CCSP Pass on July 22, my study materials

FoleyFoley Member Posts: 6 ■□□□□□□□□□
Passed CCSP test last Saturday 7/22. Offering a quick info **** to pay it forward.

Very typical (ISC)2 test and in the same vain as the CISSP/SCCP tests. My general opinion is you need to have a comprehensive knowledge and have a good understanding of the major technologies that support the Cloud. My test was not a “definition” test but more of an application test. They had some very good questions where I had to figure out the answer by writing down all I knew of the topics in the question to find the common thread. Tip, for multiple choice don't go looking for the answer but answer the question on your own and the select choice that best fits your answer. If you don't know the answer -- move on. Only as last resort should you look for the answer in the choices -- your choice should verify YOUR answer.

One of the biggest challenges is most of the material is dry and boring. So as I read a whitepaper or material I have my favorite flashcard app also open and then cut n paste questions directly to the flashcards. Then I review the flashcards. I probably had 15 sets of flashcards that I reviewed.

For me, there was no one source of study material. I tend to over study since I do not get reimbursed for a failed test and at $540 that would be a big loss for me.

The books are helpful but I needed more. Although they do put the material in one place, the level of detail is insufficient if you are new to the concept. My study list was as follows

NIST and CSA are the major sources of material. Refer back to these and make sure you have a deeper understanding of the technologies involved i.e., just learning the definitions. This might seem like a lot but it becomes very repetitive.

https://www.nist.gov/itl/nist-cloud-computing-related-publications

https://downloads.cloudsecurityalliance.org/assets/research/security-guidance/csaguide.v3.0.pdf

https://cloudsecurityalliance.org/media/news/csas-cloud-control-matrix-ccm-releases-minor-update-to-version-3-0-1/

https://cloudsecurityalliance.org/download/consensus-assessments-initiative-questionnaire-v3-0-1/

https://www.owasp.org/index.php/OWASP_Proactive_Controls

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=OWASP_Top_10_for_2017_Release_Candidate

https://www.enisa.europa.eu/publications/cloud-computing-risk-assessment



For the underlying technologies

https://www.pingidentity.com/en/lp/saml-101.html?utm_source=Paid+Search&utm_campaign=LP-SAML-101-PS-Q317-Google&_bt=204764375237&_bk=saml%20assertion&_bm=b&_bn=g&gclid=Cj0KEQjwkZfLBRCzg-69tJy84N8BEiQAffAwqnMG0WpEwXn10ezvhXjwzyYWqCUxskGs5iU4WCD3e2IaAh1e8P8HAQ

https://www.oasis-open.org/committees/download.php/11785/sstc-saml-exec-overview-2.0-draft-06.pdf

Cloud Computing - AICPA

https://collaboration.opengroup.org/jericho/cloud_cube_model_v1.0.pdf

https://www.tutorialspoint.com/sdlc/sdlc_tutorial.pdf

https://www.slideshare.net/nitin_stephens/understanding-rest

JSON

https://www.w3.org/TR/2000/NOTE-SOAP-20000508


https://securosis.com/blog/multi-cloud-key-management-selection-and-migration

Other

UDEMY.COM CSSK Course – found a deal for $10 -- good if you are new to the cloud subject.

CCSP – Daniel Carter book, CCSP CBK --- these books are similar and different each emphasizing different topics. Since the put the basic knowledge all in one place they are handy to have. For me I would not have passed the test just relying on these books.

Reviewed basic security knowledge from Security+. Wanted just the technology review and this is a good source that captures all of it. Not a bad idea to take this cert first if you don’t have a CISSP/experience in the cloud. The material is applicable to cloud.

I have a CISA/CISSP/CISM/CCNA/SSCP/Security+ and still found it a challenging test.

Comments

  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    You're a beast!
  • jonenojoneno Member Posts: 257 ■■■■□□□□□□
    Great job Foley..icon_thumright.gif
  • tphan3tphan3 Member Posts: 39 ■■□□□□□□□□
    Congratulations Foley. Thank you for your review. I am taking mine on Friday.
  • clarkincnetclarkincnet Member Posts: 256 ■■■□□□□□□□
    Awesome!
    Give a hacker an exploit, and they will have access for a day, BUT teach them to phish, and they will have access for the rest of their lives!

    Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
  • djcarterdjcarter Member Posts: 44 ■■□□□□□□□□
  • bhalldibhalldi Member Posts: 9 ■□□□□□□□□□
    Congrats Foley!!! I passed the exam this morning and agree with what you've said. As for me, I read the CCSP Participant's Guide, CSA document, and the CCSP Study Guide by Ben Malisow as my main resources. Overall, the test wasn't too difficult, but there were some that had me scratching my head. Flagged about nine questions, circled back to them, and submitted for grading. Took about 2hr 40 from start to finish.
  • zxbanezxbane Member Posts: 740 ■■■■□□□□□□
    Out of curiosity, how much of the NIST documents did you dive into. For instance the first link you sent goes to a collection of NIST documents, many of which are 100+ pages and 3-6 years old.
  • averageguy72averageguy72 Member Posts: 323 ■■■■□□□□□□
    Congrats!
    CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
  • useravuserav Member Posts: 56 ■■□□□□□□□□
  • yogeshbguptayogeshbgupta Member Posts: 6 ■□□□□□□□□□
    I think CCSP official student guide by ISC2 is good. Plus CSA security guidelines v4.0 and some practice quizzes at secloud.guru I passed in June 2017
Sign In or Register to comment.