Missed it by *that* much! (CCSP)

therantinggeektherantinggeek Member Posts: 6 ■□□□□□□□□□
Greetings all,

I took the CCSP exam yesterday and missed the mark by eleven points. Prior to this, I took a 5-day boot camp and did a lot of self-study afterwards in order to understand the core concepts. This included the CBK, the CCSP AIO book, and the CCSP official study guide. I also made sure to brush up on the various standards and guidelines from ISO, NIST, ENISA, etc.

What I wish I had known ahead of time was that the vendor loves to use a lot of "what-if" and "best answer" scenario-based questions on the exam, instead of definition-based. Had there been more definition-based questions, I would have probably passed on my first try. Surprisingly enough, according to the results my weakest area was in Operations - and ironically I've spent at least two years-plus as a data center technician, having a first-hand experience on implementing FedRAMP controls in a large-scale environment. The other areas I was listed as lacking in were Cloud Platform and Infrastructure Security, and Cloud Application Security.

So on the advice of a colleague, I'm now looking at possibly taking the CCSK exam from the Cloud Security Alliance to get a deeper understanding of cloud security concepts. My question to all of you is this: Is there anything else I should brush up on before I schedule my CCSP re-take in August?
«1

Comments

  • p@r0tuXusp@r0tuXus Member Posts: 532 ■■■■□□□□□□
    Not advice, but a question. If you were so close, why are you putting of a re-take until August?
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
  • SkyBlueSkyBlue Member Posts: 73 ■■□□□□□□□□
    therantinggeek,

    It was so close. I am also preparing for it. I believe reviewing the new book may help.

    http://www.wiley.com/WileyCDA/WileyTitle/productCd-1119277418.html
    p@r0tuXus wrote: »
    Not advice, but a question. If you were so close, why are you putting of a re-take until August?
    The first time a candidate does not pass the CCFP, CCSP or HCISPP exam, they will be able to retest after 90 days.
    https://www.isc2.org/cancel-policy.aspx
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    Same story, also 11 points AFAIR in Feb. Will retake this month. Didn't study much though in between, hope to just spend more time carefully reading questions and get a different roll as the first time it relied heavily on legal side and I suck at it.

    I also have tons of experience migrating people to and out of VMware, Google Apps and Azure/O365 cloud as well as private cloud, setting up various federated authentication schemes, etc, been doing it since 2010.

    I've read CSA 3.0 guide pdf but acquired close to zero knowledge from it.

    I also have a thread here where I whine about my experiences with this exam.

    Also would like to know your opinion on question quality as for me it sucked and out of 125 questions more than a dozen were poorly worded to the point when the answer wouldn't fit grammatically to the question. I also feel that I'm probably more knowledgeable than exam question authors in some areas and felt the urge to argue on how some things were worded and had a lot of frustration because of that that also contributed to my poor score. Next time I hope to be psychologically prepared to this challenge.
  • p@r0tuXusp@r0tuXus Member Posts: 532 ■■■■□□□□□□
    SkyBlue wrote: »
    The first time a candidate does not pass the CCFP, CCSP or HCISPP exam, they will be able to retest after 90 days.
    https://www.isc2.org/cancel-policy.aspx

    Ooooohhh. Haven't taken any of those exams yet. I see. icon_redface.gif
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
  • Mike7Mike7 Member Posts: 1,114 ■■■■■□□□□□
    What I wish I had known ahead of time was that the vendor loves to use a lot of "what-if" and "best answer" scenario-based questions on the exam, instead of definition-based.
    That's the point. Just like CISSP, CCSP is more of a cloud security management than a technical implementation exam. You need the technical knowledge. More importantly, you need to know how to apply this technical knowledge to solve business related issues such as risk management, privacy and legal. At least, that is my impression
  • therantinggeektherantinggeek Member Posts: 6 ■□□□□□□□□□
    SkyBlue wrote: »
    therantinggeek,

    It was so close. I am also preparing for it. I believe reviewing the new book may help.

    http://www.wiley.com/WileyCDA/WileyTitle/productCd-1119277418.html

    I purchased a digital copy of that same book on Google Books when it was released. It's helpful when it comes to reinforcing the concepts that I learned from the boot camp, but in retrospect it's woefully lacking when it comes to show how those same concepts apply to a real-world situation, very much like the types of questions I encountered in the exam.
  • therantinggeektherantinggeek Member Posts: 6 ■□□□□□□□□□
    Same story, also 11 points AFAIR in Feb. Will retake this month. Didn't study much though in between, hope to just spend more time carefully reading questions and get a different roll as the first time it relied heavily on legal side and I suck at it.

    I also have tons of experience migrating people to and out of VMware, Google Apps and Azure/O365 cloud as well as private cloud, setting up various federated authentication schemes, etc, been doing it since 2010.

    I've read CSA 3.0 guide pdf but acquired close to zero knowledge from it.

    I also have a thread here where I whine about my experiences with this exam.

