Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ISC2 Team

CISSPs: How did you prepare for the CCSP exam?

As a CISSP who studied for and passed the CCSP exam, how did you prepare?  What did you find valuable?  Did you learn through self-study, if so, what books did you buy?  Did you attend an official training course, if so, which one?  What was your study plan?  What's your secret for success?  We want to hear from you! 



98 Replies
Newcomer III

Concentrate on what you know you do not know

Having taken the exam twice before you should have some "feel" for the areas you are weak on.  I would concentrate on these as a first activity.  Study these areas well and be sure you can get 75%-80% right in practice questions *as a minimum). 


Reinforce what you do know

Having done that, do not forget to keep up-to-speed on the other areas,  The world is fast developing and the questions tend to reflect these changes. 


Apply good principles  to your answer technique

Remember the principles and ensure you are able to apply these. If the answer you provide does not reflect the principles, ask yourself why and try again


Newcomer III

I didn't read through the previous 90 replies, so apologies for any of my spiel that overlaps with those. What worked for me, for the CISSP and for a number of other security focused exams and the 7 exams I took to get an MCSE back in the day, is like so:


Get the Official Study Guide - I prefer it in Kindle format because of the ease and less weight than a big hardback printed book


Read it cover to cover.


I highlight phrases/sentences/paragraphs that I want to note as I go through reading it. Then I circle back every 2-3 chapters and make notes in Evernote on the bits I've highlighted - both doing the highlighting (and more so) making the written notes helps me a lot in terms of having the knowledge sink in and stay with me longer


I take all the chapter practice tests and make a separate Evernote note to track my score on each of them. That helps me to identify weak areas, and also lets me track progress and retention - because with any of them where I score below 85 I retake until I get there.


I use the tip provided in CISSP Exam Prep guidance - devoting roughly half my overall study period to reading the study guide and the other half to practice tests. I took and re-took chapter tests as mentioned above, and took the full exam practice tests multiple times as well. 


I used the CISSP Official Study mobile app - which has smaller quiz length tests - with 10,20, or 50 questions and also flashcards. 

Newcomer II

Newcomer II

Passed CCSP exam this past weekend, took about an hour and twenty minutes. First I refer the CCSP exam outline to limit my boundaries or exam preparation.

Study Material vs my rating

  • Kelly Handerhan CCSP video (3.5/5)
    CSA v3 (3/5)
  • EDUSUM CCSP online practice exams (4.5/5)
  • ENISA Cloud Computing Risk Assessment (3.5/5)
  • CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide (3/5)
  • Wiley website practice tests (from the book) (2.5/5)
  • (ISC)2 CCSP Official Study App (iPhone) (2/5)

I've been in the IT industry 20 years and have been working in a SaaS company for the last 14 years (back when it was an ASP). I architected and wrote most of the core platform software libraries, services and processes. I designed and managed the infrastructure being used as well.

While preparing for the CCSP, I took the CCSK V3 exam since the material is what it's based on and it seems to have a decent foothold. Read through the CSA v3 and ENISA documents then took the CCSK test over the course of a week. Scheduled the CCSP exam for when I could get an opening. Over the next three weeks I watched the Kelly Handerhan video, read through the official study guide and did some mini practice tests and a couple full practice tests. 

Study material review Kelly Handerhan video - Good as always, definitely a good overview. is free and the content is good, that's hard to beat.


EDUSUM CCSP Online Practice Exams - I am full positive on CCSP questions on the test offered by EDUSUM, got many similar questions in real exam and helped me to clear my doubt for some topics. Truly recommended!!

CSA v3 document - Dry read. Some sections seem overly long while others seem shorter than they should be. I see that the V4 has been released, so I'll check that out in the near future.

ENISA document - Fairly to the point, I like that. I didn't focus too much on this one since I deal with this type of information daily.

CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide - The book is well written with relevant information and questions, it isn't all you need to know for the test in and of itself but I'd say it covers ~70-80%. It's divided into easily digestible chapters. I'm a terribly slow reader so that was a plus. The writing style is easy to read. I didn't feel like they drug out topics too long or were too brief either. When I said in the first sentence that it isn't all you need to know, if you don't have experience with the CISSP domains at least read a study guide before taking this exam. This book doesn't cover the CISSP specific material that I saw on the actual test. There wasn't a lot, but there were a few.

Wiley website practice tests (book publisher) - I did see one question from here that was on the test, but that was about it. The rest were quite different than the practice questions here.

(ISC)2 CCSP Official Study App (iPhone) - Decent questions but not like the actual test, essentially the same questions as the book. 

The test
Neither of the practice tests were really like the actual test. The Wiley site and the app are pretty much the same questions and I prefer to use two different providers practice tests if possible; even if one is really rudimentary, it helps break the memorization pattern. Unfortunately, there are very limited resources for practice exams. In my opinion, the actual CCSP exam questions are more clearly worded than the CCSK test even though the CCSP is broader. Maybe the V4 of the CCSK will correct that issue. There were also questions on CISSP material during the exam but if you have reviewed the CISSP material or work in the domains daily, you should be fine. The structure of the questions is similar to the CISSP exam.

I'd take a 15 question test when I had breaks. A week before the actual test I took two full exams and did the full domain tests in the iPhone app. I got a bit uneasy because I was scored 100% on all the domain tests in the iPhone app and thought it may give me a false sense of security. The online CCSK test, the questions were worded in a way that I had to really think them through.

I think it's a good addition to the CISSP. The CCSP exam is broader in scope than the CCSK while still focusing on cloud specific concepts. They just updated the CCSK material so I'll take a look at that and see what the updates look like for it.

Endorsement app sent, just have to wait on approval. Now on to CISM

Newcomer I

I read The Official (ISC)2 Guide to the CCSP CBK twice.  Read some of the NIST documents referenced in the book as well.  Used the practice tests that came with the study guide to see what areas I needed to study further.  Printed out the glossary and studied that vigorously for several days before I sat the exam.  Other than that, mostly drew on my experience from taking the CISSP exam.


Took and passed the CCSP exam 2 weeks ago.  Started the endorsement process and I am just waiting for it to become official now.

Newcomer III

Newcomer II


After completing my CISSP, I took a full lens assessment CCSP test and scored 84%! Then I decided to go for it. I ordered the (ISC)2 Certified Cloud Security Professional Official Study Guide (Ben Malisow) and the iOS app. The book is easy to read, like a novel!

I developped a 4 weeks readiness plan : I read the book, took the online companion tests of the book and the apps.

It was very easy, it took me less than an hour to take the test.

My 2 cts!

Newcomer II

Hi Paul,


Thank you for sharing your study method.  Can you give an example of a mnemonic-friendly chunks?

Newcomer I

Yes, so for the CISSP - I have an example on a blog post I wrote:

If you had asked me six months ago, I had one for the Data Responsibility and one for data life cycle.  For the data lifecycle is was Colorado State University ...  can't remember.