CCSP - Failed TWICE. I'm done.

bitterzbitterz Registered Users Posts: 2 ■■□□□□□□□□
Hey peeps.

Failed the CCSP yesterday on my second attempt with a 681 (700 required to pass).

My first attempt scored a ~618.

I took the exam the first time after completing my Master's Degree in Information Assurance with a focus on cloud security and using the ISC2 Official CCSP Study Guide by Ben Malisow. The official study guide is worse than useless. If I had completely memorized every single page of the study guide, I would only know about 20% of the material presented on the test.

After the first failure, I began a hardcore study program that included the following: Altogether, I drilled on the practice questions in these resources (about 700 questions in all) and scored 90%.

Maybe 5% of the test questions I used appeared on the actual exam in some form. So, the practice questions will create a very false sense of confidence.

THE EXAM:
As others have noted, it is a poor quality test. Many questions are constructed with poor grammar (obviously from someone for whom english is not a first language). There are probably 10 questions or so written specifically to confuse or deceive you with the wording. There were MANY questions on REST and SOAP APIs that were more detailed than ANY of the information about REST and SOAP in the study materials. You will either need to be an application developer and intimately know how to use these APIs or use a separate programming resource to study how they work and why. There are matchy-match questions about what security standards/laws go with what country (easy if you memorize - but be sure to memorize ALL of them). There were two sets of questions (about 4-5 each) based on a detailed real-world scenario and how to accomplish a specific goal in the MOST secure manor. I have no idea how I did on these because either every option seemed right or none of them did. The study material spend a LOT of time on which storage types go with which platform, but the questions on the test on these topics are all asked in ways the material doesn't prepare you for (i.e. don't expect to be able to match volume and object storage with IAAS). If you are security professional active in the field, I would say you are at the greatest disadvantage for this exam - because you may know a right way to do something but the test question is looking for the answer based on the CCSP CBK, not the "real world."

I have $1500 in test and materials now and I will NOT be attempting it a third time. There would be no satisfaction for me to pass the test on a third attempt, and if I failed it a third time I would probably drive into oncoming traffic.

I have a number of colleagues who have passed the exam after taking the ISC week-long bootcamp class with the exam at the end. I assume the ISC instructor basically gives you the info for the test questions they know will be on the test since it's their exam. If your goal is to get the cert to check a box or get the credential, I would recommend doing the bootcamp. These forums are full of stories of very competent security pros who didn't pass this exam the first time around, so you're likely looking at $1200 to take it twice anyway. Might as well go all the way on the bootcamp cost and feed the ISC money machine.

Comments

  • cbolarcbolar Member Posts: 34 ■■□□□□□□□□
    You're literally on the cusp, don't give up. We've all struggled with an exam before. It's about what you take out of it as a lesson rather than accepting it as a failure.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,877 Mod
    Maybe 5% of the test questions I used appeared on the actual exam in some form. So, the practice questions will create a very false sense of confidence.
    Wait, what? Were you expecting actual verbatim practice questions to show up on the test?
    There were MANY questions on REST and SOAP APIs that were more detailed than ANY of the information about REST and SOAP in the study materials
    This is why you supplement with external material.
    If I had completely memorized every single page of the study guide, I would only know about 20% of the material presented on the test.
    Again, that's why you supplement with the other docs. Plus it's a CBK, youy focus on applying concepts, not a memorization thing.
    If you are security professional active in the field, I would say you are at the greatest disadvantage for this exam - because you may know a right way to do something but the test question is looking for the answer based on the CCSP CBK, not the "real world."
    Not a secret. This works the exact same way with Microsoft and a multitude of other vendors. Three ways to do things: the right way, the wrong way, and the way the exam provider says.

