Quick Tips for SSCP Exam

By

Let me say “All the best” to you, before I start giving you tips for the SSCP exam. These tips are not mandatory to follow, but will surely help you to manage and crack the exam.

Systems Security Certified Practitioner (SSCP) is a three-hour long exam which contains 125 questions. You can call this as the younger brother of CISSP. I gave this exam in July 2014 and passed in the first attempt.

You have to schedule an exam through (ISC)website which further takes you to booking the exam at a Pearson Vue center.
  1. Reach the exam center approximately 45 minutes in advance before your scheduled time. This will help you to settle down. Start early so as to reach early rather than waiting on the way thinking whether you will reach on time or not.
  2. When you will reach the Pearson Vue center, you will be given a set of instructions to read. These instructions are different from the NDA to be signed for the SSCP exam. In case you have any queries regarding the instructions, feel free to ask the proctors. They are friendly and helpful.
  3. Your photograph and palm scans will be taken before beginning the exam.
  4. Do not forget to carry two identification cards having signatures on both the proofs.
      Now, when your exam starts, do keep the following in mind. These tips will surely help you.
  1. You will be greeted with an NDA before you begin the exam. Read the NDA – you have 5 minutes to do so. 
  2. Failure to accept this will forfeit your exam money and you will not be allowed to further move ahead in the exam.Post the successful acceptance of the NDA, your exam begins.
  3. You have a timer which shows 180 minutes you have for the examination and a “Flag for review” option whereby you can  flag the questions which you are unsure of at the moment for further review.
  4. Try to make a strategy to solve the 125 questions. 25 questions are reserved for research purposes. Hence you need to answer 100 questions in order to get a 70% score.
  5. I followed the following strategy. It is always better to follow your own plan basis your strengths and weaknesses.
  6. It is extremely important that you go through all the 125 questions at least once in around 1.5 hours. I glanced through all the questions and answered 90 questions in one go and took around 1.5 hours. I used the “Flag for review” option whole heartedly. 
  7. Although the three-hour long exam is not as strenuous as the CISSP exam, you still need to maintain your focus for three hours. 
  8. Remain calm, if you do not know the answer to a lot of questions in the first go, then flag them. This is perfectly normal. Don’t stress yourself.
  9. I used the next 1 hour to solve those questions which I had flagged for review or had left unanswered. The remaining 1/2 hour was focused on reviewing those questions which I was extremely unsure of or confused between two options as they both seemed likely.
  10. There is no negative marking in the exam. So it is recommended that you answer all the questions.
  11. As soon as the time is over, the exam automatically finishes and you are greeted with a message that the time has finished. You may call the proctor in case there is any issue which you face during the exam.
  12. You can collect the exam result from the main desk. Remember, you are never confident when you walk out from the exam hall to the main desk. 
  13. Most people I have met either discount the importance of the SSCP credential or don’t know about it. It is important to remember the fact that SSCP is no small feat in itself. You need to have a minimum of 1 year of experience in information security field. 
  14. SSCP does tell the world that you are interested in learning and having a basic knowledge of the concepts of information security. As a practitioner, this exam allows you to gain a holistic understanding of a lot of security concepts.
     If you reached here, let me thank you for reading this article. If you are preparing to give the exam; all the very best. If you have passed the exam and would like to share your tips with everyone, feel free to comment below. 
     
     Share this article across on your favourite social media platforms.

Comments

  1. David NuApril 26, 2018 at 6:41 PM

    Informative Post. These tips definitely will help QandA readers at https://qanda.typicalstudent.org/ who are preparing for exams. Thanks for sharing useful information with readers.

    ReplyDelete
  2. LaurieJuly 20, 2022 at 5:17 AM

    Taking it tomorrow. I think they changed the policy regarding flagging and returning to items. Per the email sent to me by Pearson Vue: (ISC)² offers two types of computer-based exams – linear and adaptive – however neither exam type allows for candidates to skip an item, nor can items be returned to later during administration. Once an answer is confirmed it cannot be changed, reviewed, or revisited

    ReplyDelete
    Replies
    1. Mayur PahwaJuly 24, 2022 at 12:50 PM

      The new method of evaluation is the Computer Adaptive Test , CAT method. In the earlier exam format , you could change or review your answers till you submit. This was initially rolled out for CISSP and is now being extended to other exams. If you could share your experience of the exam , I will be happy to update the post. This will help other students also.

      Delete

Post a Comment

You may also like to read...

Identification, Authentication, Authorization, and Accountability

By
Image
The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many confuse or consider that identification and authentication are the same, while some forget or give the least importance to auditing. These are four distinct concepts and must be understood as such. Identification Whenever you log in to most of the websites, you submit a username. In case you create an account, you are asked to choose a username which identifies you. This username which you provide during login is “Identification”. It is simply a way of claiming your identity. From an information security point of view, identification describes a method where you claim whom you are. If you notice, you share your username with anyone. Your email id is a form of identification and you share this identification with everyone to receive emails. This means that identification is a public form of information. Authentication So now you have entered you
Continue Reading...

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

By
Image
Identity and Access Management is an extremely vital part of information security. An access control model is a framework which helps to manage the identity and the access management in the organization. There are 5 main types of access control models: discretionary, rule-based, role-based, attribute-based and mandatory access control model. Every model uses different methods to control how subjects access objects. While one may focus on rules, the other focus on roles of the subject. As a security professional, we must know all about these different access control models. While one company may choose to implement one of these models depending on their culture, there is no rule book which says that you cannot implement multiple models in your organization. These models are built into the core or the kernel of the different operating systems and possibly their supporting applications. Every operating system has a security kernel that enforces a reference monitor concept, whi
Continue Reading...

How to Pass SSCP Exam in the First Attempt

By
Image
Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2 . When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.  Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP? You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are
Continue Reading...

Understanding Security Modes - Dedicated , System high, Compartmented , Multilevel

By
Image
Imagine a system that processes information. This information is classified in nature. When we say, its classified, it means that the information has been labeled according to the data classification scheme finalized by the organization. This scheme can be company specific, such as public, internal and confidential or military/government specific such as Confidential, Top Secret, Secret, Public. As a general user or a security professional, you would want that proper controls to be implemented and the system to be secure that processes such information. Imagine a scenario where such a malicious user tries to access this information. What clearance must this person have? Will he/she have access to all classified levels? Hey!!, stop imagining. Let’s discuss something else now. Hold on, I know, I had asked you to imagine the scenario above. But answers to all your questions would follow, so keep on reading further. We need to learn and understand a few terms before we are ready
Continue Reading...

Cloud Computing - The Logical Model

By
Image
At a high level, both cloud and traditional computing adhere to a logical model that helps identify different layers based on functionality.  The four layers are : Infrastructure: The core components of a computing system: compute, network, and storage.The foundation that everything else is built on. The moving parts. Metastructure: The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration. Infostructure: The data and information. Content in a database, file storage, etc. Applistructure: The applications deployed in the cloud and the underlying application services used to build them. For example, Platform as a Service features like message queues, artificial intelligence analysis, or notification services. The security at different levels is mapped to the different layers. The application security is managed at the applistructure layer while the data sec
Continue Reading...