CCSP - Failed TWICE. I'm done.

bitterzbitterz Posts: 2Registered Users ■□□□□□□□□□
Hey peeps.

Failed the CCSP yesterday on my second attempt with a 681 (700 required to pass).

My first attempt scored a ~618.

I took the exam the first time after completing my Master's Degree in Information Assurance with a focus on cloud security and using the ISC2 Official CCSP Study Guide by Ben Malisow. The official study guide is worse than useless. If I had completely memorized every single page of the study guide, I would only know about 20% of the material presented on the test.

After the first failure, I began a hardcore study program that included the following: Altogether, I drilled on the practice questions in these resources (about 700 questions in all) and scored 90%.

Maybe 5% of the test questions I used appeared on the actual exam in some form. So, the practice questions will create a very false sense of confidence.

THE EXAM:
As others have noted, it is a poor quality test. Many questions are constructed with poor grammar (obviously from someone for whom english is not a first language). There are probably 10 questions or so written specifically to confuse or deceive you with the wording. There were MANY questions on REST and SOAP APIs that were more detailed than ANY of the information about REST and SOAP in the study materials. You will either need to be an application developer and intimately know how to use these APIs or use a separate programming resource to study how they work and why. There are matchy-match questions about what security standards/laws go with what country (easy if you memorize - but be sure to memorize ALL of them). There were two sets of questions (about 4-5 each) based on a detailed real-world scenario and how to accomplish a specific goal in the MOST secure manor. I have no idea how I did on these because either every option seemed right or none of them did. The study material spend a LOT of time on which storage types go with which platform, but the questions on the test on these topics are all asked in ways the material doesn't prepare you for (i.e. don't expect to be able to match volume and object storage with IAAS). If you are security professional active in the field, I would say you are at the greatest disadvantage for this exam - because you may know a right way to do something but the test question is looking for the answer based on the CCSP CBK, not the "real world."

I have $1500 in test and materials now and I will NOT be attempting it a third time. There would be no satisfaction for me to pass the test on a third attempt, and if I failed it a third time I would probably drive into oncoming traffic.

I have a number of colleagues who have passed the exam after taking the ISC week-long bootcamp class with the exam at the end. I assume the ISC instructor basically gives you the info for the test questions they know will be on the test since it's their exam. If your goal is to get the cert to check a box or get the credential, I would recommend doing the bootcamp. These forums are full of stories of very competent security pros who didn't pass this exam the first time around, so you're likely looking at $1200 to take it twice anyway. Might as well go all the way on the bootcamp cost and feed the ISC money machine.

Comments

  • cbolarcbolar Posts: 34Member ■■□□□□□□□□
    You're literally on the cusp, don't give up. We've all struggled with an exam before. It's about what you take out of it as a lesson rather than accepting it as a failure.
  • cyberguyprcyberguypr Senior Member Posts: 6,642Mod Mod
    Maybe 5% of the test questions I used appeared on the actual exam in some form. So, the practice questions will create a very false sense of confidence.
    Wait, what? Were you expecting actual verbatim practice questions to show up on the test?
    There were MANY questions on REST and SOAP APIs that were more detailed than ANY of the information about REST and SOAP in the study materials
    This is why you supplement with external material.
    If I had completely memorized every single page of the study guide, I would only know about 20% of the material presented on the test.
    Again, that's why you supplement with the other docs. Plus it's a CBK, youy focus on applying concepts, not a memorization thing.
    If you are security professional active in the field, I would say you are at the greatest disadvantage for this exam - because you may know a right way to do something but the test question is looking for the answer based on the CCSP CBK, not the "real world."
    Not a secret. This works the exact same way with Microsoft and a multitude of other vendors. Three ways to do things: the right way, the wrong way, and the way the exam provider says.

    In regards to the bootcamp I'll be curious which one they took, because the official ISC2 6 of my coworkers took was a rehash of the training guide provided in the class and the instructor provided zero inside knowledge that would be of benefit for passing.
  • NutsyNutsy Posts: 136Member
    Sounds like a typical testing experience.
  • mbarrettmbarrett Posts: 397Member ■■■□□□□□□□
    This is the only thing that comes to mind. Don't cry to quit, cry to keep going and get the reward.
    https://www.youtube.com/watch?v=5fsm-QbN9r8
  • gespensterngespenstern Posts: 1,243Member ■■■■■■■□□□
    All of that is more or less fine, except poor English as it may (and in my case I think it did) affect the outcome if a question is not understood properly. This is especially annoying, given that it doesn't seem to be a hard to fix type of issue and yet it's still there despite many reports and complaints over the course of a few years.

    Almost as if (ISC)2 envies EC-Council's poor products and processes and decided to go down to the same level of quality or should I say inferiority with their most recent and hyped offering.

    It also throws me off from putting enough efforts into preparations. If I don't respect the exam I tend not to perform well and vice versa, even for particularly hard exams I prepare very thoroughly and pass them with high scores if I respect them a lot. Not the case with CCSP because of that.

