cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mbenet
Newcomer II

CCSP exam passed - recommendations and opinion

Hi everybody,

 

Some months ago I came here for the first time to post my experience with the CISSP exam, that I had just passed. See this long post and this one a little (not much shorter). After the process of endorsement, I am currently a CISSP. One week a half after CISSP exam, I passed CISM, what was a little trickier than I expected but not specially hard with the CISSP study I had gone thru. But we're not on ISACA forums, so let's move on.

 

This wednesday June 5th I sat for the CCSP exam, which I passed. So here are my thoughts.

 

First of all, with regard to the hardness of the exam, there is something relevant to consider. While I spent a couple of months quite focused in the CISSP study, in this case I barely spent a couple of weeks studying, probably about 40 hours total. When I sat for the CISSP, what frightened me was that I didn't know what to expect in the exam (i.e. questions type, language, subjects, etc.). In this case, in general terms I knew what to expect (as both exams are from ISC2), but I felt much more insecure with regard to my knowledge. At the end, studying for the CISSP proved to be very valuable, because many terms that the CCSP material uses were already familiar to me. In other words, I don't think I wouldn't have passed CCSP without studying for CISSP, but that's probably up to one's experience (for example, I don't think I would have passed CISSP without my +15 years of InfoSec experience).

 

Another element to consider is the type of exam. Back in March I did the adaptive CBT CISSP exam, what implies that after answering a question you cannot go back. You just move ahead. In the case of CCSP, as with CISM, you can review and flag questions, what can led you to some overthinking. I had flagged about 25% of the 125 questions when I reached the last question, in approximately 100 minutes. It took me 15 minutes or so to review the flagged questions and after a couple of hours I was done with the "Congratulations" printed sheet in my hand. 

 

So, did I find the exam hard? Not hard, but not exactly easy either. Having done the CISSP exam and the previous intense studying helped a lot, and my experience in other IT fields did help too, but when I began studying there were a bunch of concepts I was not very familiar with. So if you are not into cloud computing but have experience and good knowledge of InfoSec, you will need to study a little, at least. As with the CISSP, you will need also some inference abilities, because sometimes it's not that you know the answer, but that you can rule out the other three options (or at least two, and then make some deep reasoning... or guessing).

 

When I planned for the exam, I was very ambitious (CSA, NIST, ENISA, etc.), but I got more practical as the exam date approached. My study materials were the following:

 

  1. CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide. I arrived to page 220 or so before getting into the tests, as I was running out of time.
  2. CCSP Official (ISC)2 Practice Tests. 
  3. OWASP Top 10.
  4. EDUSUM test questions.
  5. Boson CCSP test questions.
  6. Cybrary's Kelly Handerhan's CCSP course.
  7. CSA Cloud Controls Matrix.

My thoughts on those materials are:

 

  1. The book is easy to read, not too deep. I found it helpful but (maybe) some chapters too high-level. 
  2. I did the 1000 questions, easier than the exam, but extremely helpful for reviewing concepts.
  3. OWASP Top 10. I already knew them, but gave it a quick read.
  4. I purchased EDUSUM CCSP test questions because I had read some very good reviews. To my surprise, quite a few of the EDUSUM questions were very similar or completely identical to the ones I had done on the Ben Maslow's Official Practice Tests. To worsen the thing, the web interface is pretty simple (no graphs, no info on weak domains, no way to select only wrong questions, no way to rule out questions based on the number of times answered correctly, etc.) and there are no explanations on the right answers. Not glad at all with it, to be sincere.
  5. I purchased the Boson CCSP test from Boson marketplace, mostly based on my CISSP experience. In this case the experience was not that good, but not bad at all. Even though in some questions it gets into more detail than other materials, it's good at giving explanations of the right answers, and provides a more deep approach to cloud technology than anything I had read before, so it was an entertaining way to see further.
  6. I did not finish all the videos (something I plan to do soon), but what I saw was spot on, as usual.
  7. I already was familiar with it, but I made a quick review of the frameworks covered.

