+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 30
  1. Junior Member Registered Member
    Join Date
    May 2017
    Location
    Maryland
    Posts
    6

    Certifications
    CEH
    #1

    Angry Missed it by *that* much! (CCSP)

    Greetings all,

    I took the CCSP exam yesterday and missed the mark by eleven points. Prior to this, I took a 5-day boot camp and did a lot of self-study afterwards in order to understand the core concepts. This included the CBK, the CCSP AIO book, and the CCSP official study guide. I also made sure to brush up on the various standards and guidelines from ISO, NIST, ENISA, etc.

    What I wish I had known ahead of time was that the vendor loves to use a lot of "what-if" and "best answer" scenario-based questions on the exam, instead of definition-based. Had there been more definition-based questions, I would have probably passed on my first try. Surprisingly enough, according to the results my weakest area was in Operations - and ironically I've spent at least two years-plus as a data center technician, having a first-hand experience on implementing FedRAMP controls in a large-scale environment. The other areas I was listed as lacking in were Cloud Platform and Infrastructure Security, and Cloud Application Security.

    So on the advice of a colleague, I'm now looking at possibly taking the CCSK exam from the Cloud Security Alliance to get a deeper understanding of cloud security concepts. My question to all of you is this: Is there anything else I should brush up on before I schedule my CCSP re-take in August?
    Reply With Quote Quote  

  2. SS -->
  3. There is no spoon. p@r0tuXus's Avatar
    Join Date
    Nov 2016
    Location
    KCMO
    Posts
    515

    Certifications
    ITIL-F, A+, S+, CCNA
    #2
    Not advice, but a question. If you were so close, why are you putting of a re-take until August?
    Reply With Quote Quote  

  4. Member
    Join Date
    Jun 2012
    Location
    United States
    Posts
    73

    Certifications
    CISSP-ISSAP, CCSK, CCSP, CISA, CISM, CRISC, CCNP Security, CCNP R&S, CCDP, MCSA 2003, ISO 27001 LA
    #3
    @therantinggeek,

    It was so close. I am also preparing for it. I believe reviewing the new book may help.

    http://www.wiley.com/WileyCDA/WileyTitle/productCd-1119277418.html

    Quote Originally Posted by p@r0tuXus View Post
    Not advice, but a question. If you were so close, why are you putting of a re-take until August?
    The first time a candidate does not pass the CCFP, CCSP or HCISPP exam, they will be able to retest after 90 days.
    https://www.isc2.org/cancel-policy.aspx
    Last edited by SkyBlue; 05-10-2017 at 05:44 PM.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Jan 2015
    Location
    Chicago, IL
    Posts
    944

    Certifications
    Too many MCPs and MCTS, MCSA: Security, MCSE: Security, MCSA: 2003, 2008, 2012, MCITP: EA, CISSP-ISSAP, SCS DLP, GREM
    #4
    Same story, also 11 points AFAIR in Feb. Will retake this month. Didn't study much though in between, hope to just spend more time carefully reading questions and get a different roll as the first time it relied heavily on legal side and I suck at it.

    I also have tons of experience migrating people to and out of VMware, Google Apps and Azure/O365 cloud as well as private cloud, setting up various federated authentication schemes, etc, been doing it since 2010.

    I've read CSA 3.0 guide pdf but acquired close to zero knowledge from it.

    I also have a thread here where I whine about my experiences with this exam.

    Also would like to know your opinion on question quality as for me it sucked and out of 125 questions more than a dozen were poorly worded to the point when the answer wouldn't fit grammatically to the question. I also feel that I'm probably more knowledgeable than exam question authors in some areas and felt the urge to argue on how some things were worded and had a lot of frustration because of that that also contributed to my poor score. Next time I hope to be psychologically prepared to this challenge.
    Reply With Quote Quote  

  6. There is no spoon. p@r0tuXus's Avatar
    Join Date
    Nov 2016
    Location
    KCMO
    Posts
    515

    Certifications
    ITIL-F, A+, S+, CCNA
    #5
    Quote Originally Posted by SkyBlue View Post
    The first time a candidate does not pass the CCFP, CCSP or HCISPP exam, they will be able to retest after 90 days.
    https://www.isc2.org/cancel-policy.aspx
    Ooooohhh. Haven't taken any of those exams yet. I see.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Jul 2015
    Location
    Island on the other side of Pacific pond
    Posts
    942

    Certifications
    C****, C***, C**
    #6
    Quote Originally Posted by therantinggeek View Post
    What I wish I had known ahead of time was that the vendor loves to use a lot of "what-if" and "best answer" scenario-based questions on the exam, instead of definition-based.
    That's the point. Just like CISSP, CCSP is more of a cloud security management than a technical implementation exam. You need the technical knowledge. More importantly, you need to know how to apply this technical knowledge to solve business related issues such as risk management, privacy and legal. At least, that is my impression
    Reply With Quote Quote  

