Hey all,
Ended up taking the ISSAP exam after reading through the book and some misc material (NIST).
I thought the test was overall very easy, the technical questions were on the level of a regular CISSP exam however I ended up with a bunch of questions that were very difficult to understand or simply did not make any sense. When I left the exam I was confident that I had enough questions right that the other ones wouldnt drag my score too low. Well I was wrong.
The results of the exam were even more perplexing, the lowest scoring domains are the ones that I have had the most experience in (10+ years) IAM, security architecture. My highest ones were the ones I have relatively little experience (legal/compliance), DR (we have departments that handle a good portion of this).
To be perfectly honest, Im not sure what to do next. The CBK book is terrible, information sucks, written by a 5y/o, really difficult to read etc. In fact I have the CISSP and CISSP-CBK books and I thought those offered more insights than the ISSAP book.
Any thoughts on the official training material just came out?
Any pointers? I read the ISSAP CBK, security engineering book by mr Anderson and a few NIST documents, flash card app from ISC. I have been debating just giving the exam another go in 30days
Results: IAM below, infra security app security near, rest were above.
Thanks
T
I haven't taken the ISSAP exam, but it's something I'm considering.
My advice would be to look to the supplementary reference list to help bring your scores up in the deficient areas: www.isc2.org/issap-cbk-references
There are twenty references in that list many of them available to download for free (and not just the NIST ones). Of the ones that aren't available for free, many can be purchased used from Amazon for not a great deal of outlay.
As I said in another ISSAP thread earlier today, there's a good study thread by @DWayland who passed this exam around six months ago here: https://community.isc2.org/t5/Certifications/ISSAP-Passed-Study-Sharing/td-p/13660
Have you retested??? Interested in how you are targeting your reattack? My reattack involved going back over my InfoSec Institute material (which they admit is old), the 2nd ed CBK (which ISC2 admits is dated), and buying questions online (which are dated 2015). Here's my WTF emoji!
I know you're talking to @zlykot but given I am now studying for this test I guess it's appropriate for me to respond.
In summary, I'm following the advice I gave above and reading books/PDFs/web pages from the suggested reference list. Supposedly, all the questions on the exam can be referenced back to text found somewhere in that list.
As someone who has already taken the exam you have the advantage of knowing the subjects you will be asked about and the level of detail required, so you can use the suggested reference list to focus your efforts on any weak areas.
When I started studying, I did the practice test @DWayland mentioned in his thread to help me identify any weak areas, and to help me gauge the depth of knowledge needed and the types of questions I might be asked. Throughout my studies I have tried to keep those things in mind to ensure I'm covering the correct level of detail and focusing on relevant details. This test was based on the previous CBK domains so it's out of date but it has hopefully served its purpose.