Passed CCSP last week - Just before the content change!
Won't go into details around what to expect, pretty much aligned with what everyone else on here says. I spent some time on here so figured I should give something back.
Finished the exam in around 1.5 hours and spent 30 minutes reviewing and cleaning up the ones I had marked. I think 4 hours is WAY too long for 125 questions. Prometric exam facilities are a little intimidating so if you haven't sat an exam recently be prepared for a prison-admission like experience!
My advice; Study and understand the material, don't memorise it really won't help. Echoing the advice given in the ISC2 CBK and the Sybex book, make sure you understand the question and think about how each of the potential answers would impact the business in the scenario in the BEST way. This is probably the first exam I have sat (other than CCIE many years ago) that I thought was really designed to ensure that you understood the material. I think if you don't have a genuine interest in the topics or actually trying to learn from your studies, then pick another exam.
I used the following over a 3-4 month period, studied around 2-3 hours a day.
- ISC2 CBK Official Guide
- CCSP Sybex Official Study Guide
- ISC2 Office Practice Tests <-- these are great for understanding what gaps you have in your understanding of essential topics. I sat through all 1000 questions over a week and managed about 85% correct before sitting the exam. Don't get caught up in your score here, just make sure you revise what you got wrong.
- Watched the F5 Systems YouTube channel for technical explanations on OWASP. <-- very good if like me, you don't have an AppDev background.
- Watched a number of technical Youtube presentations on Federations and API's.
- Skimmed over the Microsoft SOC2 report (its free)
- Skimmed over the major NIST Documents mentioned in the study material
CISSP, CCSP, CCIE-Sec, MCSE