    Also would like to know your opinion on question quality as for me it sucked and out of 125 questions more than a dozen were poorly worded to the point when the answer wouldn't fit grammatically to the question. I also feel that I'm probably more knowledgeable than exam question authors in some areas and felt the urge to argue on how some things were worded and had a lot of frustration because of that that also contributed to my poor score. Next time I hope to be psychologically prepared to this challenge.

    Yep, the quality of questions on the exam could have been a little better. Now that I've had a couple of days to reflect on it, I think that was the intent of the test writers - to throw you off as much as possible; which, again, in retrospect; I understand from an instructor point of view. (I've taught a few classes here and there on digital forensics and packet analysis, and I would toss up the occasional curve ball just to see if my students were paying attention.) My experiences with AWS up to this point have been mostly focused on security policies, but I'm learning more about the technical operations aspect of it, including provisioning and networking.

    Best of luck on the retake; mine won't come around until August but as I said in my original post I'm looking at taking the CCSK exam on the advice of one of my colleagues.
  • therantinggeektherantinggeek Member Posts: 6 ■□□□□□□□□□
    Mike7 wrote: »
    That's the point. Just like CISSP, CCSP is more of a cloud security management than a technical implementation exam. You need the technical knowledge. More importantly, you need to know how to apply this technical knowledge to solve business related issues such as risk management, privacy and legal. At least, that is my impression

    That wasn't mentioned at all in the boot camp I sat through, nor was it mentioned in the books I read through. But now that you've provided some insight on how the test was meant to be approached, from a technical management perspective and not a technical engineering (implementation) perspective...I'll have to ask one of the senior security engineers in my group (who has his CISSP) if he can write up some scenarios as a guide.
  • khiyalkhiyal Member Posts: 5 ■□□□□□□□□□
    In addition to perspective, the ISC2 exams generally do not call a spade a spade. Instead of saying PaaS, they would say, application development in self-managed cloud environment, which could mean PaaS in a private (on-premises) or a public setup (CSPs)
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    I'm now looking at possibly taking the CCSK exam from the Cloud Security Alliance to get a deeper understanding of cloud security concepts.

    The CCSK is pretty easy and open book... Kinda high cost for what it is IMO. If someone wanted to pad their resume with an extra cloud security cert I guess it isn't bad though.
  • Mike7Mike7 Member Posts: 1,114 ■■■■■□□□□□
    Since the retake is a few months away, any plans to do CISSP?
  • therantinggeektherantinggeek Member Posts: 6 ■□□□□□□□□□
    The CCSK is pretty easy and open book... Kinda high cost for what it is IMO. If someone wanted to pad their resume with an extra cloud security cert I guess it isn't bad though.

    Any ideas on where I can get my hands on a study guide or a whole bunch of practice questions? From what I've read, the CCSK is mostly centered on the CSA 3.0 and the ENISA document.
  • therantinggeektherantinggeek Member Posts: 6 ■□□□□□□□□□
    Mike7 wrote: »
    Since the retake is a few months away, any plans to do CISSP?

    Probably at some point down the road, especially if it becomes a requirement for me to be considered for a mid-tier management position. It'll be a matter of trying to convince my employer to pay for any classes and for the exam voucher.
  • sach2017sach2017 Member Posts: 16 ■■□□□□□□□□
    Oopppsssss....

    Requesting one piece of suggestion. I had been doing self study for over a month now using CBK, AIO and NIST, ENISA and wish to ask you- how different or what additional value bootcamp can add versus self study? Do they use additional and different study material to cover the topics?

    Thank you in advance...
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    All the material you have is enough to pass the exam. I passed it with only the official book and the csa guides amd documents used for the ccsk.
  • jayc71jayc71 Member Posts: 112 ■■■■□□□□□□
    Ouch! You'll pass it next time!

    I need to get back on the CCSP horse myself...
    CISSP, CCSP, CCSK, Sec+, AWS CSA/Developer/Sysops Admin Associate, AWS CSA Pro, AWS Security - Specialty, ITILv3, Scrummaster, MS, BS, AS, my head hurts.
  • sach2017sach2017 Member Posts: 16 ■■□□□□□□□□
    Friends,
    Do the CCSP official study guide (
    [FONT=&quot]CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide)[/FONT] includes a test prep cd as well? How different are the prep Qs then AIO prep testQs (totalTester). I have a copy of AIO, should i buy the official guide as well?

    I am two weeks away from my test...please advice and guide....

    Thank you!

    [h=1][/h]
  • famidfamid Registered Users Posts: 4 ■□□□□□□□□□
    The Official Study Guide (On Kindle) did not include any links to test prep materials or flashcards, however each chapter does include a short quiz, they are no better (or worse) than the AIO.
  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    Whats the best book currently for this exam?
  • famidfamid Registered Users Posts: 4 ■□□□□□□□□□
    eddo1 wrote: »
    Whats the best book currently for this exam?

    I am using the Official CBK and Official Study Guide.

    CBK is a little dry, whilst the OSG flows a lot better but has more gaps.

