cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
MDChris
Newcomer II

Not too happy with CSSLP Exam

Ok, I took the CSSLP exam.  I got a 688 out of 700 today.  I took the official online ISC2 course with a week's online webex training (which was different from the online work).  I used the flash cards and all the resources.  Out of the 175 questions there were quite a few questions not associated with the flash study cards or what appear to be from the office student guide.  There were also questions about modeling (I will not name them due to not talking about what was on the test), but the models were never referenced in the official study guide.  If I would have known I would have refreshed on the associated models.  Not sure what is going on here, but I would expect the resources to review and understand to be successful in the exam would be in the Official Student Guide.  It would hope someone from ISC2 would please comment on this concern.

102 Replies
j_M007
Community Champion

You make some good points. I wonder what the numbers are with respect to number of test takers versus pass/fail rates?

 

Everything is perfectible; what were the 'gotchas' that tripped you up? What would you suggest that people most master before taking the exam?

j_M007
Community Champion

Hi MDChris,

 

If you were ever to consider taking this again (hypothetical question), what would you do differently? How would you prepare for this exam in another better way?

MDChris
Newcomer II

I'd probably show up drunk or at the very least put my mind in a way where I am not reading into the questions as much. The longer you're in the business the information security the more you realize things are not as black and white.
j_M007
Community Champion

Not overthink, just overdrink! 😉 Thanks

MDChris
Newcomer II

In all seriousness each security organization has their own way of doing security. My biggest mistake (which I did not do when I took the CISSP) was taking this test trying to use the logic and skill I've had utilized being 20 years in the security business. If I was ever to re-take this test, which I do not intend to, I would try in put myself in an ISC2 mindset "What would ISC2 do?" for the duration of the test and throw all my past experiences out the window.
j_M007
Community Champion

I appreciate your comments, and I hear what you are saying. Thanks for your advice and observations.

wncramsey
Newcomer II

I have been saying for awhile that isc2 needs transparency in the test taking. ‘Above proficiency ‘, ‘near proficiency’ and ‘below proficiency’ are totally ambiguous terms and in the matter of taking a pass / fail test, near proficiency has no place.

Yes, isc2 is a business and as such is looking to make money.

I took the CSSLP for the second time about 3 weeks ago, and unfortunately failed it.

I think I did better on my first attempt.

While I will attempt it again, I’m starting to question my decision as there are less than 2300 designated CSSLP professionals worldwide. Is the value there?


Sent from my iPhone
havinsomefun
Newcomer II

Actually the results come back as:

Domain/Performance

  • Below Proficiency
  • Above Proficiency

The first 2 times I took it I received an actually number scale (600/1000) called a – scaled sore but ISC2 went away from that stating to me in an email – “With an update to most (ISC)² examinations in the middle of the year, we no longer provide the numerical score but a proficiency level for each domain. The numerical score did not accurately give a candidate or member the appropriate information to better prepare for the examination. In order to really pass the exam, you would need to receive an “above proficiency” on each domain. This should give you an idea of where to focus your efforts on if you choose to take the examination in the future

 

Again, my biggest complaint is in the wording of the questions.  The first time I took the exam I thought the first lot of questions were the exploratory (throw out) questions because they made no sense and I had no idea what they were asking nor was any of the material in any of the books or practice tests/boot camp.  So I chalk that up to – “ok the real questions will begin soon”.  But as the exam went on and on I was running into those questions again and again.  So that’s my issue with this exam (again I have taken this exam 3 times). 

 

The questions are so confusing and seemly off topic of the material one would study.  I have no idea how others have past unless they are taking a completely different version that ISC2 spits out on opposite days of the week in random sequence – Total guess and joke but I have no clue.

AlecTrevelyan
Community Champion


@wncramsey wrote:

Yes, isc2 is a business and as such is looking to make money.

They class themselves as a nonprofit member association:

 

https://www.isc2.org/about

 

While I will attempt it again, I’m starting to question my decision as there are less than 2300 designated CSSLP professionals worldwide. Is the value there?

I'm seeing it listed more and more on job adverts. Also, with the move to software defined this, that and the other, and the general consensus in the market being that software needs to have security baked in, its value is only likely to grow.

 

AlecTrevelyan
Community Champion


@havinsomefun wrote:

 

The questions are so confusing and seemly off topic of the material one would study.  I have no idea how others have past unless they are taking a completely different version that ISC2 spits out on opposite days of the week in random sequence – Total guess and joke but I have no clue.


These are the CSSLP suggested references:

 

https://www.isc2.org/Certifications/References#accordion-adfed2f17f1d4762920fc2210a966b14

 

Do the topics they cover represent the topics you've seen on the test? I'm considering taking the CSSLP at some point and would look to this list for my study material.