Provisionally Passed CAP 7/13/2018
Wanted to give a shout out to this message board for the good advice for the CAP exam. Not a lot of "training" material for this CERT, but some good advice on this board. Thanks for the good info and help! Onward to the CISSP next. Have a great weekend everyone and best of luck to all in their certification pursuits!
Comments
-
plopbangcrash
Member Posts: 74 ■■■□□□□□□□
Congrats! Which materials did you go with and which did you find most useful compared to the test? -
connorm
Member Posts: 11 ■□□□□□□□□□
I recently passed it also. I would know the Risk Management Framework process, including how each step (and tasks under each step) relate to the SDLC, official roles and responsibilities, the products created throughout the process, and the steps for Assessing Risk. Also know business continuity, disaster recovery, and related terms.
The official ISC2 book is old, but I would still read it because questions still come from that material.
I would really know the ins and outs of the processes laid out in NIST SP 800-30, 800-37, 800-39.
It is not a big cert outside the government/contractor assessment and authorization jobs.
Sent from the mobile client - Forum TalkerDegree: B.S. Computer Information Systems
Currently Working On: CCNA
2018 Certs: CAP, C|EH
Future Certs: PenTest+,CySA+, CCNA Security -
JamarXD
Registered Users Posts: 2 ■□□□□□□□□□
I read through the CAP CBK once. I used the FedVTE training course. Like others have mentioned in other threads the NIST publications have the information. I spent the most time with 800-37. I wish I had spent more time in some of the other pubs.
-
PCTechLinc
Member Posts: 646 ■■■■■■□□□□
I'm going for the CISSP-ISSEP, and going through the FedVTE CAP course prior. I'm not planning on taking the exam, because I have to pay for everything out of my own pocket, since my position is IAT not IAM. I'm hoping just going through the CAP course gives me the insight I need for that portion of the ISSEP exam.Master of Business Administration in Information Technology Management - Western Governors University
Master of Science in Information Security and Assurance - Western Governors University
Bachelor of Science in Network Administration - Western Governors University
Associate of Applied Science x4 - Heald College -
connorm
Member Posts: 11 ■□□□□□□□□□
That FedVTE course for the CAP is boring. The only reason I had to watch all of it was because it was a requirement for a free DoD voucher.
30 Bird Media has a RMF / CAP exam preparation book. 90% of it is copied from NIST documents, the material is just organized into the CAP domains. Basically you are paying $100 for information already in the public domain.Degree: B.S. Computer Information Systems
Currently Working On: CCNA
2018 Certs: CAP, C|EH
Future Certs: PenTest+,CySA+, CCNA Security -
Rinzler
Member Posts: 34 ■■■□□□□□□□
I also passed CAP recently. As many CAP takers have mentioned the bulk of the exam comes from...
*SP 800-30 (Risk Assessment)
*SP 800-39 (Info Security of Risk Management)
*SP 800-37 (Risk Management Framework)
A few have passed from just focusing the above but I strongly recommend supplementing it with...
-CNSS 1253 (Security Categorization of National Security System)
-FIPS 199 (Security Categorization of Federal System)
-FIPS 200 (Minimum Security Requirements)
-OMB Circular A-130
-SP 800-18 (System Security Plan)
-SP 800-34 (Contingency Plan)
-SP 800-47 (Interconnection)
-SP 800-53 (Security Controls)
-SP 800-53A (Security Controls Assessments)
-SP 800-60 (Mapping Info & Info System to Security Categorization)
-SP 800-64 (SDLC)
-SP 800-88 (Media Sanitization)
-SP 800-137 (Info System Continuous Monitoring)
Good luck...