    In regards to the bootcamp I'll be curious which one they took, because the official ISC2 6 of my coworkers took was a rehash of the training guide provided in the class and the instructor provided zero inside knowledge that would be of benefit for passing.
  • NutsyNutsy Member Posts: 136
    Sounds like a typical testing experience.
  • mbarrettmbarrett Member Posts: 397 ■■■□□□□□□□
    This is the only thing that comes to mind. Don't cry to quit, cry to keep going and get the reward.
    https://www.youtube.com/watch?v=5fsm-QbN9r8
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    All of that is more or less fine, except poor English as it may (and in my case I think it did) affect the outcome if a question is not understood properly. This is especially annoying, given that it doesn't seem to be a hard to fix type of issue and yet it's still there despite many reports and complaints over the course of a few years.

    Almost as if (ISC)2 envies EC-Council's poor products and processes and decided to go down to the same level of quality or should I say inferiority with their most recent and hyped offering.

    It also throws me off from putting enough efforts into preparations. If I don't respect the exam I tend not to perform well and vice versa, even for particularly hard exams I prepare very thoroughly and pass them with high scores if I respect them a lot. Not the case with CCSP because of that.

    And why would I respect it, if (ISC)2 doesn't seem to respect it enough to proof read and offers us a half-baked product?
  • bitterzbitterz Registered Users Posts: 2 ■■□□□□□□□□
    cyberguypr wrote: »
    Wait, what? Were you expecting actual verbatim practice questions to show up on the test?

    Nah - certainly not verbatim. In the case of the CISSP, the sample questions on practice exams much more closely resemble the form and complexity of the actual test questions. I found the sample questions in the study books and on the websites to be nothing like the actual test.
    cyberguypr wrote: »
    This is why you supplement with external material.

    Do you have suggestions for prepping for the SOAP and REST content? Or did you already have this knowledge from experience as a developer?
    cyberguypr wrote: »
    Again, that's why you supplement with the other docs.

    I'm cool with that - I just need to know WHAT material to study.
  • Cisco InfernoCisco Inferno Member Posts: 1,034 ■■■■■■□□□□
    you got it! dont quit now. you got that masters because youre badass. are you telling us youre not badass enough?

    and yes the test is ****.
    2019 Goals
    CompTIA Linux+
    [ ] Bachelor's Degree
  • lamont29lamont29 Member Posts: 27 ■■□□□□□□□□
    Yes, just go with the flow man. So, you feel that you got screwed? Enjoy the screw and come out on top the next time. Never be discouraged.
  • destroy8383destroy8383 Member Posts: 11 ■□□□□□□□□□
    I know how you feel, I was angered by this exam and feel the same way about it as you. Poor English, A lot of application developer type questions that I did not feel comfortable in. Remember there is 25 throw away questions which I assume some of the app dev questions you saw are in that. I failed it 3 times and got it on the 4th time, I read a lot more people's passing post and tips and made my on list of things that I need to remember. I passed it the 4th time, I had to come to peach with the test and not hate it or think poorly of ISC2 so I would want to try harder. I got in the mindset don't do anything that fixes something only go with the management big picture route ... something is on fire, a server is infect what do you do? they will have a sexy tech answer but no you follow the policies set in place never skip processes that's what you are not about as a CISSP. Also it helped if I didn't think about what I did or saw in my years exp I thought I was in the CISSP perfect matrix world and that's how I would answer. I say read Sybex, watch Cybrary vids, do practice questions on the Sybex website and read 11th hour two days before the test.
  • American At HeartAmerican At Heart Registered Users Posts: 1 ■□□□□□□□□□
    I too failed twice. Most of the topics were brand new to me so I really learnt a lot. I heard it is a Gold Certificate. So I don't plan on giving up. I never failed any exams before, it is very disappointing the way CISSP exam is formatted. But I don't blame myself for not passing I will keep trying until I pass. I am studying CBK, watching lots of videos on YouTube. All of them are good. I wish Powercert made animated videos for CISSP, they made some superb videos. Shon Harris audios are excellent source. I guess if I do CBK word to word I should easily pass (my mistake was I only watched videos but never read a full book). I took exam in old and new CAT formats. I felt I would have had better chance of passing in the old 250 question format. Following is grading I was given but no score.

