Re: Advice For Exam Takers - Page 2

at2 · ‎12-15-2023

Hello Everyone,

I am yet to take the exam, I shall take it on Monday, I want to provide some advice to this forum that I think is useful.

According to my calculations, the units everyone should focus on to pass, is 1. Security Principals. 3. Access Control Concepts and 4. Network Security. If you look at the exam outline, if you can answer those questions correctly, you'll pass by 72 % and you need 70% to pass.

Also, the mock exam on the self based learning reflects this as well, please do not look at third party information as it may absolutely confuse you and scare you, keep strong and keep taking the mock if you like, rinse and repeat!

May Allah bless you all!

Early_Adopter · ‎12-19-2023

Sorry you didn’t pass.

One thing that concerns me is that you describe the exam as “brutally hard” it shouldn’t be, as it’s entry level.

As you used mostly the ISC2 prep material and it’s fresh in your mind it gives us an opportunity as to how to why. ISC2 exams apart from CC have always contained an experiential element, and that does a large amount of heavy lifting. In addition other ISC2 certifications benefit from compiled CBKs and third party study guides(though CC focus have a lot of other material and an all in one guide is coming out).

So your own preparation aside:

Did you find knowledge and concepts were missing from the courseware?

AND/OR

Did you feel the language of the questions was slippery in some way, or that they were resting your knowledge of skills linguistically?

ISC2 doesn’t publish pass fail rates, and is now much less transparent about member rates so we’ll probably need to await academic surveys/studies on pass/fail rates for CC to know better statistically.

Some suggested next steps for you- no pressure/ there is an offer for 199 USD which includes the AMF for a year so it’s not a dead loss and it still stacks nicely against Security+ costs though not so much vs Google Certified Cybersecurity Professional.

In preparation I’d advise getting the All in One CC guide when it’s shipped(if it hasn’t already) or get the latest All in One CISSP guide(still has the legendary Shon Harris as a co-author). This is a big read, but will absolutely cover any missing knowledge concepts from the training, and if you read it an assimilate it full the basics will be with you for a lifetime.

Good luck!

denbesten · ‎12-19-2023

@at2 wrote:
I tried my absolute best, eventually revised everything and failed, it was brutally tough from beginning to end!

Sorry to hear that. Having failed, you received a report of how you did in each of the 5 domains, ranked from best to worst. Here is how to interpret the report. Although it is technically possible to pass if some domains are near or below; you are guaranteed a pass if all are above proficiency.

Did the domains in which you achieved "above proficiency" (which means "passed") match those you were were most confident in? If so, you have the recipe for passing. Study the domains in which do did not do so well until you have that level of confidence in all 5 domains. Then and only then, take the test again.

In light of your results, do you still recommend focusing primarily on the highest-point domains and to exclusively use ISC2 branded study materials?

I ask because such advise runs counter to my experience that diversity of knowledge is at least as important as depth. And by diversity, I mean a variety of teachers, different venues (books, videos, classes, meetups, standards documents, experimentation, etc.), different perspectives and exposure to lots of topics (not necessarily just the 5 domains).

Even outside of cybersecurity, I have learned that following news-sites of all political leanings keeps me from succumbing to group-think.

JoePete · ‎12-20-2023

@at2 wrote:
I tried my absolute best, eventually revised everything and failed, it was brutally tough from beginning to end!

There is an ongoing debate (at least in my own head) as to the degree to which security is entry level. I consider it, largely, just IT done right. In other words you have to have IT skills and knowledge and build on top of that. It's a secondary/management level of IT. Just as judges are first lawyers, surgeons are first doctors, or detectives are first police, good security folks are first IT people. Sure, there can exceptions, but it is really hard to go from zero to "I can tell people how to do their job" (and that's really qualifier of this job) overnight.

Against that backdrop, I'd advise that an alternate and maybe better route into this industry is to work into it rather than trying to test into it - or at least test into it right away.

at2 · ‎12-20-2023

To be quite honest, I wouldn't now recommend just focusing on a few topics, you have to have some other knowledge to pass, this is supposed to be entry level, yet it is a really tough exam! I was efficient in Security Protocols and Networking, there were three units which I didn't do well in, however I disagree with the paper in regard to that!

at2 · ‎12-21-2023

Entry Level isn't entry level for this exam, the mock exam questions are no where near what you'll get in the test center. I feel I understood the concepts well, there are 20 to 25 experimental questions, I had absolutely no idea how to answer them, the language was at times deceiving and slippery, it also didn't help that on that particular night, I didn't sleep very good as well.

denbesten · ‎12-21-2023

@at2 wrote:
Entry Level isn't entry level for this exam.

IMHO, the exam is "entry level" for cybersecurity; it is just that (as JoePete hypothesized) cybersecurity is not an entry level profession. Just as a surgeon first needs to be a doctor, a cybersecurity pro needs to first be an IT professional.

I personally feel that ISC2 is doing candidates a disservice by claiming "No work experience required". Perhaps they would do better by recommending IT work experience -- similar to what CompTIA does.

CompTIA has an equivalent to to CC -- their Security+ certification. It might be instructive to take note of what leads up to it and their prerequisites.

ITF+ (IT Fundamentals) -- No prior experience necessary
A+ (launching IT careers ) -- 9 to 12 months hands-on experience in the lab or field
Network+ -- CompTIA A+ Certification and a minimum of 9 to 12 months of hands-on experience working in a junior network administrator/network support technician job role
Security+ -- CompTIA Network+ and two years of experience working in a security/ systems administrator job role

Early_Adopter · ‎12-21-2023

Good old breathless marketing “… just the passion and drive to enter a field that opens limitless opportunities around the globe.” ISC2 should take that down a couple of notches as well as advise candidates to check to see if there is a participating test centre they can reasonably travel to before starting up the six months timer.

Frankly everyone will get there at their own pace, though I suspect those passing CC will be higher than those getting a cybersecurity role without prior experience. However education counts a lot as well. For example I catted to a chap recently who is in the final year of his computer science exam - I don’t think he’ll have any issues passing his CC.

There might well currently be gaps in domain coverage, or in how the questions are written, and it’s hard to gauge competence or readiness with limited knowledge of a field (DK in full effect). Anyway we’ll just need to wait till there is more data/studies.