Missed it by *that* much! (CCSP)

in CCSP
Greetings all,
I took the CCSP exam yesterday and missed the mark by eleven points. Prior to this, I took a 5-day boot camp and did a lot of self-study afterwards in order to understand the core concepts. This included the CBK, the CCSP AIO book, and the CCSP official study guide. I also made sure to brush up on the various standards and guidelines from ISO, NIST, ENISA, etc.
What I wish I had known ahead of time was that the vendor loves to use a lot of "what-if" and "best answer" scenario-based questions on the exam, instead of definition-based. Had there been more definition-based questions, I would have probably passed on my first try. Surprisingly enough, according to the results my weakest area was in Operations - and ironically I've spent at least two years-plus as a data center technician, having a first-hand experience on implementing FedRAMP controls in a large-scale environment. The other areas I was listed as lacking in were Cloud Platform and Infrastructure Security, and Cloud Application Security.
So on the advice of a colleague, I'm now looking at possibly taking the CCSK exam from the Cloud Security Alliance to get a deeper understanding of cloud security concepts. My question to all of you is this: Is there anything else I should brush up on before I schedule my CCSP re-take in August?
I took the CCSP exam yesterday and missed the mark by eleven points. Prior to this, I took a 5-day boot camp and did a lot of self-study afterwards in order to understand the core concepts. This included the CBK, the CCSP AIO book, and the CCSP official study guide. I also made sure to brush up on the various standards and guidelines from ISO, NIST, ENISA, etc.
What I wish I had known ahead of time was that the vendor loves to use a lot of "what-if" and "best answer" scenario-based questions on the exam, instead of definition-based. Had there been more definition-based questions, I would have probably passed on my first try. Surprisingly enough, according to the results my weakest area was in Operations - and ironically I've spent at least two years-plus as a data center technician, having a first-hand experience on implementing FedRAMP controls in a large-scale environment. The other areas I was listed as lacking in were Cloud Platform and Infrastructure Security, and Cloud Application Security.
So on the advice of a colleague, I'm now looking at possibly taking the CCSK exam from the Cloud Security Alliance to get a deeper understanding of cloud security concepts. My question to all of you is this: Is there anything else I should brush up on before I schedule my CCSP re-take in August?
Comments
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
It was so close. I am also preparing for it. I believe reviewing the new book may help.
http://www.wiley.com/WileyCDA/WileyTitle/productCd-1119277418.html
The first time a candidate does not pass the CCFP, CCSP or HCISPP exam, they will be able to retest after 90 days.
https://www.isc2.org/cancel-policy.aspx
I also have tons of experience migrating people to and out of VMware, Google Apps and Azure/O365 cloud as well as private cloud, setting up various federated authentication schemes, etc, been doing it since 2010.
I've read CSA 3.0 guide pdf but acquired close to zero knowledge from it.
I also have a thread here where I whine about my experiences with this exam.
Also would like to know your opinion on question quality as for me it sucked and out of 125 questions more than a dozen were poorly worded to the point when the answer wouldn't fit grammatically to the question. I also feel that I'm probably more knowledgeable than exam question authors in some areas and felt the urge to argue on how some things were worded and had a lot of frustration because of that that also contributed to my poor score. Next time I hope to be psychologically prepared to this challenge.
Ooooohhh. Haven't taken any of those exams yet. I see.
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
I purchased a digital copy of that same book on Google Books when it was released. It's helpful when it comes to reinforcing the concepts that I learned from the boot camp, but in retrospect it's woefully lacking when it comes to show how those same concepts apply to a real-world situation, very much like the types of questions I encountered in the exam.
Yep, the quality of questions on the exam could have been a little better. Now that I've had a couple of days to reflect on it, I think that was the intent of the test writers - to throw you off as much as possible; which, again, in retrospect; I understand from an instructor point of view. (I've taught a few classes here and there on digital forensics and packet analysis, and I would toss up the occasional curve ball just to see if my students were paying attention.) My experiences with AWS up to this point have been mostly focused on security policies, but I'm learning more about the technical operations aspect of it, including provisioning and networking.
Best of luck on the retake; mine won't come around until August but as I said in my original post I'm looking at taking the CCSK exam on the advice of one of my colleagues.
