@fishmangr11 sorry I think you might have confused me with ISC2, whilst I’m a member it’s not my organisation, I’m active in the forums sure, but so are some other folk, and nobody here is selling anything to you - the ISC2 second offer os just your best option in case you would like to retrain/retake.

In terms of my comment on people with experience it goes down to an observation ISC2 having all of their experience delivering to experienced people - so ISC2 has never really delivered certification to complete entry level people -and there probably are gaps in their materials, but they must separate the training for ANSI 17024 you can look it up here - https://webstore.ansi.org - there is a common theme in all these organisations having a fondness for money I’m afraid. In previous posts I break down the costs of CC down, and yes it’s not free(Fifty USD PUPY). Personally I think it would be better off like the CCSK as a one and some certificate as opposed to a certification. Lastly I’m afraid that all of these organisations have a degree of having to pay to play - just the way it is, and organisations make mistakes but ISC2 has a written code of ethics, so is clearly “ethical” in the industry(it’s pretty good).

The reason I’d advise using the quiz less than six times… is you’ll get a false sense of your readiness if you use the same confirmation material multiple times as you’ll train the error down but not the fundamental gaps(you train to the quiz, not the material), there’s a lot of thought in that advice(I used to train army recruits-everything from skill-at-arms, fieldcraft, signals to NBC - and following systems approach to training you do want to keep fresh questions till you’ve completed the material). For reference I’ve sat three ISC2 certs and I’ve never used more than the provided questions in the books I was using, or the official course quiz. Some folk espouse hundreds or even thousands of questions - I tend to go for more quality over quantity here.

The 50% I mention is a hypothetical number provided as an example of why ISC2 wouldn’t want too many people to fail their entry level offering(ISC2 don’t publish their figures for exam pass rates, but they will want everyone to meet the standard if possible, adding new members is a big aim of the CC.

So we’d all like you to be successful, and very happy to have a chat if it helps(all the regulars here are in the industry, established and can give you advice and an opinion on what might work next - we won’t even agree on everything, but that’s OK).

Anyway best of luck going forward.

@fishmangr11 

Sorry to hear you did not pass.

 

I have also taken and passed CC (I don't have to, but just for the sake of understand what is actually being asked in CC test and to see if they are fair enough)  after my 9th ISC2 certification and I passed all 10 ISC2 certifications without any fail attempts.

 

In general, I think yes, it's good to aim high score at the post quiz. ( but this is just a by-product of your study). having high score does not guarantee you pass the actual exam,  it's more important to really know the material (domains) inside out and the quiz is just a "mean" or "process" to make you self check where you are and get used to the test format. And when you repeat the quiz (maybe you have repeat more than 6 time as well), you may tend to memorize the answer (which is not a good thing, because this could give you a false sense of confident that you know the material)

So I guess you may have to re-look at how you study the material and how you use the quiz.

 

The position of CC is a little different than other certifications in ISC2, because this is the only "entry" level exam in ISC2 and intend to be more "educational" ( which mean by understanding the official study material throughly, one should pass the exam).

 

I can only comment what is asked in CC seem a "fair" measurement (against what is stated in the domain), however I cannot comment how directly it relate to the post-quiz nor the official study material (the online course material) because I did not have chance to look at those material.

 

1 Tip I can give away (at least this work for me), when there is a post-quiz or checkpoint question at the end of each domain, I will look at the quiz as a mean for revision, scoring 0% or 100% does not really matter to me ( because you won't see the same question in the actual test).

 

for example with each question, I will ask myself why the answer A is correct and equally important why answer B, C and D are incorrect or what makes B, C and D incorrect, and what should question be rephrased if I have to make the answer B correct. 

 

By using quiz in this manner, this makes me throughly understand the domains and catching things I might have missed through the study or preparation. This is why I would call this is just a mean, process or "by-product" of your study.

 

If you go along the certification path (more advance certification), there are some certifications in ISC2 do not really have a single study source (nor study guide), and not even have post "quiz" or "quiz".

 

Anyway, hope this helps and good luck.

 

 

 

 

You are just studying now for an exam next week?  Unless you have experience, I would suggest otherwise.  I took 2 months to prepare for this exam and was able to pass it.  I had zero experience in Cybersecurity or IT infrastructure and terminology.  So, I made sure I knew the material.  I did not review anything else other than this study course.  The only experience I had was NIST as it pertained to HIPAA.

 

By reading how more people here have failed than passed, I would estimate that the pass rate is hovering around 40-50%.  I would suggest taking a month to prepare unless you have experience in this field.  

@Early_Adopter wrote

"It does seem with CC that ISC2 are having a pop at replacing CompTIA Security+, however I'm not sure that that will work out - look at the numbers of jobs requesting Security+ Vs CC."

