cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Viewer II

Re: Passed the CAP Exam This Morning: My Thoughts

I passed my CAP exam today.  I just wanted to say thank you for posting your insight on the test.  I only had a week to study for the test and like you said, i had a hard time finding study material.  I followed your suggestions and studied the NIST documentation and watched a few YouTube videos and that was enough for me.   

 

I have been involved in RMF for 3 years now so my experienced played a large part in being able to absorb the marital quickly.  The only thing I would add to your great suggestions is for those looking to take the test is to make sure to study Contingency Planning (NIST SP 800-34) and be familiar with some of the tools the SCAs use to asses information systems. 

Newcomer II

Re: Passed the CAP Exam This Morning: My Thoughts

Koba, congratulations on passing the test!

 

Thank you for sharing your success with me. I am very happy that you found my suggestions helpful. I shared your post with a few colleagues of mine who are planning to take the exam this month. they found your success encouraging. Best of luck in your future endeavors!

Newcomer I

Re: Passed the CAP Exam This Morning: My Thoughts

Good evening group. Has anyone taken CAP recently and what areas should i really focus on. Where can i get updated materials and any reading tips or guidance.
Thanks
Newcomer II

Re: Passed the CAP Exam This Morning: My Thoughts

I had a colleague take and pass the CAP exam last week. I asked him about his experience and thought I would provide an update.

 

as I suggested in the initial post on this thread, the primary document to study is NIST SP 800-37.

 

as my colleague pointed out most of the questions are “situational” requiring  you to use the knowledge from the NIST 800 series and think your way through the questions and answers

 

The bottom line is this test is about the RMF system authorization process. That info is well documented in the NIST 800-37, k ow that inside out and be prepared to think your way through the exam and you will do fine.

 

Good Luck

 

 

Tags (4)
Viewer II

Re: Passed the CAP Exam This Morning: My Thoughts

Please can you assist with the context of the questions for the exam? I have bought online a revision kit consisting of many questions concentrating on Risk Analysis with hardly any reference to the RMF and the roles involved: CIO, SISO, CISO, Information Owner etc. Other online revision sites have the same set of questions which makes me think that we are being duped.

 

It seems the questions are from the same source and they don't relate whatsoever to the CAP Book of Knowledge or the RMF and SDLC. Is there a source with more relevant questions?

 

Thanks in advance 

Viewer II

Re: Passed the CAP Exam This Morning: My Thoughts

I didn't find any prep questions.  I studied as much of the NIST documentation as time would allow.  I only took a week to study (I didn't have a choice) and being very familiar with the NIST documentation concerning RMF and the SDLC is what got me through.  There were a few questions there were not straight from NIST, but that's where my experience as a security engineer, and a SCA-V came into play.  If you're already familiar with RMF, studying the documentation already mentioned in this thread should be more than enough.  Hope this helps.

Viewer II

Re: Passed the CAP Exam This Morning: My Thoughts

Many thanks for that. If I'm not mistaken it's just the NIST-800 series right? I think I'll just get onto that. As a last question was there a lot of reference to DIACAP AND NIACAP in there?

Viewer

Re: Passed the CAP Exam This Morning: My Thoughts

Of course, congrats first and well done!  From a basic perspective, do you think it is worth going for the CAP if a person already has a CISSP? I understand they are focused on two different aspaects, but wasn't sure if having a CISSP would "cover" someone, for lack of a better term, for the CAP certification.

 

My gut tells me they are two distinct certs with two different focuses, so going after both would not be a bad idea.....thoughts?

Newcomer II

Re: Passed the CAP Exam This Morning: My Thoughts

Skubinna,

 

The CAP and CISSP are very different credentials with different purposes. The CISSP is very broadly scoped covering the full spectrum of information security. The CAP on the other hand is very narrow in its focus dealing exclusively in the NIST Risk Management Framework and system authorization process. If you are currently working in the US Federal Systems or other government information security space or are trying to break into that segment of the Industry the CAP can really help you stand out from the crowd.

 

If however you are working in other areas on the industry, Commercial Industry, Healthcare, etc.. that do not use the NIST RMF or system authorization process, the CAP may have very limited applicability or "name recognition"

 

I will say that for my day to day activities, the CAP CBK has the most direct impact on my daily activities than any other cert I currently hold.

 

Good Luck

Viewer

Re: Passed the CAP Exam This Morning: My Thoughts

That really is a fantastic answer. Short, spot on and helpful, thank you!