How to prepare for CCSP exam?

Congratulations on deciding to take the CCSP exam! While the CCSP exam is not considered to be as grueling as the CISSP exam – but it needs its own preparation! The first step in preparing for the CCSP exam is understanding the exam details. These are listed below:

• Candidates for the CCSP exam must demonstrate at least 5 years of full-time work experience out of which 3 years must be in the field of Information security and 1 year must be in one of 6 domains of the CCSP exam.
• The candidate must score 700 out of a possible 1000 points to pass the exam
• The duration of the exam is 3 hrs.
• The candidate can check the pricing of the exam from this link
• The exam has about 125 questions

Exam tips:

• Book a date for the exam at least 3 months away and start studying immediately
• It is necessary to draw a timetable and stick to it diligently
• It is also necessary to take into account the different personal and official responsibilities in the three-month time frame and adjust the timetable and work hours accordingly
• Since the exam has 125 questions which have to be answered in 4 hrs time, the candidate needs to be totally thorough with all the topics of the exam.
• Patience, persistence, and consistency are some factors that will help you to crack the exam

Exam strategy:

The CCSP candidate should thoroughly know all the fundamentals related to encryption, virtualization technologies and the difference between IaaS, PaaS, and SaaS.
The candidate is expected to study the following books thoroughly in order to pass the exam with ease!

1. The Official (ISC)² Guide to the CCSP CBK 2nd Edition, Kindle   Edition by Adam Gordon

This is the first book that has to be studied and this is the (ISC)² endorsed study guide for the CCSP exam from Sybex. As organizations increasingly move their data to the cloud, cloud security assumes enormous significance in today’s world. This second edition features clearer diagrams, real-life scenarios, illustrated examples, tables, best practices, and more.

2. Next, we recommend you to read the following pdf file from Cloud security Alliance which can be freely downloaded from this link: Security Guidance for critical Areas of focus in cloud computing v4.0.

The fourth version of the ‘Security guidance for critical areas of focus in cloud computing’ incorporates advances in cloud, security, and supporting technologies; reflects on real-world cloud security practices; integrates the latest Cloud Security Alliance research projects; and offers guidance for related technologies.

3. CCSP candidates should also read the ‘The Treacherous 12’ which is a freely downloadable file from CSA

‘Treacherous 12’ are the top security threats that organizations face and this can be downloaded from the above link. Candidates are expected to read this before appearing for the CCSP exam.

4. Next, the candidates are also expected to download and read the CSA – Cloud Control Matrix

The Cloud Control Matrix is used to provide guidance to prospective vendors and cloud customers in assessing the overall security risk of a cloud provider.

5. CCSP candidates are also expected to read the Jericho – Cloud Cube Model

• Internal/External
• Proprietary/Open
• Perimeterised/De-perimeterized Architectures
• Insourced/Outsourced

6. The candidate is also expected to read the ‘ OWASP top 10’

OWASP is ‘Open web application security project’ is an open community that enables organizations to work with applications that can be trusted. They list the ten most critical web application security risks.  Some of the risks last updated for the year 2017 are injection, broken authentication, ‘sensitive data exposure’ among others.

7. The candidate is also expected to read and familiarize themselves with the following NIST publications:

• NIST SP 800-146 Cloud Computing Synopsis and Recommendations
• NIST SP 800-144 Guidelines on Security and Privacy in Public Cloud Computing
• NIST SP 800-125 Guide to Security for Full Virtualization Technologies

8. Finally, the candidate can download the electronic CCSP flash cards from (ISC)².

This is a study tool for those preparing to take the CCSP exam. It is a unique and interactive way to test one’s knowledge of industry terms and the various CCSP domains.
This study tool can also be accessed via the phone both for Android and iOS via the Quizlet app.

9. Once you have studied from the various resources, the next step would be to test your knowledge of the CCSP exam before the big day. You can test your knowledge from these sources:

CCSP Official (ISC)2 Practice Tests 1st Edition
CCSP Certified Cloud Security Professional Practice Exams 1st Edition

‘Cloud computing’ being a rapidly changing field, it is also good to listen to various podcasts to keep up with the current trends.
These resources will definitely enable you to pass the CCSP exam in your first attempt!
In addition, it is to be noted that we at InfoSec Train offer online training for CCSP by our expert instructor, Prabh Nair! Do contact us for more details and good luck!

AUTHOR
Jayanthi Manikandan ( )
Cyber Security Analyst

“ Jayanthi Manikandan has a Master’s degree in Information systems with a specialization in Information Assurance from Walsh college, Detroit, MI. She is passionate about Information security and has been writing about it for the past 6 years. She is currently ‘Security researcher at InfoSec train. “