cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ccsp_preper
Newcomer I

CCSP: Inconsistencies between ISC2's Official CBK & Study Guide 2nd edition

Study Guide says on pg 27 in Answer to Q#2 of the Assessment test:

" D. The primary beneft to the customer of using Infrastructure as a Service (IaaS) is the transfer of cost of ownership. In a cloud environment, the customer uses and is billed only for what they use as opposed to the full cost of implementation, saving them a signifcant amount in terms of cost of ownership. While scalability, metered service, and energy and cooling effciencies are a part of the beneft of a cloud computing environment, they are not the primary beneft or business driver behind IaaS adoption."

Official CBK says on pg 445 that  " a. Metered and priced on the basis of units consumed" is the key benefit provided to an IaaS customer.

Which of these answers is accurate?

 

Another inconsistency in the Study Guide:

Figure 3.1 on pg 73 is not consistent with Figure 4.1 on pg 96 which shows "use" before "store" in the Data Lifecycle.

17 Replies
denbesten
Community Champion

You are going to hate the answer, but both are likely correct, for a number of reasons:

 

  • The two statements are not in direct conflict. The first states that a customer will not necessarily purchase IAAS because of its metered-service nature, whereas the second states that a salesman strongly touts metered-service (likely as a "cost savings").  Changes in perspective often changes priorities.
  • Context matters.  In one business, the primary business driver may be that IAAS does not require capital investment.  Others are interested in seasonally scaling.  Still others focus on making maintenance somebody else's problem.   Neither you, I nor any book can dictate which is more important -- it depends on what the business is looking for.
  • Security is not an industry filled with absolutes and black-and-white decisions.  It is more an art of balancing competing objectives to identify the solution that best meets those that are most important.   To pick the best answer, one needs to read the entire question, carefully consider all of the answers and pick the the most correct (or the least wrong Smiley Happy) from the choices given.

Bringing it down to earth...  When my employer subscribed to Office 365, we did so knowing that our costs would go up.  Our primary drivers were eliminating a variety of outdated products and giving our user base a consistent, evergreen experience.  Understanding the metering was critical for us to forecast our costs, but little else.  On the other hand, my mom's PC only got Office 365 when I had a spare seat in my family plan that I could give her for "free".  In other words, metering was the primary driver for my mom, but unimportant to my employer.

 

 

 

 

ccsp_preper
Newcomer I

Thanks denbesten for sharing your perspective. I am in agreement that they are both equally good answers. My frustration is with ISC2's different answers to the same question in two of its "official" publications:

The Official Study Guide answers this Question with "D. Transfer of ownership cost"

When using an Infrastructure as a Service (IaaS) solution, what is the key benefit for the customer?
A. Scalability
B. Metered service
C. Energy and cooling efficiencies
D. Transfer of ownership cost

 

While the CBK answers this Question with "a. Metered and priced usage on the basis of units consumed"

When using an IaaS solution, what is a key beneft provided to the customer?
a. Metered and priced usage on the basis of units consumed
b. The ability to scale up infrastructure services based on projected usage
c. Increased energy and cooling system effciencies
D. Transferred cost of ownership

 

Both the Questions look the same to me. Any help to identify the subtle differences in the semantics that can to determine the best option would be much appreciated :-).

Could anyone who has taken the exam please comment on the appearance of such questions on the exam and any tips on how best to answer them.

Ben_Malisow
Contributor II

 

Thanks! Great notes, demostrating a detailed study of the material.

ISC2 saw your post right away, and asked me (as the author of the Study Guide and the Practice Tests book) to reach out and reply. Here's what I have to offer...

- I'll take the second point first, because that's the easiest to address: that's a mistake, flat out, and my fault when I was making the graphic for the book (my art skills just plain suck). We did see it early after publication, and included mention of it in the official errata for the book (you can find the published errata here: https://www.wiley.com/WileyCDA/WileyTitle/productCd-1119277418,miniSiteCd-SYBEX.html....click on "see more" under the Errata section).

- First point...a bit more subtle, but also seems to be a typo. Obviously, "the customer uses and is billed only for what they use as opposed to the full cost of implementation" is literally the definition of "metered service," so "metered service" should not be included in the list of non-primary benefits that immediately follow that text. The line should read, corrected: "While scalability and energy and cooling effciencies are a part of the beneft of a cloud computing environment, they are not the primary beneft or business driver behind IaaS adoption."

I really apologize for these mistakes (and several others, as listed in the errata), and hope to get them addressed/fixed in the next edition of the book.

Please feel free to post any future concerns/questions you might have, or to message me directly. And thanks again for reading!

