cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
MDChris
Newcomer II

Not too happy with CSSLP Exam

Ok, I took the CSSLP exam.  I got a 688 out of 700 today.  I took the official online ISC2 course with a week's online webex training (which was different from the online work).  I used the flash cards and all the resources.  Out of the 175 questions there were quite a few questions not associated with the flash study cards or what appear to be from the office student guide.  There were also questions about modeling (I will not name them due to not talking about what was on the test), but the models were never referenced in the official study guide.  If I would have known I would have refreshed on the associated models.  Not sure what is going on here, but I would expect the resources to review and understand to be successful in the exam would be in the Official Student Guide.  It would hope someone from ISC2 would please comment on this concern.

102 Replies
spacegodzilla
Newcomer I

Thought I would chime in here - I passed the CSSLP the first time, but I agree that there are a number of questions dealing with topics that show up nowhere in the official review material. How do I know that? Because I wrote a book on how to pass the CSSLP (Essential CSSLP) and read the guide cover to cover multiple times when writing the darn thing. In spite of knowing the official content by heart, there were probably 10 questions that I had to take complete guesses at and probably missed. However, there were quite a few other questions that were not covered by the guide that I was able to reason out based on my experience in software development. PMs and the such would not be able to do that, so unless you have developed software in a multi-tiered environment and worked in the cloud, you will most definitely be at a disadvantage. Not to say you can't pass, but be forewarned. The biggest problem I had with the exam was that a lot of the questions had two correct answers, depending on how much you read into the question. I am a major over-thinker, so I had to slap myself several times to take the questions at face-value only and not start twirling possible scenarios around in my mind.Great advantage as an architect, but not so much when taking a test.

 

At the risk of self-promotion, in Essential CSSLP I did include a lot of tidbits not found in the review material based on my professional software experience, so that might help some people. That experience probably helped me pass the first time.

 

 

MDChris
Newcomer II

You just nailed exactly what I saw.  Also dropping my kid off to go to bootcamp since they re-scheduled it and taking the test an hour later was probably not a good thing to do.  Thank you!

hungngo
Newcomer I

@spacegodzilla, Exactly, questions with 2 possible correct answers are really bad. You have to dial your level of analysis to just the right depth for the exam and don't read too much in the questions. Of course, it's easier said than done.

StarBlue
Newcomer I

So like many others...  I did a bootcamp, read the CBK cover to cover, looked for practice questions all over the place (note if someone has good ones, let me know).  Took the exam Feb 5th and failed it (Supply Chain and SDLC got me).  I have been a programmer for 26+ years, have a few other certs (MCSE for NT 4.0 if you want to make me feel old).  I work DoD and interface with Cyber all day long.  @spacegodzilla hit it really on the head, there are two very very similar answers; sometimes it felt like even maybe 3.  But setting the right depth of analysis is the hard part, I guess I over analyzed the questions and now get to pay MORE money to retake it.  I understand this exam is to prove you are good at understanding the SDLC process.  However, when you make choosing an answer based on what verb is used; the test is no longer objective but subjective to how well you can guess.

MDChris
Newcomer II

Spot on. It’s unfortunate. I guess I date myself too. I had the NT 4.0 MCSE as well.
j_M007
Community Champion

@spacegodzilla 

I would be curious to know how you mentall sorted through the questions to arrive at the "best best answer"?

 

" However, there were quite a few other questions that were not covered by the guide that I was able to reason out based on my experience in software development.  However, there were quite a few other questions that were not covered by the guide that I was able to reason out based on my experience in software development. "

 

For those less experienced in sw development do you have any suggestions as to what bodies of knowledge to study?

 

Thanks for any adivce you can provide!

 

Jackaroo
Viewer II

Hi all,

 

Any suggestions on study material other than the Essential CSSLP?   I've just finished that book and, while helpful, there were numerous exam study questions not referenced at all in the material.  Having taken and passed the CISSP, CISM, and other tech certs, I'm very apprehensive to schedule my CSSLP exam.  This is the most ill-prepared I've ever felt going into an exam.

 

Thanks

j_M007
Community Champion

Hi Jackaroo -

  • First of all congrats on contemplating tackling this beast.
  • Attitude is crucial, so if you are having any misgivings about your prep I suggest you give it another few months until you feel that it's 'go time'! Attitude is crucial because test taking is about small successes; so if you are in and questions seem unknown, then you might panic. Panic kills.
  • Have you read all of the CCSK materials from the Cloud Security Alliance? That is what I am trying to skate through and it is pretty tough skating there, too. 
  • Have you made synopses of NIST SP documents? If you are comfortable with them, then you have a good basis.
  • Have you looked at OWASP material? OWASP has a lot of good knowledge and wisdom collected.
  • Are you able to understand every point in the body of knowledge? If you can explain it to a nontechnical manager, then you are really getting there.
  • Are you able to join or set up a study group? If you can find like-minded professionals who are seeking to write the exam, you might be able to get some needed confidence and knowledge.

If you feel ill prepared, do not take the exam!

havinsomefun
Newcomer II

This test is extremely hard.

 

My background – I passed the CISSP the first time I took it in under 3 hours. I also have the PMP. Took the CSSLP 3 times and did not pass all 3 times.

 

Studied by taking a week long book camp, read the CSSLP CBK “twice” and took all the practice exams I could find online.

 

In my opinion and the biggest compliant I hear is - the confusing and complicated way the questions are written - period. It takes 2 times of reading each question to figure out what they are asking. I have read people who wrote - However, when you make choosing an answer based on what verb is used this makes the test obsolete (I totally agree) and yes there are 2 best answers and the best - best answer makes it extremely hard to figure out which answer to choose (so your down to a 50/50 chance). I think they need to completely rewrite the questions so that they are clearer to understand what they are actually asking.

 

I believe that the questions are written so complicated as to confuse people so that the fail rate is high and that people have to pay the fee to retake this test - period. Good luck to anyone taking this test because you will need it the way the questions are written.

MDChris
Newcomer II

I'm never taking it again. I lost a lot of faith in ISC2 after this CSSLP debacle.