    And why would I respect it, if (ISC)2 doesn't seem to respect it enough to proof read and offers us a half-baked product?
  • bitterzbitterz Posts: 2Registered Users ■□□□□□□□□□
    cyberguypr wrote: »
    Wait, what? Were you expecting actual verbatim practice questions to show up on the test?

    Nah - certainly not verbatim. In the case of the CISSP, the sample questions on practice exams much more closely resemble the form and complexity of the actual test questions. I found the sample questions in the study books and on the websites to be nothing like the actual test.
    cyberguypr wrote: »
    This is why you supplement with external material.

    Do you have suggestions for prepping for the SOAP and REST content? Or did you already have this knowledge from experience as a developer?
    cyberguypr wrote: »
    Again, that's why you supplement with the other docs.

    I'm cool with that - I just need to know WHAT material to study.
  • Cisco InfernoCisco Inferno Posts: 1,035Member ■■■■■□□□□□
    you got it! dont quit now. you got that masters because youre badass. are you telling us youre not badass enough?

    and yes the test is ****.
    2019 Goals
    CompTIA Linux+
    [ ] Bachelor's Degree
  • lamont29lamont29 Posts: 26Member ■□□□□□□□□□
    Yes, just go with the flow man. So, you feel that you got screwed? Enjoy the screw and come out on top the next time. Never be discouraged.
  • destroy8383destroy8383 Posts: 11Member ■□□□□□□□□□
    I know how you feel, I was angered by this exam and feel the same way about it as you. Poor English, A lot of application developer type questions that I did not feel comfortable in. Remember there is 25 throw away questions which I assume some of the app dev questions you saw are in that. I failed it 3 times and got it on the 4th time, I read a lot more people's passing post and tips and made my on list of things that I need to remember. I passed it the 4th time, I had to come to peach with the test and not hate it or think poorly of ISC2 so I would want to try harder. I got in the mindset don't do anything that fixes something only go with the management big picture route ... something is on fire, a server is infect what do you do? they will have a sexy tech answer but no you follow the policies set in place never skip processes that's what you are not about as a CISSP. Also it helped if I didn't think about what I did or saw in my years exp I thought I was in the CISSP perfect matrix world and that's how I would answer. I say read Sybex, watch Cybrary vids, do practice questions on the Sybex website and read 11th hour two days before the test.
  • American At HeartAmerican At Heart Posts: 1Registered Users ■□□□□□□□□□
    I too failed twice. Most of the topics were brand new to me so I really learnt a lot. I heard it is a Gold Certificate. So I don't plan on giving up. I never failed any exams before, it is very disappointing the way CISSP exam is formatted. But I don't blame myself for not passing I will keep trying until I pass. I am studying CBK, watching lots of videos on YouTube. All of them are good. I wish Powercert made animated videos for CISSP, they made some superb videos. Shon Harris audios are excellent source. I guess if I do CBK word to word I should easily pass (my mistake was I only watched videos but never read a full book). I took exam in old and new CAT formats. I felt I would have had better chance of passing in the old 250 question format. Following is grading I was given but no score.

    Security Operations-Below Proficiency
    Communications & Network Security-Below Proficiency
    Asset Security-Near ProficiencySecurity Engineering-Near Proficiency
    Identity and Access Management-Near Proficiency
    Security Assessment and Testing-Near Proficiency
    Security and Risk Management- Above Proficiency
    Software Development Security-Above Proficiency.
  • Dan-in-MDDan-in-MD Posts: 50Member ■■□□□□□□□□
    Sometimes the reason folks fail is that they need to improve their test-taking skills. There is a process to analyzing questions, eliminating answers, and so forth. Additionally, you need to get your mind into the zone of thinking from the correct perspective. Very often, thinking like a techie will result in failure. I took the CCSP a few weeks ago, and I thought it was a balanced and well-designed test. I didn't think any of the questions were out of bounds.
  • chaunce54chaunce54 Posts: 3Registered Users ■□□□□□□□□□
    Just passed this exam on Friday 2/2 on my first attempt. My primary resource was the CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide. I also perused some of the NIST documents referenced in the book.

    This book comes with some practice questions and practice exams that I also utilized. Much like your experience, the questions on the exam were nothing like the questions on the practice tests.

    It was a very challenging exam and I wasn't sure if I had passed it until I read the printout. You may want to consider getting the book I referenced and giving it another shot.
  • blackberrycubedblackberrycubed Junior Member Posts: 24Member ■■■□□□□□□□
    chaunce54 wrote: »
    Just passed this exam on Friday 2/2 on my first attempt. My primary resource was the CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide. I also perused some of the NIST documents referenced in the book.

    This book comes with some practice questions and practice exams that I also utilized. Much like your experience, the questions on the exam were nothing like the questions on the practice tests.

    It was a very challenging exam and I wasn't sure if I had passed it until I read the printout. You may want to consider getting the book I referenced and giving it another shot.