    My exam is on June 7 icon_study.gif
  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    cool, is that all your using?
  • sach2017sach2017 Member Posts: 16 ■■□□□□□□□□
    therantinggeek

    you mentioned the questions that appear during the exam are mostly "what-if" or "best answer" but similar Qs are NOT there in CBK or AIO ....

    whats the best way to practice such Qs ??
  • SkyBlueSkyBlue Member Posts: 73 ■■□□□□□□□□
    Can anyone provide tentative answer whether ISC2 follow this breakdown?

    The CCSP examination domains and weights are:


    Domains

    Weight



    1. Architectural Concepts and Design Requirements

    19%



    2. Cloud Data Security

    20%



    3. Cloud Platform and Infrastructure Security

    19%



    4. Cloud Application Security

    15%



    5. Operations

    15%



    6. Legal and Compliance

    12%



    Total

    100%


  • djcarterdjcarter Member Posts: 44 ■■□□□□□□□□
    SkyBlue wrote: »
    Can anyone provide tentative answer whether ISC2 follow this breakdown?

    The CCSP examination domains and weights are:


    Domains

    Weight



    1. Architectural Concepts and Design Requirements

    19%



    2. Cloud Data Security

    20%



    3. Cloud Platform and Infrastructure Security

    19%



    4. Cloud Application Security

    15%



    5. Operations

    15%



    6. Legal and Compliance

    12%



    Total

    100%



    I think it is fairly accurate, though a lot of concepts and topics span multiple ones, so it's hard to say for sure, but overall in my experience yes.
  • SkyBlueSkyBlue Member Posts: 73 ■■□□□□□□□□
    djcarter wrote: »
    I think it is fairly accurate, though a lot of concepts and topics span multiple ones, so it's hard to say for sure, but overall in my experience yes.

    Thank you @djcarter
  • famidfamid Registered Users Posts: 4 ■□□□□□□□□□
    sach2017 wrote: »
    Friends,
    Do the CCSP official study guide (
    [FONT=&amp]CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide)[/FONT] includes a test prep cd as well? How different are the prep Qs then AIO prep testQs (totalTester). I have a copy of AIO, should i buy the official guide as well?

    I am two weeks away from my test...please advice and guide....

    Thank you!


    Apologies sach2017,

    I was mistaken, there are circa 450 bonus questions and 100 flashcards included in the official study guide. Your purchased copy of the book will provide instructions on how to access the website and register for these tools.

    Regards,
    famid
  • sach2017sach2017 Member Posts: 16 ■■□□□□□□□□
    Greetings All,

    Wish to share my perspective for my FAILURE hoping future candidates can take a leaf out of it.

    I appeared for the exam last week and FAILED (feeling disappointed though). I had gone through the CBK, AIO and CCSP OG from preparation perspective and seriously completed the sample questions before the exam but to my surprise there were only 3-4 questions from those sets of Qs. I heavily depended on the AIO questions and the TotalTester software which went against me completely. As all the questions were application based with atleast two options very close to the actual answer.

    I would like to seek inputs/suggestions/guidance on
    a) How should I prepare now. How to take value and knowledge out of the ENISA document.
    b) What material should i use.
    c) Where to find some real sample questions(CCure ?) during these three months in hand.

    Feels sad to see $750 CAD going in drain.

    Good Luck to future candidates!

    Thank you,
    Sach
  • SkyBlueSkyBlue Member Posts: 73 ■■□□□□□□□□
    sach2017

    Sorry to hear that.

    I believe, you do not need to go for any new study material. From the exam, you already know what is lacking and where to focus. You can go for CCCure for practice but definitely those will not be same as were in the exam (I did not go for it). You now know the exam question style. Now it's time to understand more and reviewing the study documents again.

    I wish you can make it next time.

    Regards
    SB
  • sach2017sach2017 Member Posts: 16 ■■□□□□□□□□
    Thanks @SkyBlue. The only addition I am planning is to go through the CISSP Study Guide, 3rd Edition book.

    My weakest area is the Application Security domain and I am still trying to figure out how to go about the ENISA document. Any inputs for me?
  • quovado7quovado7 Registered Users Posts: 3 ■□□□□□□□□□
    I was also so close 694 !!! My two weakest domains was Operations & Legal.

    Passed the CISSP and CEH on the first attempt, but failed the CCSP. Took a 5-day boot camp using the ISC2 study guide - IMHO the ISC2 boot camp was a waste of time. The trainer did not emphasize on what is important for the exam. The official ISC2 slide deck was the only material and it was a pure copy and paste from the book - useless!


    I think that the official study guide is simply not enough to pass the test. For example, I have found the answer to a question in the exam only in the CSA document "Domain 12: Guidance for Identity & Access Management V2.1 (2010)" - Yes, 2010.. WTF !! Now, I have to wait 90 days.. and this sucks too!


    If somebody had the same experience, and want to talk with me about the exam, feel free to send a private message.


    Thanks
Sign In or Register to comment.