Passed CCSP test last Saturday 7/22. Offering a quick info **** to pay it forward.
Very typical (ISC)2 test and in the same vain as the CISSP/SCCP tests. My general opinion is you need to have a comprehensive knowledge and have a good understanding of the major technologies that support the Cloud. My test was not a “definition” test but more of an application test. They had some very good questions where I had to figure out the answer by writing down all I knew of the topics in the question to find the common thread. Tip, for multiple choice don't go looking for the answer but answer the question on your own and the select choice that best fits your answer. If you don't know the answer -- move on. Only as last resort should you look for the answer in the choices -- your choice should verify YOUR answer.
One of the biggest challenges is most of the material is dry and boring. So as I read a whitepaper or material I have my favorite flashcard app also open and then cut n paste questions directly to the flashcards. Then I review the flashcards. I probably had 15 sets of flashcards that I reviewed.
For me, there was no one source of study material. I tend to over study since I do not get reimbursed for a failed test and at $540 that would be a big loss for me.
The books are helpful but I needed more. Although they do put the material in one place, the level of detail is insufficient if you are new to the concept. My study list was as follows
NIST and CSA are the major sources of material. Refer back to these and make sure you have a deeper understanding of the technologies involved i.e., just learning the definitions. This might seem like a lot but it becomes very repetitive.
https://www.nist.gov/itl/nist-cloud-computing-related-publicationshttps://downloads.cloudsecurityalliance.org/assets/research/security-guidance/csaguide.v3.0.pdfhttps://cloudsecurityalliance.org/media/news/csas-cloud-control-matrix-ccm-releases-minor-update-to-version-3-0-1/https://cloudsecurityalliance.org/download/consensus-assessments-initiative-questionnaire-v3-0-1/https://www.owasp.org/index.php/OWASP_Proactive_Controlshttps://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=OWASP_Top_10_for_2017_Release_Candidatehttps://www.enisa.europa.eu/publications/cloud-computing-risk-assessment
For the underlying technologies
https://www.pingidentity.com/en/lp/saml-101.html?utm_source=Paid+Search&utm_campaign=LP-SAML-101-PS-Q317-Google&_bt=204764375237&_bk=saml%20assertion&_bm=b&_bn=g&gclid=Cj0KEQjwkZfLBRCzg-69tJy84N8BEiQAffAwqnMG0WpEwXn10ezvhXjwzyYWqCUxskGs5iU4WCD3e2IaAh1e8P8HAQhttps://www.oasis-open.org/committees/download.php/11785/sstc-saml-exec-overview-2.0-draft-06.pdfCloud Computing - AICPAhttps://collaboration.opengroup.org/jericho/cloud_cube_model_v1.0.pdfhttps://www.tutorialspoint.com/sdlc/sdlc_tutorial.pdfhttps://www.slideshare.net/nitin_stephens/understanding-restJSONhttps://www.w3.org/TR/2000/NOTE-SOAP-20000508https://securosis.com/blog/multi-cloud-key-management-selection-and-migration
Other
UDEMY.COM CSSK Course – found a deal for $10 -- good if you are new to the cloud subject.
CCSP – Daniel Carter book, CCSP CBK --- these books are similar and different each emphasizing different topics. Since the put the basic knowledge all in one place they are handy to have. For me I would not have passed the test just relying on these books.
Reviewed basic security knowledge from Security+. Wanted just the technology review and this is a good source that captures all of it. Not a bad idea to take this cert first if you don’t have a CISSP/experience in the cloud. The material is applicable to cloud.
I have a CISA/CISSP/CISM/CCNA/SSCP/Security+ and still found it a challenging test.