That's pretty much all. As I said with CISSP, it's an exam you can do with some effort, that will depend on your InfoSec, IT and Cloud experience, and if you have done CISSP before.

 

Hope it helps.

 

Good luck,

 

Manuel Benet 

 

7 Replies
AlecTrevelyan
Community Champion

Congratulations and welcome to the club!

 

CEMyers
Newcomer III

A useful summary for others following similar paths.  My best wishes for your future.

xpensiv1
Newcomer III

Congrats on passing  both of those exams.

Just proves that hard work and diligence pay off.

I would like to know if you have a method for pre-exam study efforts?

Do you spend more time reading through exam guides, and other reading sources, or do you spend more time doing pre-test and less time reading through reference sources?

I know that for the most part many individuals log in to the different  certification communities in search of what is the best or most effective study method(s) and resources used to study prior to the different certification exams. Your post had some really good information and should provide insight to those seeking answers to for the easiest solution. Put in the time, get the experience, and seek guidance for issues or concerns that give the trouble. I am extremely happy for you and again Congrats on your accomplishments.

mbenet
Newcomer II

Hi, xpensiv1. 

 

Thank you for your words. Regarding my method, I wouldn't say I have one, but I can describe you my usual approach.

 

I usually start with the official material study and any other "general" book or reading source, and highlight it from beginning to end. Enough to have a good general overview, but not too much so I don't have time for doing tests. While doing so, I usually take photos of concepts or diagrams I find useful (or hard to memorize), and I go thru them on the bus or while commuting. I find highlighting it very useful, as it forces you to read slower, and even reading a sentence before highlighting.

 

After highlighting materials, I do a bunch of tests, and keep taking photos of things I didn't remember/get/understand (that's why explained answers to tests are so important to me). After some time, I do a quick read of the highlighted materials and go back to the tests. At this time, I can have a hundred pictures of concepts, pictures, diagrams and figures in my smartphone. Let's say it's a custom type of flashcards.

 

I keep doing tests, and from while to while, I go to Internet to search or to go deeper in some concepts, while keeping reading the smartphone custom "flashcards" when commuting, being bored, waiting for somebody, etc. Mostly in the case of CISSP, I recall as if the materials were constantly on my mind. If I had a pause, I opened the gallery and went thru the pictures, giving them a glance and a quick look. I think the idea is to get you focused on the materials as much time as possible, feeling that it fills all the gaps you have unused time.

 

Hope it helps. Thank you again for your words 🙂

 

Manuel

AppDefects
Community Champion


@mbenet wrote:

My thoughts on those materials are:

 

  1. The book is easy to read, not too deep. I found it helpful but (maybe) some chapters too high-level. 

What would you recommend changing with the book? Where did you find that you needed to dig deeper?

mbenet
Newcomer II

Hello, Appdefects.

 

It was a general impression, not something very specific, but allow me some time and I'll try to elaborate on it. Maybe I expected more technology-related examples or some technical insights, even though I know (ISC)2 is vendor neutral, so that makes things harder.

 

In any case, do not misinterpret me. I think the book is a very valuable resource to learn, understand and refresh concepts, related to cloud computing and anything related to it, even marginally. It is a good book, by all means, to prepare to the CCSP. 

 

You also have to take into account that I passed CISSP two months before the CCSP exam, and the material of CISSP covers part of the CCSP contents, so most of it was already familiar to me. If I had gone directly for the CCSP without studying previously for the CISSP, it's very possible that things would have changed quite a lot.

 

Best regards,

 

Manuel

sankar
Viewer II

ALL ASPIRANTS,

PLEASE DON'T WASTE MONEY BY PURCHASING - EDUSUM PRACTICE QUESTIONS . THEY ARE CHEATING WITH 1300+ QUESTIONS BUT UNFORTUNATELY THERE ARE ONLY 370 QUESTIONS AND ALL ARE FROM - OFFICIAL PRACTICE TEST . SERVICE IS REALLY WORST .