Going for SSCP soon..

Well I always like to talk (or in this case type) about my certification experience and "road to success"
or "the agony of defeat" [insert Wide World of Sports ski jumper here].

I do this for a few reasons. One is to share with others the pain and frustration associated with studying.
Two, to give back seeing I've spend some time reading other peoples posts on the subject matter, and
three gives me a break from studying.

Seeing the exam will be computer based soon (June 1st 2012) I figured I could afford cramming a bit more and
get to the exam quicker. If it wasn't for the fact it's going computer based, December of this year was the nearest
and only viable exam date for me. 7 months of studying for 7 domains does have a nice ring to it..
but a bit much for this exam I think.

So here's my plan and what I've done (and doing):
Darril Gibson's AIO
-So far good and easy read. No complaints
CBT SSCP nuggest
-Out of date, bad jokes but it has it's moments
And some of Shon Harris' CSSIP stuff scattered into the mix.

Planing on getting a few studISCope Self Assessment. Seeing they've been highly recommended from what I've read
here so far. The questions in the AIO book are nice to review what one has read, but from experience are nothing
like the real exam.
I have no clue when I'll be taking the exam, but hopefully before December.

So I have a question for those out there about the wording. Not sure if it's been asked here, didn't see if it is .. sorry.
I know the CISSP exam questions have been referred to by some of my friends as "dribble" and don't make much sense at all.
Kinda like a Chinese guy translating from Spanish to French, just so a Korean can write it up into English...
Are the SSCP exam questions similar to the CISSP? In writing style etc?

Thanks.. I'll try and update this thread on an on/off basis.

(hmm first post I think)

Find more posts tagged with

Comments

chrishz

loneferret wrote: »

So I have a question for those out there about the wording. Not sure if it's been asked here, didn't see if it is .. sorry.
I know the CISSP exam questions have been referred to by some of my friends as "dribble" and don't make much sense at all.
Kinda like a Chinese guy translating from Spanish to French, just so a Korean can write it up into English...
Are the SSCP exam questions similar to the CISSP? In writing style etc?

The questions make sense (IMO), but make sure you read them well.

In my experience the style of questions asked in the SSCP exam is quite like the ones in the CISSP exam. Perhaps some CISSP questions are a little more elaborate, but as far as I'm concerned they're in the same ballpark. Good luck!

loneferret

Thanks for the reply.
So far the "read carefully" part seems to be the consensus...Still hoping for more feedback

A little update on my progress (study break right now)
Darrel Gibson's book really is an easy read. There are a few things that annoy me.
His excessive use of "For example...". Almost every second or third sentence starts off like that.
But I manage to skip those 2 words, no biggie.
Another comical part was when referring to crosss-site scripting as "CSS". And mentioning that it's occasional called "XSS".
Well this is obviously nothing major (hell not even minor), I just don't think of cross-site scripting when I see the acronym "CSS".

So far the studies are on track. If this keeps up, I may actually go for it this June.
Almost done my first read of the book, going for a more active-reading style for the second run.
And eventually those practice exams.

Thanks again,

Falcon56

Hi loneferret. I am preparing for the exam as well. I had originally hoped to take it in January and was put on a project at work that had me working many 12-hour days. I am hoping to take the CBT sometime in July.

Currently, I am using the following study materials:

Darril's AIO SSCP Exam Guide
TestOut's SSCP LabSim
SkillSoft SSCP 2012 Objectives
Purchased StudiScopes 3-pack of questions
CCCure.org CISSP questions

I have had a hard time getting used to the ISC2 way of asking questions but I am diligently studying Darril's book and following along with SkillSoft's 2012 SSCP objectives (this is available thru my employer). I like the TestOut materials but I am afraid they are not covering all of the objectives for the exam. They replied to an e-mail with my concern and told me their material wouldn't be available until the 3rd of 4th quarter of this year. Obviously, doesn't do me much good if I hope to take the exam in July.

