Provisionally Passed CAP 7/13/2018

JamarXDJamarXD Registered Users Posts: 2 ■□□□□□□□□□
Wanted to give a shout out to this message board for the good advice for the CAP exam. Not a lot of "training" material for this CERT, but some good advice on this board. Thanks for the good info and help! Onward to the CISSP next. Have a great weekend everyone and best of luck to all in their certification pursuits!


  • plopbangcrashplopbangcrash Member Posts: 74 ■■■□□□□□□□
    Congrats! Which materials did you go with and which did you find most useful compared to the test?
  • connormconnorm Member Posts: 11 ■□□□□□□□□□
    I recently passed it also. I would know the Risk Management Framework process, including how each step (and tasks under each step) relate to the SDLC, official roles and responsibilities, the products created throughout the process, and the steps for Assessing Risk. Also know business continuity, disaster recovery, and related terms.

    The official ISC2 book is old, but I would still read it because questions still come from that material.

    I would really know the ins and outs of the processes laid out in NIST SP 800-30, 800-37, 800-39.

    It is not a big cert outside the government/contractor assessment and authorization jobs.

    Sent from the mobile client - Forum Talker
    Degree: B.S. Computer Information Systems
    Currently Working On: CCNA
    2018 Certs: CAP, C|EH
    Future Certs: PenTest+,
    , CCNA Security
  • JamarXDJamarXD Registered Users Posts: 2 ■□□□□□□□□□
    I read through the CAP CBK once. I used the FedVTE training course. Like others have mentioned in other threads the NIST publications have the information. I spent the most time with 800-37. I wish I had spent more time in some of the other pubs.
  • PCTechLincPCTechLinc Member Posts: 646 ■■■■■■□□□□
    I'm going for the CISSP-ISSEP, and going through the FedVTE CAP course prior. I'm not planning on taking the exam, because I have to pay for everything out of my own pocket, since my position is IAT not IAM. I'm hoping just going through the CAP course gives me the insight I need for that portion of the ISSEP exam.
    Master of Business Administration in Information Technology Management - Western Governors University
    Master of Science in Information Security and Assurance - Western Governors University
    Bachelor of Science in Network Administration - Western Governors University
    Associate of Applied Science x4 - Heald College
  • connormconnorm Member Posts: 11 ■□□□□□□□□□
    That FedVTE course for the CAP is boring. The only reason I had to watch all of it was because it was a requirement for a free DoD voucher.

    30 Bird Media has a RMF / CAP exam preparation book. 90% of it is copied from NIST documents, the material is just organized into the CAP domains. Basically you are paying $100 for information already in the public domain.
    Degree: B.S. Computer Information Systems
    Currently Working On: CCNA
    2018 Certs: CAP, C|EH
    Future Certs: PenTest+,
    , CCNA Security
  • RinzlerRinzler Member Posts: 34 ■■■□□□□□□□
    I also passed CAP recently. As many CAP takers have mentioned the bulk of the exam comes from...

    *SP 800-30 (Risk Assessment)
    *SP 800-39 (Info Security of Risk Management)
    *SP 800-37 (Risk Management Framework)

    A few have passed from just focusing the above but I strongly recommend supplementing it with...

    -CNSS 1253 (Security Categorization of National Security System)
    -FIPS 199 (Security Categorization of Federal System)
    -FIPS 200 (Minimum Security Requirements)
    -OMB Circular A-130
    -SP 800-18 (System Security Plan)
    -SP 800-34 (Contingency Plan)
    -SP 800-47 (Interconnection)
    -SP 800-53 (Security Controls)
    -SP 800-53A (Security Controls Assessments)
    -SP 800-60 (Mapping Info & Info System to Security Categorization)
    -SP 800-64 (SDLC)
    -SP 800-88 (Media Sanitization)
    -SP 800-137 (Info System Continuous Monitoring)

    Good luck...icon_thumright.gif
Sign In or Register to comment.