Passed CCSP

jwlazarjwlazar Member Posts: 21 ■■■□□□□□□□
I sat the CCSP exam yesterday morning after studying on/off for the past three months following the CCSK and passed after 3 hours of churning and second-guessing answers. Initial pass took just under one hour, then I spent an hour and a half reviewing each question thoroughly and then the last half hour reviewing flagged questions. It's interesting to observe that when I first went through the questions I felt intimidated by the types of questions put forth by ISC(2) (typical if you've taken the CISSP) but as I started to approach the questions from a more relaxed mindset I began to see the nuance in each question (i.e. "what is best", "what is the PRIMARY objective", "what is a security reason for doing this?") which actually lead me to what I felt were the right answers in that context. It's crucial to zero in on these pivots as they actually can help to filter out options (security vs availability) and lead you in the right direction.

I used a variety of resources to prepare for the exam. As far as the books (CBK, AIO, and Study Guide) are concerned, I found myself *very* frustrated with the lack of consistency in terms of definitions and terminology (i.e. roles, BC/DR, etc.) across all three. I don't know if it is a reflection of a lack of standards or evolving definition but the SDLC seemed to vary in terms of having 4 phases up to 10 (including a disposition phase which I didn't find out until it popped up in the test and I had to google it; think I got it right...). Also, what does CASB have to do with IAM :scratchicon_confused.gif I supplemented the books with NIST docs 800-144, 145, and 146 as well as the new CSA Security Guidance v4.0 and Jericho Cube docs. Took practice exams from the AIO and the study guide...can't say for certain if they were useful or detrimental. I would say that the supplemental materials referenced at the end of each chapter were just as important as the books themselves in a getting a good grip on the lexicon.

All in all, it was a difficult but well constructed test. I didn't encounter too many curveballs but definitely had to dig deep to figure out the best answers. I wouldn't say I *work* with cloud on a regular basis but as a consultant I certainly can say that I *talk* about it almost every day. More hands-on experience would probably come in handy...

On to AWS!

Comments

Sign In or Register to comment.