My first thread post, so I hope it has not been answered elsewhere. Likely, it has, but I have not yet found the FAQ, so I hope you'll bear with me.
As the title indicates, I am preparing for the exam. I have the Sybex book, and many colleagues of mine say that it is quite helpful.
I have read the book and answered the questions well and am comfortable with what I have seen and studied. I have experience in BCP/DR, ITIL, operations, etc and have read or used a ton NIST documents. However, my concern is, "You don't know what you don't know." -- or more correctly: I don't know what I don't know.
How did those who wrote and passed the exam account for the knowledge gap?
How many people were able to study with a partner? Did it help or hinder? Why?
For those who failed the exam, why do you think you did? Misunderstanding the notion "Best" response?
The book I have was published in 2015 I think. What about recent developments in cybersecurity? Are questions static or are there yearly updates ?
Very many questions I know, and I hope this is the appropriate thread stream to post this.
I think there are still a number of areas that I need to understand to a granular level and then apply them to real world scenarios. As well as understand how certain controls influence other security areas.
I don't like the language used in the examination questions, they are never direct and certainly don't represent the style in the official manuals.
I think with your background and understanding of the topics you will be fine.
I had to take my engineering hat off and put my business management head on, which was tricky,lol
Thank you for the helpful and hopeful reply, ISCMAC802.
Firstly, kudosto you for having the courage to write the exam. I want to encourage you to take what you've learned at the first occasion and apply it to your retake. Keep at it because it is worth it.
Secondly, thanks for your generosityin sharing your experience. I truly appreciate it.
You're right when you talk about the language issues; I am preparing for the exam with a colleague for whom English is not his first language. I have taught him a new expression, which is in vogue these days: truthiness. Read the questions carefully. Think about what they are implying. Consider what is most plausible. Then choose the truthiest response. As the song say, "You may be wrong, but you may be right."
So the challenge is, I suppose, to take your practical knowledge and combine it with the CBK concepts and to try to reconcile the two. Engineers need to bulk up on managerial and other security concepts (security risk management, crypto, asset security, etc.) Other candidates have to come out of their comfort zones and bulk up on the more technical aspects (COMMSEC, NETSEC, etc.)