Options
CCSP failed (rant).
gespenstern
Member Posts: 1,243 ■■■■■■■■□□
in CISSP
Just failed CCSP with 689. Since the exam is 125 questions and full score is 1000, we can tell that average question weighs at around 8 points, i.e. I missed by 1 or 2 questions. On a different day I could have passed if I had more questions in areas I'm familiar with, but this day sucks and it started sucking from the early morning.
As usual with (ISC)2 exams it is hard to tell what you should do to prepare yourself, as all the materials seem to be barely relevant to what you get on the exam. I listened to Kelly's on cybrary.it two times and maybe it helped me in 1 or 2 questions, LOL.
The overall quality of the exam is inferior. Some questions are constructed by people with poor English and nobody proofread them. Even my English is better, LOL. It can affect your score in some ways. For example, I had a question where the answer that seemed logical didn't fit as the ending of the phrase it was supposed to finish. Like, "the most important control in this situation should:" and the logical answer was like "data encrypted on a database level", WTF. Obviously, I'm not leaking any actual questions or even remotely resembling.
Outsourcing at its best one can say.
On a side note I have experience with sitting for other (ISC)2 exams and they were of better quality and questions of type "WTH were they smoking" were pretty rare.
Some questions are flawed logically as well. I love when advanced thinkers construct complex questions where, given all the knowledge required, you can logically deduce the correct answer with 100% certainty not relying on any assumptions. It's not the case with some CCSP questions. For example, there was a question on what this role should do first regarding this incident. But there's no information on when exactly this person was informed about this incident and the correct answer depends on this key information and I had to assume that the person was informed right away.
Another example is who's responsible for certain activity between CSP and the customer in this scenario. And one of the questions mentions certain tech which seems to be the correct answer ONLY if this tech is employed on the customer side, but the scenario doesn't provide you with information where this tech is employed at.
On a bright side it was nice to confirm via the printout that I'm good with everything technical, with architectural stuff, but suck at legal and compliance and operations. Yes, that's right, and I hate everything legal and compliance... Everybody and every entity and their grandma have their own opinion on what incident response phases are and in which sequence they should be followed, etc. Damn bureaucrats who haven't managed a single hacker incident will be teaching me what to do at which step. Hate this.
Too bad that there weren't many questions on PCI DSS which I'm familiar with the most and consider it to be the most comprehensive standard as opposed to extremely vague clauses from government regulations upon reading which you remain pretty much where you started because nothing is clear and nothing is certain. Got to love HIPAA's "addressable" clauses, for example.
At the end of the day it's $549 wasted.
Plan to reschedule it ASAP and try again in a few weeks. Will have to read on some legal & compliance stuff before that. Sorry for ranting...
As usual with (ISC)2 exams it is hard to tell what you should do to prepare yourself, as all the materials seem to be barely relevant to what you get on the exam. I listened to Kelly's on cybrary.it two times and maybe it helped me in 1 or 2 questions, LOL.
The overall quality of the exam is inferior. Some questions are constructed by people with poor English and nobody proofread them. Even my English is better, LOL. It can affect your score in some ways. For example, I had a question where the answer that seemed logical didn't fit as the ending of the phrase it was supposed to finish. Like, "the most important control in this situation should:" and the logical answer was like "data encrypted on a database level", WTF. Obviously, I'm not leaking any actual questions or even remotely resembling.
Outsourcing at its best one can say.
On a side note I have experience with sitting for other (ISC)2 exams and they were of better quality and questions of type "WTH were they smoking" were pretty rare.
Some questions are flawed logically as well. I love when advanced thinkers construct complex questions where, given all the knowledge required, you can logically deduce the correct answer with 100% certainty not relying on any assumptions. It's not the case with some CCSP questions. For example, there was a question on what this role should do first regarding this incident. But there's no information on when exactly this person was informed about this incident and the correct answer depends on this key information and I had to assume that the person was informed right away.
Another example is who's responsible for certain activity between CSP and the customer in this scenario. And one of the questions mentions certain tech which seems to be the correct answer ONLY if this tech is employed on the customer side, but the scenario doesn't provide you with information where this tech is employed at.
On a bright side it was nice to confirm via the printout that I'm good with everything technical, with architectural stuff, but suck at legal and compliance and operations. Yes, that's right, and I hate everything legal and compliance... Everybody and every entity and their grandma have their own opinion on what incident response phases are and in which sequence they should be followed, etc. Damn bureaucrats who haven't managed a single hacker incident will be teaching me what to do at which step. Hate this.