    Security Operations-Below Proficiency
    Communications & Network Security-Below Proficiency
    Asset Security-Near ProficiencySecurity Engineering-Near Proficiency
    Identity and Access Management-Near Proficiency
    Security Assessment and Testing-Near Proficiency
    Security and Risk Management- Above Proficiency
    Software Development Security-Above Proficiency.
  • Dan-in-MDDan-in-MD Member Posts: 52 ■■■□□□□□□□
    Sometimes the reason folks fail is that they need to improve their test-taking skills. There is a process to analyzing questions, eliminating answers, and so forth. Additionally, you need to get your mind into the zone of thinking from the correct perspective. Very often, thinking like a techie will result in failure. I took the CCSP a few weeks ago, and I thought it was a balanced and well-designed test. I didn't think any of the questions were out of bounds.
  • chaunce54chaunce54 Registered Users Posts: 3 ■□□□□□□□□□
    Just passed this exam on Friday 2/2 on my first attempt. My primary resource was the CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide. I also perused some of the NIST documents referenced in the book.

    This book comes with some practice questions and practice exams that I also utilized. Much like your experience, the questions on the exam were nothing like the questions on the practice tests.

    It was a very challenging exam and I wasn't sure if I had passed it until I read the printout. You may want to consider getting the book I referenced and giving it another shot.
  • blackberrycubedblackberrycubed CISSP, CCSP, Comptia S+/C+/N+ Member Posts: 24 ■■■□□□□□□□
    chaunce54 wrote: »
    Just passed this exam on Friday 2/2 on my first attempt. My primary resource was the CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide. I also perused some of the NIST documents referenced in the book.

    This book comes with some practice questions and practice exams that I also utilized. Much like your experience, the questions on the exam were nothing like the questions on the practice tests.

    It was a very challenging exam and I wasn't sure if I had passed it until I read the printout. You may want to consider getting the book I referenced and giving it another shot.

    Congrats, can you share more details about your material (probably in another thread) ?
  • ArmyGuy45ArmyGuy45 Member Posts: 6 ■□□□□□□□□□
    What is the retake policy for 1st, 2nd, 3rd and 4th failure? I am on my 2nd failure and have to wait 180 days. But I can’t find anything about a 4th.
  • Mike7Mike7 Member Posts: 1,072 ■■■■□□□□□□
    CCSP is probably the more difficult ISC2 exam out of three that I took, the other two being CISSP and CSSLP.
    If you have not, suggest you pass CISSP first as CCSP builds on it. There is a different mindset to cloud security. In typical on prem environments, a CISSP has control over almost everything. In a cloud environment, a lot of on prem security controls are not applicable, new controls are needed, you share resources with others, forensics is difficult and cross border jurisdictions come into play.


    FWIW, my primary study guide was CCSP AIO, with CBK and ENISA guides as reference. But I do have experience deploying to AWS and used to develop and manage web sites for large customers.
  • sfportarosfportaro Member Posts: 27 ■■■□□□□□□□
    I am curious, which did you find harder, CISSP or CSSLP? I took, and passed, the CSSLP and thought it was brutal. The only other cert is have is the CIPT.
  • chrisonechrisone Senior Member Member Posts: 1,936 ■■■■■■■■□□
    You are close. If you quit, then the IT industry is not for you. These tests are designed to challenge you and make you think. If you believe you were suppose to pass by memorizing questions, you are not understanding the nature of the exam or the everyday challaneges of the IT industry. Check out my history....its filled with more disspointments than yours.

    Failed CCNA 2x "combination exam", then decided to split the exam in two then passed. So it took me 4 attempts to pass CCNA!!!!!
    Failed LFCS 3x and passed on the 4th
    Failed CCIE DC written 1x, I was not even ready and moved to a security role so I did not per sue it any further. I only took it to see where I was at.
    Failed CISSP 3x , passed on the 4th.
    Failed eCPPT Pentester Exam 2x and passed on 3rd attempt
    Taking OSCP Oct 2nd, and I would not be shocked if I failed it. But i have plans on taking it every month until I pass and I don't care if it takes nother 4-6 months of retaking it.

