CCSP Exam TIps

OmniManOmniMan Member Posts: 78 ■■■□□□□□□□
I am going to take the CCSP exam soon.  Any last minutes tips of certain areas to study based on people who have passed?

Comments

  • Grafixx01Grafixx01 Member Posts: 106 ■■■□□□□□□□
    Dude, I took that test twice and refuse to take it again. I read the “Official Cert Guide”, “CBK”, did the “Official Practice Test Book” AND the chapter quizzes along with the online ones from Wiley and like 75-80% of what was on the actual exam was NOT even in any of those books. 

    I’m not sure if they’re already basing the exam on the 2nd edition book that is supposed to be out at the end of the year, but I am NOT taking it again. Those are like the ONLY IT Cert books I read cover to freaking cover, save for the CWTS (because I don’t know anything on radio/RF/etc), but to read those AND go through a boot camp AND be getting like 80%+ on all the quizzes and practices tests I could find and then see the questions on the exam, nope.

    i have the CISSP, I did the CISSP the OLD way (6hr Test) and are least that’s actually covered the materials!
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,933 Admin
    Yeah, you're supposed to learn and understand the cert material and not memorize a bunch of practice questions in the hopes that you see some of them on your exam. The practice exams in the books are not written by the same people who write the actual exam items. That is not allowed per ISO/IEC 17024 to which the (ISC)2 is certified.
  • Grafixx01Grafixx01 Member Posts: 106 ■■■□□□□□□□
    I didn’t memorize the questions. I took them to see if I knew the material and to re-study what I did poorly on. I only do the questions to get a feel for what the test may be like. I am not one of those who use brain ****, testing or things like that.
  • roxsteadyroxsteady Member Posts: 3 ■■□□□□□□□□
    edited October 2019
    Omniman,

    Deep dive into AppSec more and all the aspects of how devs deploy applications in cloud environments. Specifically the Cloud Application security Domain. That would be my first recommendation. Platform and Infrastructure were the easiest in my opinion. But they will toss in way more questions about REST, SOAP, CDNs, APIs, Cryptography/keys, Risk Management, that they really don't touch on in the study material. Second, really know the legality, laws, and regulations and how they relate/interact with each other and how they don't. Also, I would take almost a whole other course just on BC/DR, SLAs and BIA. I would check on Cybrary.

    In short, I would take these Domains and thoroughly investigate each area outside of the learning materials. 

    Cloud Application Security
    Legal, Risk and Compliance
    Cloud Data Security.

    These will be crucial.

    I know because I failed the test yesterday.

    I studied pretty hard and was still taken aback by the questions asked. I seriously read the official book thoroughly, Have 50 pages of notes, worked on flashcards and tests in Sybex/Wiley, reviewed videos on Pluralsight, Cybrary and Linkedin Learning (Lynda), and yet, there were more questions asked not in any of these study materials. Do more diligent deep diving.

    Will I take it again? Yes. I owe it to myself, I studied hard. Am I happy the test was vague and I have to pay another $600? Heck no.

    Just have to wipe off the dust and try harder.

    Just be prepared to not be prepared. While it is always emphasized by trainers to inspect the wording and choose the BEST answer, some of these questions will be vague and you will just need to know it. That is the harsh reality of this test.

    I took a CEH last year, which covers 18+ domains (20 I think after the lastest release), and that was miles easier than this because the questions asked were legit in the study material. In fact, the official CEH online course provided by EC-Council is the same material covered in all the other training materials out there. The Pluralsight version is identical to official material provided by EC-Council, minus the same instructor. ISC2 works differently. You can argue that it is a better way to ensure you know your "sh**" but it doesn't change the fact the questions will may more outside of the training material. CEH wasn't easier to train for. It was a very rigorous process. But I was surer of my answers when I took the test. SO CCSP, be extra sure.

  • evanyeapevanyeap Member Posts: 2 ■□□□□□□□□□
    I took the test last week and passed, and because CCSP isn't full CBT like CISSP, it seems like the pretest questions are clearly marked with subtle grammatical or spelling errors across the board. Having taken the CISSP 4 months ago really helped as well.
    Current - CISSP | CCSP | CISM | CISA | SABSA SCF | ITIL-F
    2020 aims - CRISC | ISSAP | OSCP | AWS Architect Associate
Sign In or Register to comment.