cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Topshotta
Newcomer III

Opinion about exam, just finished !!

Good day everyone, hope all is well. I just completed my exam and wow it was challenging. To start off I read a lot of reviews saying to outsource to different material and I agree 100 percent. isc2 is no where near enough to help you pass this exam. Unfortunately, I failed as well. Just focusing on isc2 will set you up for failure in my opinion. The material in isc2 goes over the bare minimum or surface level and on the exam its more deep dive or advanced in my opinion. I don't like to talk bad but I feel they set us up to fail on this one. I studied my butt off with different material daily and I felt like I had to take a guess and hope I was right  on atleast a third of the exam. Some questions are worded weird to throw you off but other than that, this is not a friendly/beginner course in my opinion. My advice to anyone taking the test is to STUDY HARD AND OUTSOURCE!! Take multiple courses, read multiple books , etc. Don't rely just on isc2.  To be frank, I did do mike chappels CC study guide (which is amazing in my opinion) and a couple of other things but I guess it wasn't enough. The worst part about it was when I got my scores back they tell you what you were proficient in and what you aren't and it said I was below proficient in a majority of the categories which makes me feel like idk what I'm doing. But like i said I studied the isc2 material, Aced all their exams and what not so idk. Anyway thanks for reading, hope this helps someone. Going to figure out my next move. God Bless.

59 Replies
denbesten
Community Champion


@fishmangr11 wrote:
Please put some extra thought on your comment of me taking 6 times the prep test as not wise and I should take it only once...

The problem with taking a practice quiz many times is that one tends to memorize the correct answers for that quiz instead of learning the material in a way that will help answer similar questions.  In other words, your score the first time was a measure of you knowledge of the content; your score the 6th time was a measure of your ability to memorize the questions on that quiz.  @Early_Adopter's advise is good. Get a different test quiz and use your first-time results on that quiz to measure how your knowledge has grown.  

 

For any question you get wrong on a practice quiz, you should be re-studying the related materials to understand why your answer was wrong, why the correct answer is correct and why the other choices were offered.  If you get a similar question wrong a second time, you probably ought to delve deeper into the topic using different reference materials, with the hopes that a different voice can explain it in a way that better resonates.  This how one matures from passively "being taught" to actively "learning how to learn".

 

... must trouble your organization....

@Early_Adopter is not an employee of the "organization".   He (like I) is just a person who has taken and passed the certification exam and his 50% comment is a hypothetical scenario, not a statement of fact.   

 

 

Early_Adopter
Community Champion

@fishmangr11 sorry I think you might have confused me with ISC2, whilst I’m a member it’s not my organisation, I’m active in the forums sure, but so are some other folk, and nobody here is selling anything to you - the ISC2 second offer os just your best option in case you would like to retrain/retake.

In terms of my comment on people with experience it goes down to an observation ISC2 having all of their experience delivering to experienced people - so ISC2 has never really delivered certification to complete entry level people -and there probably are gaps in their materials, but they must separate the training for ANSI 17024 you can look it up here - https://webstore.ansi.org - there is a common theme in all these organisations having a fondness for money I’m afraid. In previous posts I break down the costs of CC down, and yes it’s not free(Fifty USD PUPY). Personally I think it would be better off like the CCSK as a one and some certificate as opposed to a certification. Lastly I’m afraid that all of these organisations have a degree of having to pay to play - just the way it is, and organisations make mistakes but ISC2 has a written code of ethics, so is clearly “ethical” in the industry(it’s pretty good).

The reason I’d advise using the quiz less than six times… is you’ll get a false sense of your readiness if you use the same confirmation material multiple times as you’ll train the error down but not the fundamental gaps(you train to the quiz, not the material), there’s a lot of thought in that advice(I used to train army recruits-everything from skill-at-arms, fieldcraft, signals to NBC - and following systems approach to training you do want to keep fresh questions till you’ve completed the material). For reference I’ve sat three ISC2 certs and I’ve never used more than the provided questions in the books I was using, or the official course quiz. Some folk espouse hundreds or even thousands of questions - I tend to go for more quality over quantity here.