    You need to learn how to use your failures in life in order to get ahead and move forward. Stop seeing everyone's achievements, start seeing their journey.

    Goodluck!
    2020 Goals:
    Courses: VHL (3 month pass)
    Certs: OSCP (in-progress), AZ-500 (in-progress), MS-500, Pentester Academy - CRTE
  • 10Linefigure10Linefigure CCNP R&S, Security+ USAMember Posts: 368 ■■■□□□□□□□
    << Failed both Route and Switch twice. Get up, and go back for more.
    CCNP R&S, Security+
    B.S. Geography - Business Minor
    MicroMasters - CyberSecurity
    Professional Certificate - IT Project Management
  • DZA_DZA_ Untitled. Member Posts: 414 ■■■■■□□□□□
    ArmyGuy45 wrote: »
    What is the retake policy for 1st, 2nd, 3rd and 4th failure? I am on my 2nd failure and have to wait 180 days. But I can’t find anything about a 4th.

    Extracted from the official ISC2 Forum:

    [FONT=&quot]For the CCSP and HCISPP:[/FONT]
    • If you don’t pass the exam the first time, you can retest after 90 days.
    • If you don’t pass a second time, you can retest after an additional 90 days.
    • If you don’t pass a third time, you can retest after 180 days from your most recent exam attempt
    I am sure that this applies for the 4th as well. ^
    Mike7 wrote: »
    CCSP is probably the more difficult ISC2 exam out of three that I took, the other two being CISSP and CSSLP.
    If you have not, suggest you pass CISSP first as CCSP builds on it. There is a different mindset to cloud security. In typical on prem environments, a CISSP has control over almost everything. In a cloud environment, a lot of on prem security controls are not applicable, new controls are needed, you share resources with others, forensics is difficult and cross border jurisdictions come into play.

    FWIW, my primary study guide was CCSP AIO, with CBK and ENISA guides as reference. But I do have experience deploying to AWS and used to develop and manage web sites for large customers.

    I am really hoping to schedule my exam near the end of the month judging on how I get through the practice questions. I've pretty much read through all the guides above but its only a matter of understanding/synthesizing the info that I've read for the last while. It is definitely a tough one, just trying to clear this exam before the end of the year. Last score I got was about 685 or so.

    Cheers,
    D
  • Goteki54Goteki54 SSCP, A+, Network +, Security + BaltimoreMember Posts: 79 ■■■□□□□□□□
    Seriously, you better just be blowing off steam and not seriously thinking about quitting it. You first attempt you got a 618, the second time around you improved your score to a 681, so you improved your score by 63 points!! And you only missed passing by 19!! If I was you, that would tell me that I am right on the edge, and I can get it done. You are too busy focusing on that you failed the test again, you're not focusing on the major improvement you made to get you to the razors edge of passing it. Just clear your mind, get pumped that you are close, and finish it off!!!
    CompTIA A+, Network+, Security +., SSCP
  • bjpeterbjpeter Member Posts: 195 ■■■□□□□□□□
    OP, you were very close. I hope you retake the exam and conquer that beast!
    2020 Goals: SSCP, CISSP-ISSEP, MySQL 5.6 Developer, PenTest+, CySA+
    2019 Goals: eCPPT
    Achieved: CCSP, OCP Java SE 11 Developer, CISSP, Linux+/LPIC-1, CCSKv4, OCE Java EE 6 JPA Developer, CSSLP, Server+, Cloud+, Arcitura Certified Cloud Professional, CASP, Mobility+, Storage+, Android Certified Application Developer, OCP Java SE 8 Programmer, Security+, OCM Java SE 6 Developer, B.S. and M.S. in Computer Science
  • roxsteadyroxsteady Member Posts: 3 ■■□□□□□□□□
    I am curious if you tried again. I am on a similar boat. I just failed yesterday. Platform and Infra being my highest, and AppSec being lowest. It makes sense, I started in IT as an admin and a data center engineer. But I wasn't ever big on development. I can script and code but never dove too deep into the dev application side. I jumped quickly from Linux Admin to Infra, to Engineering, InfoSec, but not so much on the app side. However, I've been in I.T. for 10+ years, an knew that testing requires you learn more than just one aspect. My employers actually sent us to Toronto, where our headquarters is, to take a boot camp from The InfoSec Institute. It was a bit lackluster, the trainer did not appear to be in control of the class. Too many opinions were being allowed, which created a bunch of segwaying. Long story short, even after flying us out, paying for room and board for a week, they didn't pay extra to have us test at the end of the boot camp. It made no sense. We all went back to our jobs and asked to take the test within a year. Work got heavy and no one took the test. However, I decided I was going to attempt it. Almost a whole year passed so I had to start fresh. I studied the course material nonstop, every night, even took a week of vacation prior to the test to prep even more. I read the entire book several times, created close to 40 pages of notes, took the Sybex testing tools, was passing every time well above 90% before I went to test. Even on the way there, I was listening to ISO and Nist descriptions on Youtube via a compilation I had put together. I felt prepared.

