Hello All,
Took the exam today and passed. It was considerably different than the pre and post-exam from the self-study course. It took me less than 45 minutes to complete the exam.
First, I have zero experience in IT. However, I do have experience in healthcare compliance as I am certified as a CHC (Certified Healthcare Compliance and CHPC (Certified Healthcare Privacy Compliance) through HCCA. There are some overlaps such as HIPAA and NIST, but other than that, no technical knowledge around security.
Second, you have 2 hours to complete 100 questions. If I remember correctly, 25 are "Trial questions" which aren't graded and 75 will be graded. Unfortunately, you don't know which ones are trial questions v/s live questions.
Third, you don't have the option to skip a question or come back to a question. Once you click an answer and move to next page, that's it. Your answers are locked for grading. I don't think there is an option to return back to a previous question. So make sure you are 100% sure you are choosing the right answer.
My quick takeaways:
1. They hit Chapter 4 - Network Security pretty hard. I think I had at least 20 questions from this chapter
a. There were about 5 questions regarding the cloud service model (SaaS, IaaS, PaaS). Make sure you know the different concepts and when they apply.
b. Know the ports and protocol. Again, I had about 3 or 4 questions on this concept.
c. Know concepts of TCP/IP v/s OSI.
2. Know the definitions and what each of the acronyms stands for. For example, if you don't know what DLP stands for, it will be harder to answer the questions.
3. Know the different type of threats and intrusions.
4. Read questions carefully. Many times, there were two answers that could automatically be discarded. The other two were viable choices. You had to choose the right one.
5. Know the code of conduct for ISC2. There were a few questions from there as well.
Well, that's all. I know I am being vague, but as part of the code of conduct, we can't give direct questions. At least, I can point you to what's important to study.
Good luck!
Bill
Thanks so much, I am sitting my exam tomorrow at 10:30AM, this will help a lot.
thanks for the insight very helpful
"First, I have zero experience in IT. "
I think this is the key value which the CC can provide. It makes the realm of information security accessible to people who do not typically live and breathe in it. And it still serves a good purpose for technical people who need an orientation in secure practices.
Congrats.
Thank You
Congratulations Bill.
Appreciate your efforts in sharing the exam tips. Few of them like answers review option isn't available was completely new for me. Unlike in other vendors this is a basic option where you can revisit and change the answers.
Also the trial questions is sometime new which i feel ISC2 should call out clearly and avoid the ambiguity for candidates.