The 50% I mention is a hypothetical number provided as an example of why ISC2 wouldn’t want too many people to fail their entry level offering(ISC2 don’t publish their figures for exam pass rates, but they will want everyone to meet the standard if possible, adding new members is a big aim of the CC.

So we’d all like you to be successful, and very happy to have a chat if it helps(all the regulars here are in the industry, established and can give you advice and an opinion on what might work next - we won’t even agree on everything, but that’s OK).

Anyway best of luck going forward.

csjohnng
Community Champion

@fishmangr11 

Sorry to hear you did not pass.

 

I have also taken and passed CC (I don't have to, but just for the sake of understand what is actually being asked in CC test and to see if they are fair enough)  after my 9th ISC2 certification and I passed all 10 ISC2 certifications without any fail attempts.

 

In general, I think yes, it's good to aim high score at the post quiz. ( but this is just a by-product of your study). having high score does not guarantee you pass the actual exam,  it's more important to really know the material (domains) inside out and the quiz is just a "mean" or "process" to make you self check where you are and get used to the test format. And when you repeat the quiz (maybe you have repeat more than 6 time as well), you may tend to memorize the answer (which is not a good thing, because this could give you a false sense of confident that you know the material)

So I guess you may have to re-look at how you study the material and how you use the quiz.

 

The position of CC is a little different than other certifications in ISC2, because this is the only "entry" level exam in ISC2 and intend to be more "educational" ( which mean by understanding the official study material throughly, one should pass the exam).

 

I can only comment what is asked in CC seem a "fair" measurement (against what is stated in the domain), however I cannot comment how directly it relate to the post-quiz nor the official study material (the online course material) because I did not have chance to look at those material.

 

1 Tip I can give away (at least this work for me), when there is a post-quiz or checkpoint question at the end of each domain, I will look at the quiz as a mean for revision, scoring 0% or 100% does not really matter to me ( because you won't see the same question in the actual test).

 

for example with each question, I will ask myself why the answer A is correct and equally important why answer B, C and D are incorrect or what makes B, C and D incorrect, and what should question be rephrased if I have to make the answer B correct. 

 

By using quiz in this manner, this makes me throughly understand the domains and catching things I might have missed through the study or preparation. This is why I would call this is just a mean, process or "by-product" of your study.

 

If you go along the certification path (more advance certification), there are some certifications in ISC2 do not really have a single study source (nor study guide), and not even have post "quiz" or "quiz".

 

Anyway, hope this helps and good luck.

 

 

 

 

John
666Root
Newcomer I

Hi, thanks for sharing.  I am beginning to study for the CC next week, so this is valuable information.  

emperor270
Viewer

Thanks for the feedback. Better luck next time.

chirosports
Newcomer I

You are just studying now for an exam next week?  Unless you have experience, I would suggest otherwise.  I took 2 months to prepare for this exam and was able to pass it.  I had zero experience in Cybersecurity or IT infrastructure and terminology.  So, I made sure I knew the material.  I did not review anything else other than this study course.  The only experience I had was NIST as it pertained to HIPAA.

 

By reading how more people here have failed than passed, I would estimate that the pass rate is hovering around 40-50%.  I would suggest taking a month to prepare unless you have experience in this field.  

emb021
Advocate I

@Early_Adopter wrote

"It does seem with CC that ISC2 are having a pop at replacing CompTIA Security+, however I'm not sure that that will work out - look at the numbers of jobs requesting Security+ Vs CC."

Uh, this is because Sec+ has been around for years vs CC which has been around for like, a year?

PLUS Sec+ is on the DOD list and has that added cache that since the DOD approves it, most government bodies do and it flows from there.  When (not if) CC appears on that list, that will all change.

 

So I *DO* see the CC competing with Sec+.  Just not going to happen overnight.  Maybe in a year or so.


---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
JoePete
Advocate I


@emb021 wrote:

PLUS Sec+ is on the DOD list and has that added cache that since the DOD approves it, most government bodies do and it flows from there.  When (not if) CC appears on that list, that will all change.


