Re: Is CSSLP self-paced course reflective of exam?

rjk · ‎11-03-2025

I completed the self-paced ISC2 CSSLP course, took the assessment and got 89%, which left me feeling confident. I booked my exam for December (first available).

I decided to do some practice exams on Udemy (couldn't find any on the ISC2 site, which seems strange) and I only got 69% on the first one I took. There was a significant number of questions that covered material not in the ISC2 course, and the level of difficulty was a step up from the ISC2 course assessment (though there were quite a few easy ones).

My question is, is the ISC2 good preparation for the exam? I've read the All-in-One Exam Guide book, and that one seems a little out of date. I've not taken that practice exam but will do so in the next day or two.

Any suggestions welcome!

H508339

The self-paced ISC2 CSSLP course is what I took to pass the exam. Yes the CBK seems out of date but is valuable as a desk reference, even after you pass (which you will). My advice is to keep taking those practice questions even if the adaptive learning says you've learned it. And the practice questions from the book as well as the course. When you take the exam, take your time (I'm saying this to remind myself as well). The questions can be tricky so read them carefully and then re-read them. Take a break during the exam as well to help you relax.

dcontesti

Let's ask @CBMExamTeam to chime in on this one.

In the past there has always been a Chinese Firewall between trainings and the exam. This was done so that the organisation does not violate their Articles of Incorporation.

As a general statement, I believe (MHOO) that you should not rely on one source for training.

d

CBMExamTeam

@dcontesti @rjk @H508339
Thank you for reaching out about this!

Here is what I can tell you about ISC2 exams.

Yes, @dcontesti , you are correct. ISC2 exams are experience-based. Any training, resources and tools utilized to prepare for the exam are for reference and not actual questions on the exam. We cannot teach the actual exam; there is an ethical wall between Training and Exams.

Unlike other exams where, if candidates memorize the course content, they will pass the exam, ISC2 exams test the way candidates can apply the knowledge, skills and abilities listed on the exam outline and taught in the course. So, candidates cannot rely on rote memory to pass any ISC2 exam.

A suggested methodology for tackling the exam items -

Take the time to thoroughly read and process the item (what is the question?)
Use the process of elimination
Eliminate what are obviously incorrect response(s)
Focus on the responses left and decide which is the correct response. There are no “trick” items on any of our exams; there is always one obviously correct response.

Our examinations adhere to technical guidelines which deal with the content of the items, their relevance to the profession, their appropriateness, their timeliness, their reasonableness, and their relationship to the Common Body of Knowledge (CBK). They adhere to grammatical guidelines that deal with the style of the items, their structure, consistency, clarity, bias, and readability. These guidelines ensure that the examinations remain impartial, valid, and relevant as well as maintaining our ANSI accreditation.

Hope this helps!

dcontesti

Thank you @CBMExamTeam

rjk

Thank you for your response!

"There is always one obviously correct response" is music to my ears! I reviewed the Udemy practice exam I failed and found that for many of the questions I missed this was not the case.

Example: What is an important purpose of maintaining a SBOM? 2 obviously wrong answers, 2 possibles to choose from: Ensuring compliance with software licensing agreements or Identifying potential vulnerabilities. Those are both valid answers, I think. If you google "purpose of SBOM" you get both of those answers listed.

My concern was if this is the standard of exam question then I may as well toss a coin for some responses.

I've gone thru the ISC2 materials 3 times now, have read Conklin's CSSLP All-In-One book and have started Fortich's CSSLP Study Guide 2025-2026. I feel I have a good grasp of the subject matter, I just need to do practice questions and unfortunately there isn't much available out there.

Thanks again for you response, it was very helpful!

norbertmurzsa

Hi there,

I also read several books besides the self-paced official CSSLP course and its example preparation questions.

The exam generally covered and built upon the official CSSLP course. Moreover, I experienced very low quality exam preparation questions elsewhere.

I recommend completing all exam preparation questions within the official self-paced ISC2 CSSLP course to ensure you touched all areas and review all questions you made incorrect answers.

I have another thread here about the possible incorrect Q/A in the course, I recommend to read through. I also have some additional reading materials in that thread.

Good luck!

N

rjk

Hi, thanks for your response!

I did see your other posts. I had the same issues with some of the questions.

I've been using the self-paced online CSSLP course and the eBook that comes with it. I've also read the All-in-One book. I've purchased CSSLP Study Guide 2025-2026 book, mainly because it has 500 questions. At this point, I really need to do practice questions to test my understanding. My exam isn't until Dec 17th, which was the earliest available, so I've got time.

Thanks!

Kaity

Hi folks!

You may want to download the CSSLP flash cards for some study prep as well. These are free once you fill out the form: https://cloud.connect.isc2.org/csslp-flashcards?_gl=1*1ww2c7o*_gcl_au*MTE1MTY2NjA2LjE3NjI4Nzk5MjA.*_....

norbertmurzsa

Good luck! Really!