UPDATE: As I'm going through the official courseware again, I'm finding I need to backtrack my statement about no overlap between course and test. There are a lot of hidden nuggets in both the courseware and the instructor's lectures. As it turns out there was coverage of IoTs, etc. In fact there a very comprehensive treatise on securing IoTs.
NISTIR 8228
Considerations for Managing
Internet of Things (IoT)
Cybersecurity and Privacy Risks
https://csrc.nist.gov/publications/detail/nistir/8228/final
And back to the excellent instructor, Frank S, he mentioned in the first class that one needs to have an understanding of the concepts rather than merely regurgitate definitions.
So I'm listening again to each one of the lectures and taking some notes. I'll start with the 3 or 4 sections I didn't do so well on.
It looks like I failed to pass by two questions. I did a brain dump of all questions I could remember, the possible answers and how I actually answered. Just based on that I could feel confident passing it on the second try.
What tripped me up was a lack of alignment between the official class curriculum and the test. Very little overlap there. I could have not taken the course and done just as well. I was also surprised that you couldn't mark a question and return to it. This is essential in my opinion for a test of this length.
The official curriculum lists about 20 extra sources to read. Well, if you bought each book, you'd have spent about a 1000 dollars and read about 10,000 pages of material. Definitely not realistic or practical for someone studying for the test. This curriculum needs to be revamped or made more practical in nature.
I did not read the CBK (2013) but will get that soon.
I got a free retake and so will be doing that in six weeks.
I'm not sure what the protocol is but I did notice a few questions on IoTs that were not covered in the official material. Where are you going to find information on securing IoTs or a network of IoTs. That's not something you normally run into in a normal work week. There were a lot of scenario-based questions, based on a condition or occurence, what would you do?
Well a lot that wasn't covered in the official material. The flash cards are cool but utterly useless for passing the exam. The version 5 booklet is a nice overview but not an accurate reflection of what's on the test.
There isn't a practice test that's on the market that's going to accurately reflect the real test. Don't waste your time and money. Are you able to get the CBK Student Guide Version 5? That's going to have at least the most recent content that's not in the 2013 CBK. It has tests at the end that I would rate OK but that in itself isn't going to be the way to pass.
So it's really a combination of the 2013 CBK (just skim it), the Student Guide and various NIST publications that, in my opinion, will get you over the hump. The biggest thing is to take that definition to some practical application.