I am enjoying Darril's book but I don't think the editor/proofreader helped Darril much. For example [grin], on Page 42 of the book, there is a chart that explains Bell-LaPadula, Biba, Clark-Wilson and Chinese Wall. In the 'Rules' section of the chart, Bell-LaPadula is correctly listed as no read up, no write down. For the Biba model, it is also listed as no write up, no read down [which is incorrect]. I have found a lot of other mistakes as well. However, I am still using this book as the catalyst of my exam prep.

Please keep us updated on your progress. I wish you best of luck on the exam!

Jinuyr

Hi loneferret. I recently completed the exam and read your post. I think you are on the right path to getting everything covered for your upcoming exam.

Darril Gibson's AIO book covers at least 85% of what you are likely to run into when you take the exam. Pay extra close attention to the StudiScope questions and how they are formatted and what sort of details they require. Unfortunately, the practice exams don't do a very good job in explaining the solutions to you but the format and the way you have to think them through stay the same for the real exam.

You definitely want to dig deeper on the subjects you are not as familiar with since they will take up a good bit of your time in the exam.

Hope this help. ^_^

loneferret

Great thanks,
Now all I need to figure out is what 15% this book is missing and where to get it

Once I'm done reading these last few chapters, will get started on reviewing everything again with the studiScope...
Wondering if I should go for the 109$ package or just one set of questions.

It's been awhile since I took a multiple choice cert. exam... I always enjoy the studying part, never really cared for that type of exam process.
Oh well.. can't have everything in life.

Jinuyr

Now that you mentioned it... I purchased all three practice exams to get ready. The items that you will find on the practice exam that doesn't line up to what is included in the AIO is what the other 15% was that I was referring to. The AIO book touches on some of these topics very briefly so "technically" it was covered but you need to go a bit more in depth to truly understand the questions you're being asked.

I will go over my mental notes in and see if I can remember the Domains that need to be revisited when compared to the AIO book and let you know. I don't think I can give specifics as per testing agreement restrictions but I think I can mention the domains that you'll need to identify a bit further when compared to the practice exam.

loneferret

Oh yes, that would be very helpful.
Know which domain is not "100% covered" (if such a thing is even possible in only 1 book) would guide me the right direction.
I mean pass or fail, I did learn from this book. So depending on how one looks at it, it's a win

chrishz

Why don't you read the official guide?

loneferret

Just one of those quirks that makes me special... makes me special.. quirks... makes special..

I went for the AIO chirshz, seeing it seem part of most peoples collection (from what I read)
Not everyone used the official guide. I'll be honest too, I went for the less expensive book as well.

TeKniques

Hi there,

Best of luck on the SSCP. I too read the AIO, but also supplemented it with the Official Guide, StudISCope practice tests, CCCure paid version, and Ucertify. I also did watch the CBT Nuggets videos which as you mentioned are outdated, but it's a good break from reading. With all those materials I found the Official Guide to be very hard to read; one comment on this forum was made that since there are numerous authors contributing that the writing styles conflict which makes it difficult.

In my opinion the test questions on the SSCP are not hard to read. I'm surprised when I hear that they are, but everyone perceives things a bit different ... for me however, I thought that the style/format of the questions was straight forward.

Jinuyr

TeKniques wrote: »

Hi there,

Best of luck on the SSCP. I too read the AIO, but also supplemented it with the Official Guide, StudISCope practice tests, CCCure paid version, and Ucertify. I also did watch the CBT Nuggets videos which as you mentioned are outdated, but it's a good break from reading. With all those materials I found the Official Guide to be very hard to read; one comment on this forum was made that since there are numerous authors contributing that the writing styles conflict which makes it difficult.

In my opinion the test questions on the SSCP are not hard to read. I'm surprised when I hear that they are, but everyone perceives things a bit different ... for me however, I thought that the style/format of the questions was straight forward.

ISC does a great job of formatting the questions. But if you compare them to another security exam, it's a completely different league in regards to content and complexity on the questions.

Security+ questions are fairly blunt when they ask a question, "What is the port used for HTTP?"