  8. Junior Member Registered Member
    Join Date
    May 2017
    Location
    Maryland
    Posts
    6

    Certifications
    CEH
    #7
    Quote Originally Posted by SkyBlue View Post
    @therantinggeek,

    It was so close. I am also preparing for it. I believe reviewing the new book may help.

    http://www.wiley.com/WileyCDA/WileyTitle/productCd-1119277418.html
    I purchased a digital copy of that same book on Google Books when it was released. It's helpful when it comes to reinforcing the concepts that I learned from the boot camp, but in retrospect it's woefully lacking when it comes to show how those same concepts apply to a real-world situation, very much like the types of questions I encountered in the exam.
    Reply With Quote Quote  

  9. Junior Member Registered Member
    Join Date
    May 2017
    Location
    Maryland
    Posts
    6

    Certifications
    CEH
    #8
    Quote Originally Posted by gespenstern View Post
    Same story, also 11 points AFAIR in Feb. Will retake this month. Didn't study much though in between, hope to just spend more time carefully reading questions and get a different roll as the first time it relied heavily on legal side and I suck at it.

    I also have tons of experience migrating people to and out of VMware, Google Apps and Azure/O365 cloud as well as private cloud, setting up various federated authentication schemes, etc, been doing it since 2010.

    I've read CSA 3.0 guide pdf but acquired close to zero knowledge from it.

    I also have a thread here where I whine about my experiences with this exam.

    Also would like to know your opinion on question quality as for me it sucked and out of 125 questions more than a dozen were poorly worded to the point when the answer wouldn't fit grammatically to the question. I also feel that I'm probably more knowledgeable than exam question authors in some areas and felt the urge to argue on how some things were worded and had a lot of frustration because of that that also contributed to my poor score. Next time I hope to be psychologically prepared to this challenge.
    Yep, the quality of questions on the exam could have been a little better. Now that I've had a couple of days to reflect on it, I think that was the intent of the test writers - to throw you off as much as possible; which, again, in retrospect; I understand from an instructor point of view. (I've taught a few classes here and there on digital forensics and packet analysis, and I would toss up the occasional curve ball just to see if my students were paying attention.) My experiences with AWS up to this point have been mostly focused on security policies, but I'm learning more about the technical operations aspect of it, including provisioning and networking.

    Best of luck on the retake; mine won't come around until August but as I said in my original post I'm looking at taking the CCSK exam on the advice of one of my colleagues.
    Reply With Quote Quote  

  10. Junior Member Registered Member
    Join Date
    May 2017
    Location
    Maryland
    Posts
    6

    Certifications
    CEH
    #9
    Quote Originally Posted by Mike7 View Post
    That's the point. Just like CISSP, CCSP is more of a cloud security management than a technical implementation exam. You need the technical knowledge. More importantly, you need to know how to apply this technical knowledge to solve business related issues such as risk management, privacy and legal. At least, that is my impression
    That wasn't mentioned at all in the boot camp I sat through, nor was it mentioned in the books I read through. But now that you've provided some insight on how the test was meant to be approached, from a technical management perspective and not a technical engineering (implementation) perspective...I'll have to ask one of the senior security engineers in my group (who has his CISSP) if he can write up some scenarios as a guide.
    Reply With Quote Quote  

  11. Junior Member Registered Member
    Join Date
    Jan 2015
    Location
    Flushing, NY
    Posts
    5

    Certifications
    MCSE GIAC-Security Essentials ITIL Prince2 CISSP, ISSAP
    #10
    In addition to perspective, the ISC2 exams generally do not call a spade a spade. Instead of saying PaaS, they would say, application development in self-managed cloud environment, which could mean PaaS in a private (on-premises) or a public setup (CSPs)
    Reply With Quote Quote  

  12. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,552

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #11
    Quote Originally Posted by therantinggeek View Post
    I'm now looking at possibly taking the CCSK exam from the Cloud Security Alliance to get a deeper understanding of cloud security concepts.
    The CCSK is pretty easy and open book... Kinda high cost for what it is IMO. If someone wanted to pad their resume with an extra cloud security cert I guess it isn't bad though.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Jul 2015
    Location
    Island on the other side of Pacific pond
    Posts
    942

    Certifications
    C****, C***, C**
    #12
    Since the retake is a few months away, any plans to do CISSP?
    Reply With Quote Quote  

  14. Junior Member Registered Member
    Join Date
    May 2017
    Location
    Maryland
    Posts
    6

    Certifications
    CEH
    #13
    Quote Originally Posted by NetworkNewb View Post
    The CCSK is pretty easy and open book... Kinda high cost for what it is IMO. If someone wanted to pad their resume with an extra cloud security cert I guess it isn't bad though.
    Any ideas on where I can get my hands on a study guide or a whole bunch of practice questions? From what I've read, the CCSK is mostly centered on the CSA 3.0 and the ENISA document.
    Reply With Quote Quote  

  15. Junior Member Registered Member
    Join Date
    May 2017
    Location
    Maryland
    Posts
    6

    Certifications
    CEH
    #14
    Quote Originally Posted by Mike7 View Post
    Since the retake is a few months away, any plans to do CISSP?
    Probably at some point down the road, especially if it becomes a requirement for me to be considered for a mid-tier management position. It'll be a matter of trying to convince my employer to pay for any classes and for the exam voucher.
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    Mar 2017
    Posts
    9
    #15
    Oopppsssss....

