Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
StevenJ6052
Newcomer III
‎03-10-2018 02:04 PM
‎03-10-2018 02:04 PM

Passed the CAP Exam This Morning: My Thoughts

To provide some background, I have been an IT program manager for the fast fourteen years. Having been certified as an MCSE (NT 4.0 and Win2K) and CCNA earlier in my career I let both certs lapse as they were no longer directly relevant for my career. I also picked up the PMP several years ago which I continue to maintain.

 

During the past couple of years I have developed a strong affinity for Risk Management  especially with regards to the IT security program I manage. Having passed the CISSP in early 2017, I decided the the CAP with its focus on the NIST Risk Management Framework would be a good next step.

 

Unlike the CISSP (or any other exam I have taken) there is very little in the way of published study guides and virtually no practice tests banks that I found useful. I rented the "Official (ISC)2 Guide to the CAP CBK" 2nd edition and read it in its entirety, but honestly found the freely available NIST 800 series (800-39, 800-37, 800-30, 800-53 & 53A etc..) as well as the FIPS 199 & 200 to be the best source of information. In addition, I found a few very good lectures on the NIST RMF provided by NIST on YouTube.

 

As for the exam, it consists of 125 questions and you are permitted three hours to finish. A sage piece of advice that I was given for the CISSP, "you need to think your way through the test" is equally applicable to the CAP. All 125 questions for multiple choice with only one answer. That said many were of the "best our of four poor choices" variety. Like the CISSP this is very much a management level exam, albeit with a much narrower focus. Unlike the CISSP there were no false "technical" answers to tempt you.

 

The best advise I can give anybody looking to take on the CAP is be very familiar with the NIST Risk Management Framework and how it map to the System Development Lifecycle. Roles & Responsibilities as well as vocabulary are critically important as well. Always remember that "plans" happen before "reports" and it is "Reports" that contain information on your implementation. When given a choice between multiple more or less correct answers, choose the one that is the most "all encompassing". For example if you are having trouble deciding between "Threat Sources" and "Vulnerabilities", choose "Risk Factors" as threat sources and vulnerabilities are both risk factors. When in doubt  about who the responsibility belongs to, it is probably the "System Owner"

 

This post probably adds another 25% to the total amount of direct feedback I was able to find online about this exam, but I must say of all the exams I have taken, this one has the most direct applicability to my daily on-the-job responsibilities. 

 

Should you decide to tackle the CAP, Good Luck, hope this information is helpful!

Reply
78 Replies
Alfredkwame
Viewer
‎08-29-2019 09:00 AM
‎08-29-2019 09:00 AM

Yes I have some more people also wanna take same exams and we form what’s
up grou to share ideas and learn.you can email me your phone number so we
add you to the page.
Reply
0 Kudos
Valentino76
Newcomer I
‎08-29-2019 09:19 AM
‎08-29-2019 09:19 AM

Hi good morning. I will be very much interested in joining the group. My
cellphone number is 346*******.
Thanks and hopping to hear from you soon.

Reply
0 Kudos
bizzle09
Newcomer I
‎08-29-2019 09:26 AM
‎08-29-2019 09:26 AM

Please kindly add me to the group. 469*******. Thanks

Reply
0 Kudos
pinaykyutie
Viewer III
‎08-30-2019 11:16 AM
‎08-30-2019 11:16 AM

Hey! Sure would love to join: My number is 703*******

Reply
0 Kudos
AppDefects
Community Champion
‎08-30-2019 12:30 PM
‎08-30-2019 12:30 PM

Congrats on passing! Kudos to everyone interested in taking the exam! You rock! Now, to be clear there is no DIACAP or DITSCAP. It's all RMF baby! 

 

Ps. Unless you want the whole wide world to know your cell number I'd suggest not posting it here because this community is indexed by Google.

 

Pss. @Kaity clean-up on aisle 5 we have a "PII spill"... 

Reply
0 Kudos
Kaity
Community Manager
Community Manager
‎08-30-2019 01:03 PM
‎08-30-2019 01:03 PM

Thanks for the heads up! Just a note to everyone on this thread, I've edited the replies to remove the PII 🙂 Please share information like that via Private Message, as these boards are accessible to the public.

Thanks all!
Reply
ShadowPunch07
Newcomer II
‎09-04-2019 04:04 PM
‎09-04-2019 04:04 PM

Is the current ISC2 CAP exam based on NIST SP 800-37r1 or r2?

Reply
0 Kudos
Kaity
Community Manager
Community Manager
‎09-04-2019 05:28 PM
‎09-04-2019 05:28 PM

I'm checking with the experts in our exam team for confirmation. Hope to post an answer tomorrow!
Reply
Kaity
Community Manager
Community Manager
‎09-05-2019 11:55 AM
‎09-05-2019 11:55 AM

Hi @ShadowPunch07 

 

I talked with one of our content development managers (she holds CISSP and CAP) and she confirmed that we try to keep up with the ever-changing NIST documents. New items (aka questions) are always written to the latest document that is out there. When documents are suspended or revoked, we try our hardest to keep our exams updated.

 

That's part of our exam refresh process - and we just updated CAP in October of last year. 

 

I hope this helps! 

Reply
0 Kudos
Alfredkwame
Viewer
‎09-05-2019 12:32 PM
‎09-05-2019 12:32 PM

Based on R1 however R2 not yet updated well I have some past questions and
ares that will help you pass and if you’re interested let me know.
Thanks
Reply
0 Kudos