 official book cover to cover and dug into the NIST's and remember the NIST numbers. Passed first time in Nov 14.
-
OptionsLaurenKaspro
Registered Users Posts: 3 ■□□□□□□□□□
Took the exam and passed first time! It was definitely easier than I expected it to be. Definitely would recommend being familiar with all of the NIST documents listed in the CAP CIB References, notably 800-37, 800-137, 800-153/153A, 800-115, and 800-39 (at least for my exam). The questions are all mostly straightforward, if you know these documents you should be fine. There were quite a few questions on knowing the roles/responsibilities so make sure you have that down. The book was helpful as a supplement to the NIST docs for me. I Read it through completely before the exam. Good luck