That wasn't mentioned at all in the boot camp I sat through, nor was it mentioned in the books I read through. But now that you've provided some insight on how the test was meant to be approached, from a technical management perspective and not a technical engineering (implementation) perspective...I'll have to ask one of the senior security engineers in my group (who has his CISSP) if he can write up some scenarios as a guide.
The CCSK is pretty easy and open book... Kinda high cost for what it is IMO. If someone wanted to pad their resume with an extra cloud security cert I guess it isn't bad though.
Any ideas on where I can get my hands on a study guide or a whole bunch of practice questions? From what I've read, the CCSK is mostly centered on the CSA 3.0 and the ENISA document.
Probably at some point down the road, especially if it becomes a requirement for me to be considered for a mid-tier management position. It'll be a matter of trying to convince my employer to pay for any classes and for the exam voucher.
Requesting one piece of suggestion. I had been doing self study for over a month now using CBK, AIO and NIST, ENISA and wish to ask you- how different or what additional value bootcamp can add versus self study? Do they use additional and different study material to cover the topics?
Thank you in advance...
I need to get back on the CCSP horse myself...
Do the CCSP official study guide ([FONT="]CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide)[/FONT] includes a test prep cd as well? How different are the prep Qs then AIO prep testQs (totalTester). I have a copy of AIO, should i buy the official guide as well?
I am two weeks away from my test...please advice and guide....
Thank you!
[h=1][/h]
I am using the Official CBK and Official Study Guide.
CBK is a little dry, whilst the OSG flows a lot better but has more gaps.
My exam is on June 7
you mentioned the questions that appear during the exam are mostly "what-if" or "best answer" but similar Qs are NOT there in CBK or AIO ....
whats the best way to practice such Qs ??
The CCSP examination domains and weights are:
Domains
1. Architectural Concepts and Design Requirements
2. Cloud Data Security
3. Cloud Platform and Infrastructure Security
4. Cloud Application Security
5. Operations
6. Legal and Compliance
Total
I think it is fairly accurate, though a lot of concepts and topics span multiple ones, so it's hard to say for sure, but overall in my experience yes.
Thank you @djcarter
Apologies sach2017,
I was mistaken, there are circa 450 bonus questions and 100 flashcards included in the official study guide. Your purchased copy of the book will provide instructions on how to access the website and register for these tools.
Regards,
famid
Wish to share my perspective for my FAILURE hoping future candidates can take a leaf out of it.
I appeared for the exam last week and FAILED (feeling disappointed though). I had gone through the CBK, AIO and CCSP OG from preparation perspective and seriously completed the sample questions before the exam but to my surprise there were only 3-4 questions from those sets of Qs. I heavily depended on the AIO questions and the TotalTester software which went against me completely. As all the questions were application based with atleast two options very close to the actual answer.
I would like to seek inputs/suggestions/guidance on
a) How should I prepare now. How to take value and knowledge out of the ENISA document.
b) What material should i use.
c) Where to find some real sample questions(CCure ?) during these three months in hand.
Feels sad to see $750 CAD going in drain.
Good Luck to future candidates!
Thank you,
Sach
Sorry to hear that.
I believe, you do not need to go for any new study material. From the exam, you already know what is lacking and where to focus. You can go for CCCure for practice but definitely those will not be same as were in the exam (I did not go for it). You now know the exam question style. Now it's time to understand more and reviewing the study documents again.
I wish you can make it next time.
Regards
SB
My weakest area is the Application Security domain and I am still trying to figure out how to go about the ENISA document. Any inputs for me?
Passed the CISSP and CEH on the first attempt, but failed the CCSP. Took a 5-day boot camp using the ISC2 study guide - IMHO the ISC2 boot camp was a waste of time. The trainer did not emphasize on what is important for the exam. The official ISC2 slide deck was the only material and it was a pure copy and paste from the book - useless!
I think that the official study guide is simply not enough to pass the test. For example, I have found the answer to a question in the exam only in the CSA document "Domain 12: Guidance for Identity & Access Management V2.1 (2010)" - Yes, 2010.. WTF !! Now, I have to wait 90 days.. and this sucks too!
If somebody had the same experience, and want to talk with me about the exam, feel free to send a private message.
Thanks