SSCP may present a slightly more elaborate scenario while still staying completely relevant to the answers presented.

JDMurray

loneferret wrote: »

Now all I need to figure out is what 15% this book is missing and where to get it

You get all that and more from your personal technical and information security experience.

loneferret

JDMurray wrote: »

You get all that and more from your personal technical and information security experience.

You seem confidant saying that

So far the material is not hard, but then again reading and understanding a few books, PDFs etc. is not the same as an exam.
I never count my donkeys before they hatch... I'm going take the time it requires to pass. Eventually...

Thanks for all the feedback by the way guys.

Jinuyr

JDMurray wrote: »

You get all that and more from your personal technical and information security experience.

If you have not done so already, you should check out JDMurray's blog regarding the SSCP/CISSP exam. He answers a lot of questions you might have about the exam.

loneferret

I did read it, and it was helpful.
The reason I still asked these questions out in the open is others may have different opinions/answers or just something
new to add...

TeKniques

Jinuyr wrote: »

ISC does a great job of formatting the questions. But if you compare them to another security exam, it's a completely different league in regards to content and complexity on the questions.

Security+ questions are fairly blunt when they ask a question, "What is the port used for HTTP?"

SSCP may present a slightly more elaborate scenario while still staying completely relevant to the answers presented.

Yes, I realize that. My point was/is that the English the questions are written in is not hard to read. In my opinion you can't really compare the questions for Security+ to the SSCP ... the SSCP is a lot more difficult in comparison.

loneferret

I wouldn't compare CompTIA's security cert. to (ISC)2 seeing one is entry-level and the other is not. I say this seeing I've always been led to believe that CompTIA certs were pretty much all entry level. A spring board as you will... I could be wrong, which happens often enough lol

Jinuyr

TeKniques wrote: »

Yes, I realize that. My point was/is that the English the questions are written in is not hard to read. In my opinion you can't really compare the questions for Security+ to the SSCP ... the SSCP is a lot more difficult in comparison.

You're right. I just wanted to help reiterate potential assumptions between the two or those made in the past. I know I was guilty of it for a time before I purchased the StudiScope materials and realized differently.

loneferret

Good point.
Seeing I never sat for the Security+ exam (I do have the book), good to know the questions won't be a "straight forward" as CompTIA tests.
I do remember my <whatever>+ exams, and I do recall the questions being "to the point" versus the Microsoft ones for example.

But still... good to know

loneferret

Just a small update during a break.

Finished reading the AIO..
And just started with the StudiScope exams. Got all three, just did the first assessment.
Well, guess I found where that 15% is hiding. lol

Those questions are "odd looking".
Guess with a clearer head, and sleep i'll do better. Still don't regret the purchase.
If these practice exams are anything like the real deal, at least I'll be prepared for them...
Need to get back to my weak spots...

3017

I am in the very beginning of starting to study for the SSCP cert, and I have the AIO by Gibson, and UCertify practice tests. I don't think I can afford any other practice tests or the official guide. Does anyone have much experience with the UCertify practice tests? I do not have extensive experience in the Security field. I have about 2 years overall as a Sys Admin experience with security tasks mixed in, and just the Security+. I noticed that that the recommendation is at least a year of Security experience. Does 1 year seem like an accurate assessment for experience needed to take this exam?

Thank you

YuckTheFankees

How do employers value the SSCP?

TeKniques

3017 wrote: »

I am in the very beginning of starting to study for the SSCP cert, and I have the AIO by Gibson, and UCertify practice tests. I don't think I can afford any other practice tests or the official guide. Does anyone have much experience with the UCertify practice tests? I do not have extensive experience in the Security field. I have about 2 years overall as a Sys Admin experience with security tasks mixed in, and just the Security+. I noticed that that the recommendation is at least a year of Security experience. Does 1 year seem like an accurate assessment for experience needed to take this exam?

