Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
ISC2
CISSP
Provisionally Passed CAP 7/13/2018
JamarXD
Wanted to give a shout out to this message board for the good advice for the CAP exam. Not a lot of "training" material for this CERT, but some good advice on this board. Thanks for the good info and help! Onward to the CISSP next. Have a great weekend everyone and best of luck to all in their certification pursuits!
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
plopbangcrash
Congrats! Which materials did you go with and which did you find most useful compared to the test?
connorm
I recently passed it also. I would know the Risk Management Framework process, including how each step (and tasks under each step) relate to the SDLC, official roles and responsibilities, the products created throughout the process, and the steps for Assessing Risk. Also know business continuity, disaster recovery, and related terms.
The official ISC2 book is old, but I would still read it because questions still come from that material.
I would really know the ins and outs of the processes laid out in NIST SP 800-30, 800-37, 800-39.
It is not a big cert outside the government/contractor assessment and authorization jobs.
Sent from the mobile client - Forum Talker
JamarXD
I read through the CAP CBK once. I used the FedVTE training course. Like others have mentioned in other threads the NIST publications have the information. I spent the most time with 800-37. I wish I had spent more time in some of the other pubs.
PCTechLinc
I'm going for the CISSP-ISSEP, and going through the FedVTE CAP course prior. I'm not planning on taking the exam, because I have to pay for everything out of my own pocket, since my position is IAT not IAM. I'm hoping just going through the CAP course gives me the insight I need for that portion of the ISSEP exam.
connorm
That FedVTE course for the CAP is boring. The only reason I had to watch all of it was because it was a requirement for a free DoD voucher.
30 Bird Media has a RMF / CAP exam preparation book. 90% of it is copied from NIST documents, the material is just organized into the CAP domains. Basically you are paying $100 for information already in the public domain.
Rinzler
I also passed CAP recently. As many CAP takers have mentioned the bulk of the exam comes from...
*SP 800-30 (Risk Assessment)
*SP 800-39 (Info Security of Risk Management)
*SP 800-37 (Risk Management Framework)
A few have passed from just focusing the above but I strongly recommend supplementing it with...
-CNSS 1253 (Security Categorization of National Security System)
-FIPS 199 (Security Categorization of Federal System)
-FIPS 200 (Minimum Security Requirements)
-OMB Circular A-130
-SP 800-18 (System Security Plan)
-SP 800-34 (Contingency Plan)
-SP 800-47 (Interconnection)
-SP 800-53 (Security Controls)
-SP 800-53A (Security Controls Assessments)
-SP 800-60 (Mapping Info & Info System to Security Categorization)
-SP 800-64 (SDLC)
-SP 800-88 (Media Sanitization)
-SP 800-137 (Info System Continuous Monitoring)
Good luck...
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