It's probably helpful, especially given that many CC holders have limited industry experience, to explain what we mean by the "DoD List." Unfortunately, tracking that list is material enough for an exam. But the short of it is you probably want to look at the appendix of the DoD 8570 manual:
https://public.cyber.mil/wid/cwmp/dod-approved-8570-baseline-certifications/

 

This explains DoD certification requirements, which other sectors also follow, but even 8570 is transitioning to the more recent 8140 (a whole other tangent about "directives" and "manuals").

 

I think if the CC shows up in 8570/8140, it's likely going to be in the top left corner with other low hanging fruit - such as the A+ or Network+ (maybe Security+ and SSCP). However, I think as someone else pointed out on another thread, the CC didn't grow out of an industry working group, a standard, or some other broadly supported initiative. It basically arose to support an (ISC)2 marketing campaign (1 million certified). That's another factor that can lengthen the time it takes for the DoD and others to assign a value to it (it came out of nowhere), but it also calls into question whether it will be viewed as vendor neutral.

Early_Adopter
Community Champion

“ Uh, this is because Sec+ has been around for years vs CC which has been around for like, a year?

PLUS Sec+ is on the DOD list and has that added cache that since the DOD approves it, most government bodies do and it flows from there. When (not if) CC appears on that list, that will all change.

So I *DO* see the CC competing with Sec+. Just not going to happen overnight. Maybe in a year or so.”

@emb021

BLUF it might not feel so fair that CC has just come on the scene and Security+ is the dominant predator, however someone seeking a job with certification as a helper is likely looking at a time to value of 3-6 months.

There’s a subtle but important distinction to make here, CC is competing with Sec+ today, it’s just not competitive -yet.

Part of this is how long it’s been around for(17 months as of writing). This shouldn’t be a surprise. However, it’s an important factor if you’re selection a certification today and want the most useful or you’re working out how to rate credentials for hiring.

In terms of pure time taken to be competitive, I’d say you can consider that ‘year or so’ being more like three years, a lot depend at what rate candidates turn into CC certified members so there’s a pool of people for HR, then for HR to start using it. When it has approximately equal numbers of citations in job adverts then I think we can probably deem it functionally competitive(from a candidate standpoint if it costs less to obtain and maintain than SEC+, then it’s a better proposition at that point).

DoD list may well happen at some stage(Singapore’s Cyber Security Agency is using it and that’s a good thing). However I don’t think this will in of itself put CC ahead of Sec+ otherwise we would have seen CASP+.level or pull ahead of CISSP.

In terms of the material covered by Security+ and its training and testing methods are radically different. Teaching and testing skills by doing is fundamentally more effective than by telling/asking. So it’s reasonable to assume that Security+ will maintain a lead there until ISC2 brings in labs and simulation testing(tool use is more important at entry level, and to keep up with the DoD theme we see drill sergeants confirming rifle skills outside on the range).

How long would CC be useful for vs Sec+ is an interesting question and I’m more bullish here in that while Sec+ probably has greater longevity in terms of getting a job CC helps get a candidate more comfortable with the CISSP exam format and that helps more later on.

So back to my original point, which was replacing Security+ rather than merely being competitive, maybe in the fullness of time it might, but for all the reasons above, it’s not certain, and we’ll need to see the data and the job listings change very significantly.


Early_Adopter
Community Champion

@JoePete

Interesting thanks for the share - Based on the information supplied in the DoD manual appendix it looks like CC would actually be considered as a first step along with SSCP. This would put CC in as the entry level of entry levels, and would probably be a good place for CC while it develops.

However if we look at ISC’s competitive positioning it’s clear that it is viewed as a peer:

https://www.isc2.org/Insights/2022/09/entry-level-cc-versus-security-plus

On the CompTIA side I couldn’t see a direct competitive comparison(my google may not be strong today) but I did see some forum opinions which I think server well until CompTIA decide to give CC the oxygen of publicity from its side:

https://cin.comptia.org/threads/ics-2-certified-cybersecurity.1199/

So at some stage I guess we’ll see a convergence of positions as to where CC fits in.