cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ign1s
Newcomer I

Passed CSSLP exam

Hey all, i'm happy to announce that on 9/3/2020 i succesfully passed the CSSLP exam. I started my preparation a year ago and have been studying on a regural basis since then(approx 3 hours per week). Resources that i used:

 

The latter also included mock exams which i used the last month to measure my readiness.

Since i don't have the required experience to endorse as a CSSLP yet, i will travel the associate path. I face an issue though, when i try to submit my AMF. See image below:

amf_submission_erroramf_submission_error

 

 

I've been getting this for 3 days in a row now. Can you provide some details on this?

Happy to be with you guys, lets get a safer cyber world for all people.

 

8 Replies
AlecTrevelyan
Community Champion

Many congratulations and welcome to the club! Glad you made it as I know you've been preparing for this for a while.

 

You'll need to contact Member Services to resolve the AMF payment issue. Either to make a payment over the phone, or for them to fix the issue with your account on the back-end. You can find their details through the "contact" link at the bottom of this site or on the main site.

 

BTW - I recommend you call them and keep calling until you speak with someone rather than emailing or leaving a voicemail if you want this resolved quickly.

 

AppDefects
Community Champion

Passed the CSSLP and found a "bug" in the SSO implementation. Dude you rock!

ign1s
Newcomer I

thanks guys, glad to be here.

fgarcialainez
Newcomer III

Hi,

 

First of all, congratulations for your achievement.

 

Please could you tell us how was the exam? I mean if you find it difficult in terms of long and tricky questions, etc. I have been studying exactly the same books thank you intermittently, and I feel comfortable with the exam questions provided in both, but reading posts of other people that took the exam months ago I don’t feel that real exam includes questions similar to that.

 

Thanks and Regards,

ign1s
Newcomer I

Overall, If i were to rate it in terms of difficulty then i would give it 7 out of 10. I mean that i expected it to have questions that require in-field experience, eg: "Considering this fact and that fact: As an ISSE, what's the best course of action?", but it actually didn't. I also feared that it might include questions that require an undefined number of answers(choose all that apply), but again it didn't. Fortunately it also didn't include hard-wired questions, e.g "pick the right ISO publication". I wouldn't say they are not similar. They are similar in terms of context, that is the 8 domains that make up the certification study material. What i have found is that slight terminology variations exist between official CBK and the other one, which may seem ambiguous for someone new to the software security field(certainly to me xD) and ultimately create this impression you are talking about. One thing that i noticed though is that it included material that was not explicitly stated in neither of the books. I mean maybe it could as an external reference, but not as a discrete topic under listed sections. And there was a good number of them. There were also a few "gift" questions(eg: "What is this?"), approx 4 or 5. Most questions targeted pure knowledge and context-awareness.(eg: "To know what threat modeling is and in which SDLC is it appropriate to apply.")

Please feel free to ask me for more if this answer isn't sufficient for you.

fgarcialainez
Newcomer III

Hi, 

 

First of all, thanks for your answer.

 

What you are describing in your post is much better to what other people that took the exam months ago described in their comments. Probably the exam changed in some way in the last times, as I have read other recent posts in which some people writes comments similar to yours. Glad to hear that :)!

 

When you say that for you it is 7 out of 10 without having too much experience in the field, I feel much more conformable in taking the exam in the future. Btw, what is your background and experience in software engineering / security?

 

Do questions in exam are long with tricky answers in general, or are ver concise and not trying to confuse the candidate? I think that one of the main problems that had many students in past months were that questions were really long (even difficult to understand the own question), and answers most of the times tricky (using similar and weird words in the answers, etc).

 

When you say that there are 4-5 "gift questions" you mean that those questions are really hard because not included anywhere in materials or because are long and confusing?

 

Regards,

ign1s
Newcomer I

I have 2.5 years of experience as a software engineer, working for federal and enterprise product solutions. My position does not directly involve security assignments and i rarely come across them. The closest i have been to the field in general is by using frameworks to implement functional security requirements.(authentication, authorization etc) So yes i guess you can feel comfortable if your position involves a more security-oriented task list, but don't underestimate it. I wouldn't say they are long, in terms of characters length. I can't remember any question to count more than 3 lines of text. Nor remarkably tricky either. I mean i remember coming across terminology used in a bizarre way and conceptual ambiguities, but if you know your stuff, these cannot do you any harm. When i say "gift" i literally mean it. 😛 These questions are gifts from the exam authors. If you spend 1 hour of your time and read the first chapter about basic security concepts you can score them right.
fgarcialainez
Newcomer III

Hi again,


Thanks for your quick answer! 

 

I had understood that you were using the term "gift" with irony :).

 

Regards,