Too bad that there weren't many questions on PCI DSS which I'm familiar with the most and consider it to be the most comprehensive standard as opposed to extremely vague clauses from government regulations upon reading which you remain pretty much where you started because nothing is clear and nothing is certain. Got to love HIPAA's "addressable" clauses, for example.
At the end of the day it's $549 wasted.
Plan to reschedule it ASAP and try again in a few weeks. Will have to read on some legal & compliance stuff before that. Sorry for ranting...
Comments
-
Optionsdhay13
Member Posts: 580 ■■■■□□□□□□
Sorry to hear that. I am studying for it now and hope to take it in a month or so. You were close. Should get it next time but definitely has to be frustrating knowing you were only 1 or 2 questions away.
-
Options
chrisone
Member Posts: 2,278 ■■■■■■■■■□
ha I laugh at this rant.
CISSP Passing is 700 pts
1st attempt 669
2nd attempt 695 < failed by 5 pts! what is that? half a question? I looked at the screen wrong? didnt click the mouse hard enough? WTF! Another $600!
3rd attempt passed
3 exam attempt = $1800
Books , practice tests, CBT = 200
total adventure = over 2 grand!
Keep pushing! keep working hard, you will get it on the second or third attempt!
I feel your pain
Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
Optionsgespenstern
Member Posts: 1,243 ■■■■■■■■□□
2nd attempt 695 < failed by 5 pts! what is that? half a question? I looked at the screen wrong? didnt click the mouse hard enough? WTF! Another $600!
In case of CISSP it's still roughly 1 or 2 questions as we have a 250 question bank as opposed to 125
CISSP is certainly more grueling because of volume -
OptionsRemedymp
Member Posts: 834 ■■■■□□□□□□
Did you ever go back to retake it?
I really think that ISC2 should have just made CCSP an additional concentration to the CISSP like they did for the Architecture, Management, and Engineering portion. -
Optionsgespenstern
Member Posts: 1,243 ■■■■■■■■□□
Nope. Turns out that they have 3 months cool down period, lol. So I'm on the shelf for another 2 months.
Regarding the number of questions they just inherited what they already have, as all of their exams AFAIK are 125 questions except the CISSP. So they decided they won't give it up for CCSP and made it 125 as well.
They kind of have too many concentrations already anyways. Their engineering isn't really engineering at all, it is more of a legal/compliance exam. Mgmt and arch are more on point though. -
Optionscbkihong
Member Posts: 52 ■□□□□□□□□□
I planned on reading that CCSP book but not taking the exam. Your post re-affirmed by belief.
But curious, how much is the overlap between CCSP and CISSP in practice? From a cursory glance at the CCSP book everything seemed so familiar to me that I do not quite understand its niche except it is a bit more cloud-focused. Can you enlighten me a bit? -
Optionsdjcarter
Member Posts: 44 ■■□□□□□□□□
There is considerable overlap from a security perspective with the CISSP, it is just focused on the unique attributes of working in a cloud environment, the particular architecture concerns, legal/policy, etc.
A lot of the security approaches will be quite a bit different since you won't have access to the hardware layer and such in a cloud environment, so it can certainly be quite a bit different.
For someone with a CISSP you would have a considerable foundation to make the CCSP a lot easier, but it can also serve as a standalone cert for those that don't. -
OptionsTheFORCE
Member Posts: 2,297 ■■■■■■■■□□
CCSP is geared for those people working for and with cloud service providers, focus on the areas they work and you will be ok. Make sure you pay some attention to legal and compliance questions, those can be tricky as data in the cloud can be anywhere in a physical location, that understanding can help with some questions.
-
Optionskdotnoh
Member Posts: 30 ■■■□□□□□□□
Please is there any practices test to check your knowledge prior to the exams?
-
Optionsgespenstern
Member Posts: 1,243 ■■■■■■■■□□
Can you enlighten me a bit?
Yes, more emphasis on cloud stuff. More knowledge of all the types of relationships between a CSP and a customer and appropriate technologies, like all types of identity federation.
No deep or no at all emphasis on engineering, crypto, various government stuff like Bell-LaPadula, etc. Just check their domains outline, it's self-explanatory.
