I took the CAP exam on my birthday, 17 DEC 2020, and freaking passed. Well provisionally passed at least. I used 800-37 rev 2, FedVTE, and InfoSec, and the CAP flashcards provided by ISC2 as study material and put about 80 solid hours into studying for the exam. I watched the videos from both sources many times and took the flashcards in test mode numerous times. I bought the CAP CBK book, but did not study it as it is severely out of date.
It is not hard at all, the exam focuses on the rudiments of the RMF and how it aligns with the SDLC. I recommend that before you test, go through the exam outline and try to think of everything you know in each of the domains. If there is a sub topic in the domain that you did not cover, then you're probably not ready to test. DO NOT TAKE THIS EXAM, OR EVEN THINK ABOUT TESTING IF YOU DO NOT KNOW THE ROLES AND RESPONSIBILITIES and RMF/SDLC.
Congrats! And yes, it's not hard but ONLY if you study and study correctly.
I also used FedVTE, the CAP textbook (2nd edition, although it's a little outdated with NIST SP 800-37 in town), and many of the NIST, FIPS, and CNSS pubs.
And since you're joining an elite CAP team, I highly suggest reading up on NIST Cybersecurity Framework and how this ties in to present-day RMF. You'll then discover that NIST SP 800-37 Rev 2 makes better sense with all the incorporated substeps integrated into each of the seven domains (e.g. incorporation of Supply Chain Risk Management (SCRM) in the Prepare step, Cybersecurity Framework activities/outcomes, etc).
Congrats again...and best of luck getting your endorsement!
Hello everyone. I passed the CAP exam yesterday, 07 MAR 2020. There is no much out there for those of use who want/need guidance to prepare for this exam.
Im planning on taking the exam in mid April. I've been hearing that the exam is still covering NIST 800 37 Rev 1. Some clarification on this would be so helpful!