cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
MDChris
Newcomer II

Not too happy with CSSLP Exam

Ok, I took the CSSLP exam.  I got a 688 out of 700 today.  I took the official online ISC2 course with a week's online webex training (which was different from the online work).  I used the flash cards and all the resources.  Out of the 175 questions there were quite a few questions not associated with the flash study cards or what appear to be from the office student guide.  There were also questions about modeling (I will not name them due to not talking about what was on the test), but the models were never referenced in the official study guide.  If I would have known I would have refreshed on the associated models.  Not sure what is going on here, but I would expect the resources to review and understand to be successful in the exam would be in the Official Student Guide.  It would hope someone from ISC2 would please comment on this concern.

102 Replies
MDChris
Newcomer II

I stand corrected on the exam being covered by ISC2.  I re-read the e-mail and my wishful thinking saw one thing, but in fact it is another.  ISC2 will allow anyone who has taken their course and failed the test to re-attend I believe the class free of charge.  It's not the actual test.  We'd still be out the money for taking a 2nd exam.

SalPortaro
Newcomer II

All of my study material had the models. 

veejaydee40
Newcomer I

Hi
Thanks for your response. So did you pass the exams? Can you provide the names of the study materials you used & the models being referred to please? Are you already in the security, developer, DBA, or hardcore IT field?
SalPortaro
Newcomer II

I did pass the test on the first pass. It was brutal. I studied the infamous CSSLP CBK ans the All-in-One. The CBK had the models. I also read the CISSP book by Shon Harris.

 

I have been a developer for about 30 years. Most of it as a developer or a manager of developer. I have a fair amount of security experience from a management prospective,

 

I found the test to be about 25% book knowledge and 75% experience and common sense.

 

The security experience was the key for my passing. There were definitely were not covered in the books. 

 

Sal 

 

 

 

SalPortaro
Newcomer II

That should have read:

 

There definitely were questions that were not covered by the book.

 

The CBK was the 2nd edition.

 

I totally went the self-trained route. 

 

 

nancy_perez
Newcomer II

That should have read:

 

Official (ISC)2 Guide to the CSSLP CBK

CSSLP Certification All-in-One Exam Guide

atraxi
Viewer II

I passed the exam, but only by the skin of my teeth, (I had to answer all 175 questions.)  I am a software engineer, but have been more on the analysis side rather than the actual coding for the last five years.  I studied by just reading the official CSSLP CBK, but there was certainly information on the test which was not thoroughly covered in the study guide.  I also have my CISSP, and I feel that test was exponentially easier than the CSSLP.  The CSSLP test is certainly designed for someone who has actual hands-on software development experience.

veejaydee40
Newcomer I

Congratulations! Thanks for taking the time to respond. My point exactly.
It's very misleading when you state Project Managers, Quality Assurance
Analysts & even Business Analysts can take the exams and pass it. It's also
implied that this exams is geared for folks with software development life
cycle knowledge but in my opinion, it's really not. It's more for folks
with hard-core IT background for example, coders, developers, programmer's
etc. What baffles me is how can the governing board give classes that does
not fully equip the students with everything needed to pass the exams nor
does it's book of knowledge have ALL necessary info for the exams. Doesn't
anyone else see something wrong with this picture or is it just me? I'm
baffled!

Thanks,

Valerie Thomas
The quality, not the longevity of one's life is what is important!
-Rev. Dr. Martin Luther King, Jr.
CraginS
Defender I


@veejaydee40 wrote:
It's very misleading when you state Project Managers, Quality Assurance Analysts & even Business Analysts can take the exams and pass it.
It's also implied that this exams is geared for folks with software development life cycle knowledge but in my opinion, it's really not. It's more for folks with hard-core IT background for example, coders, developers, programmer's etc. 

Valerie,

It appears that you may have misread or misinterpreted the information on the CSSLP exam.

Here is what the CSSLP information page says:

 

=-=-=-=-=

The CSSLP is ideal for software development and security professionals responsible for applying best practices to each phase of the SDLC – from software design and implementation to testing and deployment – including those in the following positions:

Software Architect                            Penetration Tester
Software Engineer                           Software Procurement Analyst
Software Developer                         Project Manager
Application Security Specialist        Security Manager
Software Program Manager            Quality Assurance Tester

IT Director/Manager

=-=-=-=

 

 

There is no claim that individuals in any of those specialties can (or should) take the exam expecting to pass without preparation. The certification is one that covers knowledge that "security professionals responsible for applying best practices to each phase of the SDLC" should have. One reason that we have so much software without decent security built in is that a huge proportion of workers with SDCL responsibility, including oversight jobs like PM and QA, simply do not.

 

Similar to the basic philosophy of the CISSP CBK content, the CSSLP content CBK is based on knowledge that SDLC-involved workers should have, both to do their own jobs and also to understand what others in the SDLC environment should be doing.  This broader knowledge is especially important for management level workers like project managers and software quality assurance workers, to be sure the architects, programmers, and covers are including the correct aspects. 

 

Also, with regard to the expectation that the cram course will cover every question on the exam, I repeat the statement above by William @denbesten:

"f you read through these boards, you will find that there is no single source of material that will prepare you for an (ISC)² exam. The recommendations that you will consistently get are to use many references, to take lots of practice tests and to earn (much of) the required experience prior to sitting for the exam. (ISC)² exams are all about ability to apply your knowledge and experience in real-world situations. Although important, "book knowledge" is not enough to pass (ISC)² exams."

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Andy69
Newcomer III

I had handos-on software development for all my carrer...and I can tell you that the exam was difficult even for me. It is more difficult than CISSP, I agree.