    Congrats, can you share more details about your material (probably in another thread) ?
  • ArmyGuy45ArmyGuy45 Posts: 6Member ■□□□□□□□□□
    What is the retake policy for 1st, 2nd, 3rd and 4th failure? I am on my 2nd failure and have to wait 180 days. But I can’t find anything about a 4th.
  • Mike7Mike7 Posts: 1,060Member ■■■■□□□□□□
    CCSP is probably the more difficult ISC2 exam out of three that I took, the other two being CISSP and CSSLP.
    If you have not, suggest you pass CISSP first as CCSP builds on it. There is a different mindset to cloud security. In typical on prem environments, a CISSP has control over almost everything. In a cloud environment, a lot of on prem security controls are not applicable, new controls are needed, you share resources with others, forensics is difficult and cross border jurisdictions come into play.


    FWIW, my primary study guide was CCSP AIO, with CBK and ENISA guides as reference. But I do have experience deploying to AWS and used to develop and manage web sites for large customers.
  • sfportarosfportaro Posts: 10Member ■■□□□□□□□□
    I am curious, which did you find harder, CISSP or CSSLP? I took, and passed, the CSSLP and thought it was brutal. The only other cert is have is the CIPT.
  • chrisonechrisone Senior Member Posts: 1,783Member ■■■■■■■■□□
    You are close. If you quit, then the IT industry is not for you. These tests are designed to challenge you and make you think. If you believe you were suppose to pass by memorizing questions, you are not understanding the nature of the exam or the everyday challaneges of the IT industry. Check out my history....its filled with more disspointments than yours.

    Failed CCNA 2x "combination exam", then decided to split the exam in two then passed. So it took me 4 attempts to pass CCNA!!!!!
    Failed LFCS 3x and passed on the 4th
    Failed CCIE DC written 1x, I was not even ready and moved to a security role so I did not per sue it any further. I only took it to see where I was at.
    Failed CISSP 3x , passed on the 4th.
    Failed eCPPT Pentester Exam 2x and passed on 3rd attempt
    Taking OSCP Oct 2nd, and I would not be shocked if I failed it. But i have plans on taking it every month until I pass and I don't care if it takes nother 4-6 months of retaking it.

    You need to learn how to use your failures in life in order to get ahead and move forward. Stop seeing everyone's achievements, start seeing their journey.

    Goodluck!
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019, SANS Security West SEC660, SANS Network Security FOR508,
    Certs: GCED, GCIA (in progress), GCIH, GXPN, GCFA
  • 10Linefigure10Linefigure Exploring Life.... USAPosts: 355Member ■■■□□□□□□□
    << Failed both Route and Switch twice. Get up, and go back for more.
    CCNP R&S, Security+
    B.S. Geography - Business Minor
    MicroMasters - CyberSecurity
    Professional Certificate - IT Project Management
  • DZA_DZA_ Untitled. Posts: 277Member ■■■■□□□□□□
    ArmyGuy45 wrote: »
    What is the retake policy for 1st, 2nd, 3rd and 4th failure? I am on my 2nd failure and have to wait 180 days. But I can’t find anything about a 4th.

    Extracted from the official ISC2 Forum:

    [FONT=&quot]For the CCSP and HCISPP:[/FONT]
    • If you don’t pass the exam the first time, you can retest after 90 days.
    • If you don’t pass a second time, you can retest after an additional 90 days.
    • If you don’t pass a third time, you can retest after 180 days from your most recent exam attempt
    I am sure that this applies for the 4th as well. ^
    Mike7 wrote: »
    CCSP is probably the more difficult ISC2 exam out of three that I took, the other two being CISSP and CSSLP.
    If you have not, suggest you pass CISSP first as CCSP builds on it. There is a different mindset to cloud security. In typical on prem environments, a CISSP has control over almost everything. In a cloud environment, a lot of on prem security controls are not applicable, new controls are needed, you share resources with others, forensics is difficult and cross border jurisdictions come into play.

    FWIW, my primary study guide was CCSP AIO, with CBK and ENISA guides as reference. But I do have experience deploying to AWS and used to develop and manage web sites for large customers.

    I am really hoping to schedule my exam near the end of the month judging on how I get through the practice questions. I've pretty much read through all the guides above but its only a matter of understanding/synthesizing the info that I've read for the last while. It is definitely a tough one, just trying to clear this exam before the end of the year. Last score I got was about 685 or so.

    Cheers,
    D
  • Goteki54Goteki54 Member BaltimorePosts: 79Member ■■■□□□□□□□
    Seriously, you better just be blowing off steam and not seriously thinking about quitting it. You first attempt you got a 618, the second time around you improved your score to a 681, so you improved your score by 63 points!! And you only missed passing by 19!! If I was you, that would tell me that I am right on the edge, and I can get it done. You are too busy focusing on that you failed the test again, you're not focusing on the major improvement you made to get you to the razors edge of passing it. Just clear your mind, get pumped that you are close, and finish it off!!!
    CompTIA A+, Network+, Security +., SSCP
Sign In or Register to comment.