Uh, this is because Sec+ has been around for years vs CC which has been around for like, a year?

PLUS Sec+ is on the DOD list and has that added cache that since the DOD approves it, most government bodies do and it flows from there.  When (not if) CC appears on that list, that will all change.

 

So I *DO* see the CC competing with Sec+.  Just not going to happen overnight.  Maybe in a year or so.

---

@emb021 wrote:

PLUS Sec+ is on the DOD list and has that added cache that since the DOD approves it, most government bodies do and it flows from there.  When (not if) CC appears on that list, that will all change.

---

It's probably helpful, especially given that many CC holders have limited industry experience, to explain what we mean by the "DoD List." Unfortunately, tracking that list is material enough for an exam. But the short of it is you probably want to look at the appendix of the DoD 8570 manual:
https://public.cyber.mil/wid/cwmp/dod-approved-8570-baseline-certifications/

 

This explains DoD certification requirements, which other sectors also follow, but even 8570 is transitioning to the more recent 8140 (a whole other tangent about "directives" and "manuals").

 

I think if the CC shows up in 8570/8140, it's likely going to be in the top left corner with other low hanging fruit - such as the A+ or Network+ (maybe Security+ and SSCP). However, I think as someone else pointed out on another thread, the CC didn't grow out of an industry working group, a standard, or some other broadly supported initiative. It basically arose to support an (ISC)2 marketing campaign (1 million certified). That's another factor that can lengthen the time it takes for the DoD and others to assign a value to it (it came out of nowhere), but it also calls into question whether it will be viewed as vendor neutral.

“ Uh, this is because Sec+ has been around for years vs CC which has been around for like, a year?

PLUS Sec+ is on the DOD list and has that added cache that since the DOD approves it, most government bodies do and it flows from there. When (not if) CC appears on that list, that will all change.

So I *DO* see the CC competing with Sec+. Just not going to happen overnight. Maybe in a year or so.”

@emb021

BLUF it might not feel so fair that CC has just come on the scene and Security+ is the dominant predator, however someone seeking a job with certification as a helper is likely looking at a time to value of 3-6 months.

There’s a subtle but important distinction to make here, CC is competing with Sec+ today, it’s just not competitive -yet.

Part of this is how long it’s been around for(17 months as of writing). This shouldn’t be a surprise. However, it’s an important factor if you’re selection a certification today and want the most useful or you’re working out how to rate credentials for hiring.

In terms of pure time taken to be competitive, I’d say you can consider that ‘year or so’ being more like three years, a lot depend at what rate candidates turn into CC certified members so there’s a pool of people for HR, then for HR to start using it. When it has approximately equal numbers of citations in job adverts then I think we can probably deem it functionally competitive(from a candidate standpoint if it costs less to obtain and maintain than SEC+, then it’s a better proposition at that point).

DoD list may well happen at some stage(Singapore’s Cyber Security Agency is using it and that’s a good thing). However I don’t think this will in of itself put CC ahead of Sec+ otherwise we would have seen CASP+.level or pull ahead of CISSP.

In terms of the material covered by Security+ and its training and testing methods are radically different. Teaching and testing skills by doing is fundamentally more effective than by telling/asking. So it’s reasonable to assume that Security+ will maintain a lead there until ISC2 brings in labs and simulation testing(tool use is more important at entry level, and to keep up with the DoD theme we see drill sergeants confirming rifle skills outside on the range).

How long would CC be useful for vs Sec+ is an interesting question and I’m more bullish here in that while Sec+ probably has greater longevity in terms of getting a job CC helps get a candidate more comfortable with the CISSP exam format and that helps more later on.

So back to my original point, which was replacing Security+ rather than merely being competitive, maybe in the fullness of time it might, but for all the reasons above, it’s not certain, and we’ll need to see the data and the job listings change very significantly.

@JoePete

Interesting thanks for the share - Based on the information supplied in the DoD manual appendix it looks like CC would actually be considered as a first step along with SSCP. This would put CC in as the entry level of entry levels, and would probably be a good place for CC while it develops.

However if we look at ISC’s competitive positioning it’s clear that it is viewed as a peer:

https://www.isc2.org/Insights/2022/09/entry-level-cc-versus-security-plus

On the CompTIA side I couldn’t see a direct competitive comparison(my google may not be strong today) but I did see some forum opinions which I think server well until CompTIA decide to give CC the oxygen of publicity from its side:

https://cin.comptia.org/threads/ics-2-certified-cybersecurity.1199/

So at some stage I guess we’ll see a convergence of positions as to where CC fits in.