    After all the fumbling around during the sign-in process, I finally sat down and got to my first question. The very first question was a question not in the study material. I thought, maybe this is the first of the 25 non-testable questions, but the 2nd came, 3rd, 4th, and more and more, I realized, this test was going to have other aspects, like actual dev experience. However, there is a gap there. I can be an InfoSec Officer, and not necessarily know all the aspects of developing an app for a cloud environment. This test almost expects you to know more about apps than InfoSec, Cloud Infrastructures, and regulations. There were waaaay more questions about dev that they explain to you in the training material. I didn't even get asked about STRIDE, ISO 20017, 18, CSA, NIST and other cloud-specific areas one would expect in a cloud cert test. Maybe one here and there. About 50% of my questions were app related. Not sure how it works, if I just got a shuffle of the test with more app/dev related questions, but it felt very off. I felt like I had studied for the wrong test.

    Now, I am not saying they cheated me on this. But I studied official materials pretty thoroughly. The questions were poorly written. When you study and use support guides like Sybex and Cybrary, they emphasize on how the questions mean something specific, or not at all depending on the wording. But some of the wording was so vague it felt like more than one were answers, and even choosing the BEST answer became rather difficult, especially in areas not in the study material.

    I utilized all my time, down the very last seconds to cross-check answers, and in the end, I did not pass.

    Now again, I don't necessarily feel cheated, I did learn a lot, but I feel a bit misdirected by the study material vs what the test actually is.

    One side of me is telling me " I need to study harder and dive into other aspects" but another is bugging me about the misdirect. I almost feel like they wanted me to fail on my first time so I can have a "moment of clarity" about what else I need to know, and so I can cough up $600 for a retake. I can't help but feel that way. 

    Am I going to give up? Hell naw. I owe this to myself. While the CCSK is a lot easier and cheaper to get, ISC2 CCSP is always mentioned as the top cloud cert. Plus we're moving more and more into a cloud space in InfoSec. So I am not quitting; I got this far. But the way the test was structured was a pretty disheartening. 