    Requesting one piece of suggestion. I had been doing self study for over a month now using CBK, AIO and NIST, ENISA and wish to ask you- how different or what additional value bootcamp can add versus self study? Do they use additional and different study material to cover the topics?

    Thank you in advance...
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    May 2006
    Posts
    1,863

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #16
    All the material you have is enough to pass the exam. I passed it with only the official book and the csa guides amd documents used for the ccsk.
    Reply With Quote Quote  

  18. Member jayc71's Avatar
    Join Date
    Oct 2010
    Location
    NoVA
    Posts
    90

    Certifications
    CISSP, CCSK, Sec+, ITIL, ScrumMaster, AWS-CSA (Pro/Associate)/SysOps/Developer (Associate), Google+, Education: MSIS, BSIT
    #17
    Ouch! You'll pass it next time!

    I need to get back on the CCSP horse myself...
    -Justin

    Next up, CCSP.
    Reply With Quote Quote  

  19. Junior Member
    Join Date
    Mar 2017
    Posts
    9
    #18
    Friends,
    Do the CCSP official study guide (
    CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide) includes a test prep cd as well? How different are the prep Qs then AIO prep testQs (totalTester). I have a copy of AIO, should i buy the official guide as well?

    I am two weeks away from my test...please advice and guide....

    Thank you!

    Reply With Quote Quote  

  20. Junior Member Registered Member
    Join Date
    May 2017
    Posts
    4
    #19
    The Official Study Guide (On Kindle) did not include any links to test prep materials or flashcards, however each chapter does include a short quiz, they are no better (or worse) than the AIO.
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Aug 2006
    Posts
    456

    Certifications
    CCNA, ITILv3 Foundation, Security+, SSCP, Prince2 Foundation
    #20
    Whats the best book currently for this exam?
    Reply With Quote Quote  

  22. Junior Member Registered Member
    Join Date
    May 2017
    Posts
    4
    #21
    Quote Originally Posted by eddo1 View Post
    Whats the best book currently for this exam?
    I am using the Official CBK and Official Study Guide.

    CBK is a little dry, whilst the OSG flows a lot better but has more gaps.

    My exam is on June 7
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Aug 2006
    Posts
    456

    Certifications
    CCNA, ITILv3 Foundation, Security+, SSCP, Prince2 Foundation
    #22
    cool, is that all your using?
    Reply With Quote Quote  

  24. Junior Member
    Join Date
    Mar 2017
    Posts
    9
    #23
    @therantinggeek

    you mentioned the questions that appear during the exam are mostly "what-if" or "best answer" but similar Qs are NOT there in CBK or AIO ....

    whats the best way to practice such Qs ??
    Reply With Quote Quote  

  25. Member
    Join Date
    Jun 2012
    Location
    United States
    Posts
    73

    Certifications
    CISSP-ISSAP, CCSK, CCSP, CISA, CISM, CRISC, CCNP Security, CCNP R&S, CCDP, MCSA 2003, ISO 27001 LA
    #24
    Can anyone provide tentative answer whether ISC2 follow this breakdown?

    The CCSP examination domains and weights are:
    Domains
    Weight
    1. Architectural Concepts and Design Requirements
    19%
    2. Cloud Data Security
    20%
    3. Cloud Platform and Infrastructure Security
    19%
    4. Cloud Application Security
    15%
    5. Operations
    15%
    6. Legal and Compliance
    12%
    Total
    100%
    Reply With Quote Quote  

  26. Member
    Join Date
    Feb 2017
    Location
    Maryland
    Posts
    35

    Certifications
    CISSP, CCSP, CISM, CISA
    #25
    Quote Originally Posted by SkyBlue View Post
    Can anyone provide tentative answer whether ISC2 follow this breakdown?

    The CCSP examination domains and weights are:
    Domains
    Weight
    1. Architectural Concepts and Design Requirements
    19%
    2. Cloud Data Security
    20%
    3. Cloud Platform and Infrastructure Security
    19%
    4. Cloud Application Security
    15%
    5. Operations
    15%
    6. Legal and Compliance
    12%
    Total
    100%
    I think it is fairly accurate, though a lot of concepts and topics span multiple ones, so it's hard to say for sure, but overall in my experience yes.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks