Textbooks, Study Guides, Apps and More
From traditional textbooks and study guides to more contemporary tools, such as interactive flash cards and study apps, we have a training and study resource that’s right for you and will fit into your busy schedule.
https://www.isc2.org/Training/Self-Study-Resources
The CSSLP CBK for exam preparation purposes is good, but my understanding is that ISC2 official materials (CBKs, study guides) never aimed to cover all exam questions. There were similar discussions in 2018:
https://community.isc2.org/t5/Exam-Preparation/Failed-the-new-CISSP-CAT-exam-on-April-07-2018/td-p/9...
https://community.isc2.org/t5/Exam-Preparation/CISSP-book-enough-for-the-exam/td-p/14276
Let me quote from these threads:
"I called the (ISC)2 customer service and expressed my frustrations. The representative told me that I should not just rely on one source for preparing the test. "You should study other materials out there" the rep said. When I asked what materials should I look for to prepare, the representative did not have a solid answer for it. "
"No single book, or cram course for that matter, can prepare you completely for the CISSP exam. [...] the exam is designed to check breadth of knowledge and experience over many diverse knowledge domains. The exam is not intended to be passable by a newbie with no experience and only one book or course as preparation."
"I used 3 different sources to prepare for the CISSP; the official ISC2 CBK book, the Shon Harris all in one book and a dummies guide. It took 8 days to study and pass the old paper based exam, but then I had worked in InfoSec for 8 years and IT for 17 years when I took the exam, so had probably absorbed some of the information from practical experience already."
These replies are about CISSP, but the situation with CSSLP is similar, I passed the exam this week.
You have to score 700 points out of a maximum of 1000. If there are topics not covered in the study guide or CBK, your experience should help you score at least 700 points, because most unknown topics can be answered by a professional with the required skill (at least 5 years) and common sense.
Could you please let me know if you went through any other study material for CSSLP exam?
I used the following materials to prepare for the exam:
- Official (ISC)2 Guide to the CSSLP CBK 2nd Edition (August 20, 2013) - Kindle Edition
- Flash Cards via the Quizlet Android Apps
- A bundle (purchased via the isc2 website) of the Official ISC2 CSSLP Digital Textbook 6th Edition, Student Guide + Official ISC2 CSSLP Digital Textbook 6th Edition Online Self-Paced Training
- CSSLP Certified Secure Software Lifecycle Professional All-in-One Exam Guide, 3rd Edition by Wm. Arthur Conklin, Daniel Paul Shoemaker (February 4, 2022) - Kindle Edition
The CBK dated 2013 was relevant. The Student Guide, Online Self-Paced Training and the All-in-One Exam Guide contained essentially the same information.
There were questions in the exam not covered by the above materials. However, I have large experience in the domains, and my prior Microsoft Certifications (SC-100 and AZ-400) helped because some topics from those Microsoft certifications overlapped with those of ISC2. Whenever on the exam there was a question that was not covered in the study materials, I replied based on my experience and common sense, and I passed.
I also periodically participate in SSCP exam questions workshops. When creating new questions, we only have to make sure that the questions are within the specified domain area and have solid verifiable references. We don't have to be limited by CBK or a study guide.
I don't think that the 6th edition will bring enough value comparing to 5th edition to justify purchsing it in addition to the 5th edition.
It was a bundle "Online Self-Paced Training" that I purchased via the ISC2 website that contained the Student Guide. I don't know whether it is available separately.
Hi, Can you please share the link for All in One please?
@AndreaMoore : Hi Andrea, i have the CSSLP CBK 2nd Edition. But Domain 6 in the book is Software Acceptance instead of "Secure Software Lifecycle Management". Am i missing something?