Re: Is CSSLP self-paced course reflective of exam? - Page 2

rjk · ‎11-03-2025

I completed the self-paced ISC2 CSSLP course, took the assessment and got 89%, which left me feeling confident. I booked my exam for December (first available).

I decided to do some practice exams on Udemy (couldn't find any on the ISC2 site, which seems strange) and I only got 69% on the first one I took. There was a significant number of questions that covered material not in the ISC2 course, and the level of difficulty was a step up from the ISC2 course assessment (though there were quite a few easy ones).

My question is, is the ISC2 good preparation for the exam? I've read the All-in-One Exam Guide book, and that one seems a little out of date. I've not taken that practice exam but will do so in the next day or two.

Any suggestions welcome!

norbertmurzsa

To tell the truth, in several questions, I disagreed (or just partially agreed) with the aswers that were marked as the BEST correct. This probably comes from my past "real life" experience and the older books I have read.

I think completing the cyber exams seems a bit easier with less experience. People just need to accept all answers that are marked as correct as facts - with no questioning.

So, I suggest completing as many practice questions you can from the official ISC2 CSSLP Self-Paced Online Training. Do screenshots, make notes about your correct and incorrect answers for the practice questions to find out which domains are your weaknesses and focus much more on them. Sooner or later, the practice questions will run out and you cannot practice them without purchasing the full training again. Then, you can re-use your earlier notes, comment to re-experience those "problem" questions again.

And yes, during the exam, I read all answers even if it seems the first is the correct one. My wife always laugh at me because she says, I lose time with reading through everything. What I learnt during my work experience and exams, that we have to ensure we make the least mistake. So yes, I may lose time but I prefer understanding the questions first and then selecting the correct answer.

nkeaton

@norbertmurzsa My friends that teach CISSP say that people generally do worst in the domain(s) that they work in most. You nailed it with experience vs the book answer. It is good to know that going into an exam though. Your advice is definitely sound. Congratulations on passing that.

Kaity

I highly recommend the online self-paced courses for any certification you're preparing for. All of the ISC2 courses of this nature are adaptive, which means that the course adapts to your strengths and weaknesses, so that you're best prepared to sit for the exam.

rjk

Thank you!

hcamilleri

Hi,

Thank you for this discussion.

Reading through the thread, I felt many of the same challenges. I’ve gone through a great deal of material and completed all the questions across three different guides, including the self-paced training, yet I still feel as though I need many more practice questions to be confident that I’ve covered everything in the Certification Exam Outline and good for the exam.

If you have any additional resources to recommend, I’d be grateful to add them to my list. So far, I’ve completed:

Official Guide to the CBK
All-in-One
CSSLP Official ISC2 Textbook, 6th Edition

One more question @rjk regarding the SBOM discussion: since both “ensuring compliance with software licensing agreements” and “identifying potential vulnerabilities” were mentioned as valid interpretations, could someone clarify which of these was marked as the correct answer?

Thanks!

nkeaton

@hcamilleri While this is one exam that will probably not attempt, on the ones that I have studied for, I always check ISC2 suggested references and read the NIST documents that am unfamiliar with. isc2.org/certifications/references#CSSLP. Best wishes.

rjk

The answered marked as correct is "ensuring compliance with licensing agreements". "Identifying potential vulnerabilities" is incorrect because the SBOM doesn't directly identify vulnerabilities, you would use some software to compare to NVD. That to my mind is pedantry and hair-splitting, because an SBOM isn't going to directly tell you if you're compliant with licensing agreements, someone will have to check.
In reality, both are important. Non-compliance can land you in legal trouble, and introducing a serious vulnerability can be catastrophic. It's a poor question, IMHO.

norbertmurzsa

Hi there, It is worth mentioning that both - The Official Self-Study Online Course, and - The Official Study Book have numerous overlapping reference materials. I downloaded them all into the relevant domian folders and read them all. Some AI summary (Adobe, Open AI, etc.) may help if you want to save time, but I would not fully trust in an AI summary. This is up to you. That's my final advice. Thanks and good luck! N