  • lucky0977lucky0977 Senior Member Member Posts: 218 ■■■■□□□□□□
    edited October 2019
    Sorry to hear about your exam results. I always complain that ISC2 exams are more reading comprehension than actual course study. I've taken two different exams from them thus far and screamed internally on almost every question, having to re-read them at least 5 times. Many questions were frustrating as I was trying to recall if I've ever seen the question topics in any of the study material. Your scores are progressively improving so it's not an issue of regression. You might as well continue since you've invested so much time and effort into this.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • Grafixx01Grafixx01 Member Posts: 87 ■■■□□□□□□□
    roxsteady said:
    I am curious if you tried again. I am on a similar boat. I just failed yesterday. Platform and Infra being my highest, and AppSec being lowest. It makes sense, I started in IT as an admin and a data center engineer. But I wasn't ever big on development. I can script and code but never dove too deep into the dev application side. I jumped quickly from Linux Admin to Infra, to Engineering, InfoSec, but not so much on the app side. However, I've been in I.T. for 10+ years, an knew that testing requires you learn more than just one aspect. My employers actually sent us to Toronto, where our headquarters is, to take a boot camp from The InfoSec Institute. It was a bit lackluster, the trainer did not appear to be in control of the class. Too many opinions were being allowed, which created a bunch of segwaying. Long story short, even after flying us out, paying for room and board for a week, they didn't pay extra to have us test at the end of the boot camp. It made no sense. We all went back to our jobs and asked to take the test within a year. Work got heavy and no one took the test. However, I decided I was going to attempt it. Almost a whole year passed so I had to start fresh. I studied the course material nonstop, every night, even took a week of vacation prior to the test to prep even more. I read the entire book several times, created close to 40 pages of notes, took the Sybex testing tools, was passing every time well above 90% before I went to test. Even on the way there, I was listening to ISO and Nist descriptions on Youtube via a compilation I had put together. I felt prepared.

    After all the fumbling around during the sign-in process, I finally sat down and got to my first question. The very first question was a question not in the study material. I thought, maybe this is the first of the 25 non-testable questions, but the 2nd came, 3rd, 4th, and more and more, I realized, this test was going to have other aspects, like actual dev experience. However, there is a gap there. I can be an InfoSec Officer, and not necessarily know all the aspects of developing an app for a cloud environment. This test almost expects you to know more about apps than InfoSec, Cloud Infrastructures, and regulations. There were waaaay more questions about dev that they explain to you in the training material. I didn't even get asked about STRIDE, ISO 20017, 18, CSA, NIST and other cloud-specific areas one would expect in a cloud cert test. Maybe one here and there. About 50% of my questions were app related. Not sure how it works, if I just got a shuffle of the test with more app/dev related questions, but it felt very off. I felt like I had studied for the wrong test.

    Now, I am not saying they cheated me on this. But I studied official materials pretty thoroughly. The questions were poorly written. When you study and use support guides like Sybex and Cybrary, they emphasize on how the questions mean something specific, or not at all depending on the wording. But some of the wording was so vague it felt like more than one were answers, and even choosing the BEST answer became rather difficult, especially in areas not in the study material.

    I utilized all my time, down the very last seconds to cross-check answers, and in the end, I did not pass.

    Now again, I don't necessarily feel cheated, I did learn a lot, but I feel a bit misdirected by the study material vs what the test actually is.

    One side of me is telling me " I need to study harder and dive into other aspects" but another is bugging me about the misdirect. I almost feel like they wanted me to fail on my first time so I can have a "moment of clarity" about what else I need to know, and so I can cough up $600 for a retake. I can't help but feel that way. 

    Am I going to give up? Hell naw. I owe this to myself. While the CCSK is a lot easier and cheaper to get, ISC2 CCSP is always mentioned as the top cloud cert. Plus we're moving more and more into a cloud space in InfoSec. So I am not quitting; I got this far. But the way the test was structured was a pretty disheartening. 