 

 

 

ccsp_preper
Newcomer I

Thanks Ben for the prompt response. Would the answer to this  Assessment Test question #2 then change from D to B on pg 27 and be consistent with the Q&A in the CBK as illustrated in my second response in this thread:

When using an Infrastructure as a Service (IaaS) solution, what is the key benefit for the customer?
A. Scalability
B. Metered service
C. Energy and cooling efficiencies
D. Transfer of ownership cost

 

Are the questions on the CCSP test more academic/nuanced like the one above or more real-life/practical scenario based. And are the questions in your Practice Test book sufficiently representative of the questions on the test that my accuracy on the practice tests can be used as a proxy for how I will do on the test?

Thanks.

Ben_Malisow
Contributor II

All good questions. Let me do my best to address them:

 

- The answer to question #2 on page 27 could be either B or D, as they mean largely the same thing.

 

- Many of the questions on the exam are scenario-based. I took the exam about 2.5 years ago, and I'd say about half of them used scenarios. I think that percentage may have escalated, based on feedback I've received from former students who have taken the test more recently. With that said, even using "real-world" scenarios, the questions try to elicit a managerial opinion, NOT a practitioner's perspective...so take that into account. What you know from your regular performance of your duties is not necessarily the "correct" answer.

 

- Honestly, I have no idea if the questions in the book(s) reasonably represent what you'll see on the actual test; I did try to make them conform to the DCO material and address topics I personally recalled from my experience (stressing: topics, not specific questions). But ISC2 instructors and authors are kept strictly apart from the testing team, to avoid conflict of interest, and the exam is constantly evolving, so I cannot say for certain whether your scores on the practice tests will reflect your performance on the actual exam. There are also a host of other factors between practice and actual testing: anxiety, pressure, location, etc. But, taking alllll that into account, I can say that the anecdotal evidence, based on self-identified test takers who have contacted me/made public statements about their own experience, seems to indicate that the books do help in the study effort. 

 

I wish I could be more certain/optimistic, but I'd rather be frank with you.

 

Also, let me please say this, with all certainty: do NOT use only one source to study for the exam (even if that source is one of my books)-- in order to truly grasp the breadth of knowledge that might be tested, be sure to review a wide range of materials, including the CSA website, OWASP, NIST, ISO, EU publications specifically about GDPR, and others (I've listed many in the books, too). Please, please, PLEASE do yourself the favor of taking in a variety of information from many sources (yes, even Wikipedia, for specific technical topics you are unclear on-- I used it to study for my exam, and there is a wealth of knowledge there), and be ready to recognize when even the authoritative sources conflict on some topics-- as den stated earlier, there is a bit of art in our science.

 

But also don't be discouraged: you know more than you think you do, and the test is not in any way deadly....if I can pass it, anyone with good IT/security background can. I am far from the smartest pup in the litter.

denbesten
Community Champion

I would not worry too much about bad or ambiguous questions on the exams.  (ISC)² reports that new questions remain ungraded until they have proven themselves and that they do regular psychometric analysis on the exam. Collectively, these tend to weed out problematic questions before they cause damage. 

 

The science behind test analysis is pretty interesting.  Simply by looking at a bunch of completed tests, one can measure a question's ability to predict if somebody will pass or fail. Effectively, they ask "what percentage of those who passed the test answered this question correctly"  and "what percentage of those who failed answered it wrong".  If both percentages are high, the question is a good one; if not, it deserves to be tossed. In this way, one can "grade" a question without even knowing the question.  All it takes is a bunch of people that have taken the test.

 

 

 

Also, the 70% threshold for passing is pretty generous.  If there are a few bad questions, a candidate who truly deserves to pass can afford a few battle scars.

Ben_Malisow
Contributor II

This is some of the best explanation/advice I have ever heard-- very well put!

ccsp_preper
Newcomer I

Thanks denbesten & Ben ...that helps ease some of the anxiety as there isn't much info on how well the books (I purchased the CBK, Ben's study guide, Ben's Practice Tests & , All In One) can prepare one for this exam. Most of us have full time jobs and families to care for, so that we cannot prepare for this ($600/expensive) exam indefinitely.

I passed (95%) the v4 CCSK a week ago, completed all the chapter practice Qs in CBK, Study Guide & AIO so far.

Here's my plan:

1. study the CBK (hopefully twice, 2nd time after I take 2 mock tests)

2. review the CCSK v4

3. practice about 2,000 Qs from the online tests that come with the Official ISC2 resources that I purchased + the AIO's Total Tester SW.

If I consistently score over 95% in the last 3 mock tests, I'll take the exam.

Please let me know if there are other materials that I should study to fill any knowledge gaps. Else, I'll report back after I take my exam or uncover the need to study additional materials.

Cheers!

Ben_Malisow
Contributor II

Sounds like a good plan. Be sure to check out the other sources I suggested in the earlier post, too. Looking forward to hearing about your experience! Good luck.