Ok, I took the CSSLP exam. I got a 688 out of 700 today. I took the official online ISC2 course with a week's online webex training (which was different from the online work). I used the flash cards and all the resources. Out of the 175 questions there were quite a few questions not associated with the flash study cards or what appear to be from the office student guide. There were also questions about modeling (I will not name them due to not talking about what was on the test), but the models were never referenced in the official study guide. If I would have known I would have refreshed on the associated models. Not sure what is going on here, but I would expect the resources to review and understand to be successful in the exam would be in the Official Student Guide. It would hope someone from ISC2 would please comment on this concern.
I think a lot of the asked questions would not have been so hard if they were written in plain understandable english.
What I mean by that is I remember a lot of questions written leaving out normal words found in questions like the word(s) "of" and "the" or "a" which are (prepositions, logical connectives) which made it hard to understand the question written and then having to go back and re-read the question(s) several times to try and make sense of what was written. Leaving out these important prepositions made it hard to understand the question(s).
I retook the exam again and did not pass. My performance was
Supply Chain and Software Acquisition: Below Proficiency
Software Deployment, Operations and Maintenance: Below Proficiency
Secure Software Requirements: Above Proficiency
Secure Software Implementation/Programming: Above Proficiency
Secure Software Testing: Above Proficiency
Secure Lifecycle Management: Above Proficiency
Secure Software Concepts: Above Proficiency
Secure Software Design: Above Proficiency
So even though on 6 out of the 8 domains I received Above Proficiency I still did not pass. This leads me to believe that on each domain you have to get at least a 70% or above to pass the whole thing. Which means that even if you get a 100% on one domain that does not factor in the total score. This scoring scale is very scary and makes this exam extremely hard to pass.
I will not take this exam again because of 2 factors. One, the scoring factor as mentioned above and two 75% of the questions I saw where never covered in any of the books I read or the boot camp I took or on any practice questions or study material I could find which leads me to believe that ISC2 is making this exam extremely hard to study for and pass on purpose. Not with the intent to test you of your knowledge from materials they say will be on the exam. So anyone who passes this had really good luck that day.
The only positive thing I saw about this exam was that the questions were not nearly as wordy or lengthy as the previous exam questions I took in the past, so at least I did not walk away from this exam with a head ache.
The questions from the exam that I received were mainly just one sentence but the questions still used deliberately confusing sentence structures and grammar to try to throw off the test taker and because of that I will never take another ISC2 exam again. These exams should practice normal sentence and grammar if they are to be taken serious.
I work with 4 other people who have taken this exam recently (within the last month). All have failed the exam and one of the person has a PHD from Duke in computer science and said the same things about this exam. Complete waste of time.
My end take away is that ISC2 is just trying to falsely make these exams too confusing which I believe is mainly profit driven (even though they say they aren't) and they are using questions that do not match the content that they preach and teach.
My advice - study and pay for another certification. This one is a complete waste of time.
Hello ISC2,
I've read several of the comments in this thread and based on the comments I have decided not to pursue the CSSLP certification at this time.
Based on the experience of several people who have taken the test, it appears there may be some disconnect between what is in the study materials and what is on the test. It also seems there may be a quality issue when it comes to the language of the test as it concerns grammar and so-called "trick" questions.
Thanks
NOTE: removed post. No physical action was taken, more like brow beat. My intent of the original posting was in hopes ISC2 would see that there are many that feel the exam is not fair. I expect it to be hard, test my knowledge on the subject. But not feel like it is so obtuse in its questions, that the taker can't discern what is being asked fairly. I would not say to anyone to NOT TRY, you might be some of the few that are good test takers and can filter the question into a understanding of how it should be answered. I would also say if you need this cert, keep taking it. I've read others say they passed, not sure why they did; rarely do I hear someone post on this forum that they took it and passed based on pure study. Many say they are not sure, but glad they did. Not sure why my post would be taken as a felony, maybe freedom of speech has been axed???
@StarBlue wrote:...took me a long time to beat out of ISC2 ... they did away with the point system they had several years ago...
No need to commit a felony. (ISC)² explains the grading process publicly, including the fact that both grading schemes are still in use. Most exams, including CSSLP reportedly still use 700 "scaled points". CISSP is the partial exception; 2 years ago, they began grading the English version with below/near/above. However, I do believe that they now report your passing stats in below/near/above verbiage for all the exams and in all languages.
I get it, ISC2 probably does not have a ton of people taking this cert; I figure the CISSP is their #1 cert by a looooong ways.
2 to 3 tons of people earn thier CISSP per calendar day, depending on whom you believe regarding the average weight of a CISSP. The CSSLP does take longer... about a month for 2 to 3 tons earn their CSSLP. And yes, CISSP makes up about 85% of all certifications awarded by (ISC)². You can calculate these and other fun stats using the published member counts and historical record.
They changed the exam I heard back 2014/2015 and haven't bothered, due to demand and cost, to update the source material.
(ISC)² updates exams every three-ish years; guide updates tend to follow a few months later. The CISSP was updated in 2015 and 2018; the guides in 2015 and 2018. CSSLP was refreshed in ~2011, ~2014 and 2017, with guide updates in 2011 and 2013. Although there have been some exam updates (like the latest CSSLP) without corresponding guide updates, it generally happens because the exam update was insignificant. This was explained in the CSSLP refresh FAQ, as was their belief that matching exam and guide versions is not a critical success factor.
Actually my example is too easy
You can find more realistic sample questions on the community. Rob has worked really hard on that and has a done a good job at capturing the feel (again, thanks, Rob!) .
Really, before committing a felony, you might consider Googling "isc2 faq". Much of the information is already out there. Plus, having a felony on your record could put your cert in jeopardy.
As someone who took and passed this exam a couple of months ago, and is now a fully endorsed CSSLP, I can tell you that if you have the requisite knowledge gained through relevant experience and / or an effective study programme you can pass this exam - don't let all the naysayers in this thread put you off.