    I took it 2x, like you, I read the CBK and the 'Official Study Guide' and the vast majority of topics on the exam were not covered or mentioned in the books, or at least I do not recall them. Its funny because even my wife was like, "Wow! That's like the 2nd and 3rd IT books you actually read cover-to-cover, I was expecting you to pass." Now, am I going to take it again, probably but when I feel like I can blow $600 of my own personal money since work paid for the others, even though they aren't required. I'm actually thinking of the CCSK first, then the CCSP. CCSK is more technical than theory based, like almost everything with ISC2 is.
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS SAA, CCSK Member Posts: 462 ■■■■■■■□□□
    I have not taken the CCSP, but I can't imagine it being easier than the CCSK. As an IT professional of many years, just with little hands-on cloud experience, I found the CCSK to be comfortably passable with a read through of the main reference doc.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS SA-A, CCSK
    2020 goals: AWS Security Specialty, AWAE or SLAE, CISSP-ISSAP?
  • UsualSuspect7UsualSuspect7 Member Member Posts: 80 ■■■□□□□□□□
    mbarrett said:
    This is the only thing that comes to mind. Don't cry to quit, cry to keep going and get the reward.
    https://www.youtube.com/watch?v=5fsm-QbN9r8
    GOAT! I watch this before running and studying!!!
    CISSP, CCENT, CCNA R/S, CCNA Cyber OPs, Security+, CySA+, CSAP+


  • DFTK13DFTK13 Member Posts: 143 ■■■■□□□□□□
    @bitterz

    You were just 19 points away on the 2nd attempt. I know you can do it!!!
    Certs: CCENT, Network+, A+, LPI Linux Essentials
    Goals: CCNA, RHCSA, VCP6-DCV

    Degree: A.S. Network Administration
    Pursuing: B.S. in I.T. Web and Mobile Development Concentration
  • shochanshochan Member Posts: 904 ■■■■■■□□□□
    bitterz said:
    Hey peeps.

    Failed the CCSP yesterday on my second attempt with a 681 (700 required to pass).

    My first attempt scored a ~618.

    I took the exam the first time after completing my Master's Degree in Information Assurance with a focus on cloud security and using the ISC2 Official CCSP Study Guide by Ben Malisow. The official study guide is worse than useless. If I had completely memorized every single page of the study guide, I would only know about 20% of the material presented on the test.

    After the first failure, I began a hardcore study program that included the following: Altogether, I drilled on the practice questions in these resources (about 700 questions in all) and scored 90%.

    Maybe 5% of the test questions I used appeared on the actual exam in some form. So, the practice questions will create a very false sense of confidence.

    THE EXAM:
    As others have noted, it is a poor quality test. Many questions are constructed with poor grammar (obviously from someone for whom english is not a first language). There are probably 10 questions or so written specifically to confuse or deceive you with the wording. There were MANY questions on REST and SOAP APIs that were more detailed than ANY of the information about REST and SOAP in the study materials. You will either need to be an application developer and intimately know how to use these APIs or use a separate programming resource to study how they work and why. There are matchy-match questions about what security standards/laws go with what country (easy if you memorize - but be sure to memorize ALL of them). There were two sets of questions (about 4-5 each) based on a detailed real-world scenario and how to accomplish a specific goal in the MOST secure manor. I have no idea how I did on these because either every option seemed right or none of them did. The study material spend a LOT of time on which storage types go with which platform, but the questions on the test on these topics are all asked in ways the material doesn't prepare you for (i.e. don't expect to be able to match volume and object storage with IAAS). If you are security professional active in the field, I would say you are at the greatest disadvantage for this exam - because you may know a right way to do something but the test question is looking for the answer based on the CCSP CBK, not the "real world."

    I have $1500 in test and materials now and I will NOT be attempting it a third time. There would be no satisfaction for me to pass the test on a third attempt, and if I failed it a third time I would probably drive into oncoming traffic.

    I have a number of colleagues who have passed the exam after taking the ISC week-long bootcamp class with the exam at the end. I assume the ISC instructor basically gives you the info for the test questions they know will be on the test since it's their exam. If your goal is to get the cert to check a box or get the credential, I would recommend doing the bootcamp. These forums are full of stories of very competent security pros who didn't pass this exam the first time around, so you're likely looking at $1200 to take it twice anyway. Might as well go all the way on the bootcamp cost and feed the ISC money machine.
    yep, I follow same routine...if I cannot pass after 2 attempts, it just is not meant to be.  Sure, I could invest more money in the cert but the ROI might not be there.  I just move on to something else. 



    "It's not good when it's done, it's done when it's good" ~ Danny Carey
Sign In or Register to comment.