Thank you

Hi there. I used the Ucertify practice tests while preparing for the SSCP and I'm sorry to say that imo they are outdated, and do not accurately portray the types of questions you will be seeing on the actual exam. However, I purchased mine back in December 2011 so maybe they have updated them by now. The SSCP requires at least 1 year of experience in 1 of the CBK domains

loneferret

@3017
Seems like the general consensus on this forum is the StudiScope prep exams are the closest to the real thing.
The AIO's questions, which should be the same as mine, are nothing compared to the StudiScope. They do however
reflect the material in the each chapter. So I would suggest you do some extra research and reading to cover all the
bases. When the book mentions a RFC, look it up. If it mentions an organization look that up too.

@YuckTheFankees
I remember someone on this forum mentioning he hadn't found any employers looking for this certification specifically.
But may not mean much. In my opinion seeing it's still a (ISC)2 certification, it will probably add value to your resume.
It can also be, I guess, a nice springboard towards CISSP if that is your goal.

As for me, so far not too bad. On to the active reading (taking notes while I read) part of run #2 on Gibson's AIO book.
Did the StudiScope exams, getting better but unfortunately after a 2 or 3 run at them I fear I'm
just remembering the correct answers rather than learning. So using the exams for research. Takings the ones
I missed more often and looking the theory up. Keeping the questions in Set#3 alone, seeing I've only done that
one once, my results more accurately depict my understanding of the material. Google, Wiki and some RFC look up
does help fill in the blanks which is good.

Still don't know when I'll be going for the exam. Computer based is opening everywhere in a few days time. Will need to see
where in my area it will be offered.

ipchain

loneferret wrote: »

Still don't know when I'll be going for the exam. Computer based is opening everywhere in a few days time. Will need to see
where in my area it will be offered.

With a bit of luck, it will be available before you know it. Lots of good, solid advice on this board, so stick around!

Do keep us updated on your progress, and best of luck!

randyt1980

I just sent in my endorsement package for my SSCP, so I thought I'd offer up my insight. My preparation for the exam included the following:

1. The most recent SSCP CBK (gold)
2. SSCP CBT Nuggets
3. StudiScope questions (all 3)
4. CCCure free CISSP/SSCP questions

I've listed my study materials in order from most valuable (to me) to least. I found that the SSCP CBK was actually a very good read and covered quite a bit of material. There were some particularly good chapters on malcode and encryption, which helped me get a much better understanding of each. The CBTNuggets series of videos was very easy to follow, and the instructor did a great job of keeping me engaged in the material. I found that the videos helped reinforce the material that I had read in the book. There was also some material covered that either was not covered in the book, or maybe I had missed it. The StudiScope questions were great in that they helped prepare me for the format of the questions that are in the actual exam. They train your mind to read and REREAD the question, because if you dont they could bite you in the butt. Also, the material in the StudiScope questions is from within the most recent SSCP CBK. Last but not least, the CCCure questions also helped prepare me for question format, however much of the material was quite outdated.

3017

Thanks TeKniques for the bottom line on the Ucertify practice tests. I hope further along in my study maybe I can pick up the StudiScope practice tests. I have over the 1 year experience, my question is more if the test is actually very difficult for someone with just a years experience.

Jinuyr

I found out this week that I passed. To follow up from my previous post, all I did was the AIO book and the first two of the StudiScope Practice Tests. It was enough to get me the pass.

flt0nujr

Congrats Jinuyr!! I'm also slated to take the SSCP exam next month. I'm supplementing the CBT Nugget videos with testout lab simulation program for the SSCP, and using AIO Darril Gibson, and Studioscope for the questions.

loneferret

Well I passed.
Got a few really really odd-ball/left field questions, also had to review several questions after I completed (which is something I never do).
Still in the end, got the Congrats piece of paper on the way out. Guess I'll be getting the email soon about completing the procedure. Something about DNA and stool samples must be sent...

The book and studiscope are pretty dead on as far as material and exam prep. As mention, the AIO doesn't cover everything but filling in the blanks with some extra research does the trick.
One important note... Read the questions carefully. As in several times to make d*** sure you get it.

Happy I did this one and not CISSP. I never would've had the time to study for that one.