Csslp Questions And Answers Pdf

[Chadwick Bosse]

LinkedInand 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

I tell others that if you have been following minimum secure development practices in your career, then you will not find it difficult to pass this exam. The questions in the exam are common sense questions with few curve balls that require knowledge of some jargon and acronyms like CVE, CWE, OWASP etc. If I was not bound by NDA, I could provide a sample question.

So how did I prepare for this exam. First thing first, go to (ISC) website to get preliminary information about what topics are covered under the exam. Next, find out about exam details like how many questions will be asked, what is the duration of the exam and what are the passing criteria. I will mention that information here as well. There will be 125 questions that you will be required to answer in 180 minutes. You will need to score 700 points out of 1000 points. This seems to be the standard format for most of the certification exams.

One thing that got me by surprise at the end of the exam was that you can not go back to review any answers. I think it was mentioned on (ISC) website and I did not pay attention to it. As soon as you provide the answer to question number 125, you are done. The terminal will ask you to conclude the exam. There is one piece of advice I will give to everybody, do not rush into answering questions. Take your time before moving on to the next question. A time of 180 minutes is more than sufficient to answer 125 questions. Again, YOU CANNOT GO BACK.

Now, what study materials can you use to prepare for this exam? There are 3 options that you have. One, join some instructor-led training course. Unless your company is paying for it, it can be pricy. Second, you can join self-paced training courses. These are not as expensive as instructor-led courses. Still, it is not cheap. Third, use some study guides and books to read.

How did I prepare? I bought Official (ISC) Guide to the CSSLP, Second Edition book. I also bought CSSLP Certified Secure Software Lifecycle Professional All-in-One Exam Guide, Third Edition book. The official guide is about 800 pages and All-in-Exam book is about 400 pages. I will recommend these two boxes and do the sample quizzes at the end of each chapter. I did one more thing. LinkedIn learning has on-line courses on CSSLP. I watched videos on all 8 sections of this exam. The best part about these videos is that you can listen to them while you are driving. LinkedIn videos served as an option of instructor-led training.

Another question that people ask is how long it takes to prepare for and pass this exam. This is one question that I cannot answer for you. A lot will depend on your experience and the time you will have to study. If you want to know how long it took for me, send me a message and I will answer in private.

One thing I can attest to is that you will learn a lot of new things while preparing for this exam. Even if you do not take the exam, all software developers should take time to read though material for this exam. It will be worth it.

Hello all, i would like to ask a question about the passing score system of the CSSLP exam, though i guess the same would apply for every other certification of ISC2. So i was wondering about partially correct questions, that is the questions that could be answered by multiple choices and you get a portion of them right, but fail to correctly answer them all. (e.g question has 5 total possible answers, where 3 of them are legit, but you only choose the 2 of them) How are the answers evaluated in this case? Are they just marked wrong, or do the correct answers picked count positively towards the total score?

In the six exams I have taken (CISSP, CCSP, ISSEP, ISSAP, ISSMP, CSSLP) I have never faced a "choose all answers that apply" type question. Just to reiterate all (950 total) questions I have faced in ISC2 exams required me to select only one of the four answers.

I've not seen a choose all correct answers style question, although you made to asked to identify the wrong item. The combinations of factors are normally in the options that you have to select the right answer from. Anyway that's been the case for the CISSP, ISSMP, ISSAP and CCSP.

You'll have 175 questions to get the score you need, though I don't have exact details on how the questions are scored. Also, just wanted to point out that practice test questions don't go through the same rigorous review process that actual exam questions go through and the format of those questions can differ quite a bit as @AlecTrevelyan said.

The CISSP is a Computer Adaptive Test, so everyone's exam will be a little different. You'll need to score 700+ overall on the exam. The test will "feel out," (I'm making it sound alive!) based on your answers, which domains you should get questions from. I hope that makes sense!

Yes, I know the percentages for each domain. So just to double check, it is sure that being below proficiency in one or more domains is not a problem to pass the exam if the total score is over 700, right?

UPDATE: As I'm going through the official courseware again, I'm finding I need to backtrack my statement about no overlap between course and test. There are a lot of hidden nuggets in both the courseware and the instructor's lectures. As it turns out there was coverage of IoTs, etc. In fact there a very comprehensive treatise on securing IoTs.

It looks like I failed to pass by two questions. I did a brain dump of all questions I could remember, the possible answers and how I actually answered. Just based on that I could feel confident passing it on the second try.

What tripped me up was a lack of alignment between the official class curriculum and the test. Very little overlap there. I could have not taken the course and done just as well. I was also surprised that you couldn't mark a question and return to it. This is essential in my opinion for a test of this length.

The official curriculum lists about 20 extra sources to read. Well, if you bought each book, you'd have spent about a 1000 dollars and read about 10,000 pages of material. Definitely not realistic or practical for someone studying for the test. This curriculum needs to be revamped or made more practical in nature.

I'm not sure what the protocol is but I did notice a few questions on IoTs that were not covered in the official material. Where are you going to find information on securing IoTs or a network of IoTs. That's not something you normally run into in a normal work week. There were a lot of scenario-based questions, based on a condition or occurence, what would you do?

Well a lot that wasn't covered in the official material. The flash cards are cool but utterly useless for passing the exam. The version 5 booklet is a nice overview but not an accurate reflection of what's on the test.

I think you will find that throughout all the (ISC)2 exams, there's a lot that you won't find in third-party resources that supposedly cover the CBK. While the additional resources may seem to be a lot, bear mind that when sitting for the exam, you supposedly have many years of industry experience (e.g., CSSLP is four). The logic being that over time you've come across these resources.

The exams - like any test - have their weaknesses. I've never liked the adaptive test - it's a bit antithetical to real-world problem-solving, especially in security. We often have to go back and forth to piece things together. And as to "scenarios," these often can be biased as the question may have certain assumptions in their mind that never make it onto paper.

Sorry to hear that. Unfortunately, I also failed in the CSSLP exam attended last week. It seems that the ISC2 CBK latest edition (edition 5) alone is not sufficient to pass the exam. I went through the entire book twice and additionally solved all the sample questions with 100% accuracy still failed. I also had a five days of Bootcamp training with a third party vendor. Not sure how do I prepare for the retake! Really disappointed.

If the exam told you which domains, you needed to improve on then you might focus there, the fact that you also recalled some of the questions will help, however remember not to share any specifics on content, but say you didn't do much there, then you might just go for the public resources - you'll run out of time before money:

Quite often the questions are presenting imperfect answers and you are supposed to pick the least bad, scenario-based questions need careful parsing, and you should consider the rationale behind your answer to see if it is OK. It's as much comprehension as it is stored knowledge.

I've sat CSSP twice (I let it lapse), CCSP and CSSLP, never using CAT(it pays to take your time with this testing mode as it penalizes fast and loose), and luckily never failed. I find that for questions I don't know for sure that you can usually ID two candidates, and thinking back to concepts can help make a difference on a choice.

For all exams in ISC2, you cannot just memorize all stuff from the book and take the exam. You always need to change your mindset into project/product manager to fix the root cause rather than the situation itself. I had used CISSP and spend years to change myself from the technical engineer to the managerial thinking. After the change, it could found the way to pass the exam

I'm neither saying it was a bad test or an unfair exam; I'm merely saying I was disappointed with the overlap between the official 8-week course and the material on the test. I'm not expecting an instructor to provide a braindump of answers obviously.

3a8082e126