How to Pass SSCP Exam in the First Attempt

By


Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2. When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam. 

Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field.

What is SSCP?

You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are not graded, you need to score 700 for 100 questions. These “research” questions will not be explicitly mentioned/marked, so attempt all the questions. There is a total of 7 domains which are tested in this examination.

Following are the domains along with their weight:

1. Access Controls (16%)
2. Security Operations and Administration (17%)
3. Risk Identification, Monitoring, and Analysis (12%)
4. Incident Response and Recovery (13%)
5. Cryptography (9%)
6. Network and Communications Security (16%)
7. Systems and Application Security (17%)

Many people are experts only in 1 or 2 domains. It is important to understand that (ISC)2 wants you to have an understanding of all these aspects in this exam. If you are feeling this is too much, you would like to read Quick Tips for the SSCP exam.

How to pass the exam in the first attempt?

Remember, there is no shortcut to passing this exam. It is not as rigorous and difficult as the CISSP exam but this exam is still difficult and you need to prepare well to pass this exam. So the only solution to passing this exam is understanding the concepts (don’t cram the definitions) and practice as much as you can. 

If you have no experience in the field of information security, it is really important for you to understand everything and watch videos if you do not understand by reading theoretically. If you have some experience or lots of it, don’t be overconfident. The exam tests your understanding of all these domains and it is rare that you are an expert in all these domains.

So accept your weakness and practice all the domains. I took around 3-4 months to prepare for this exam. Last 1 month was spent in practicing and only practicing. 
Revision is the key to everything. Practice exams don’t work if you just attempt questions and do not work on the weak areas. Practice and revision will surely make you pass this exam in the first attempt.

How to prepare for SSCP?

Way back in 2014, when I cleared this exam, there was not much available either on the internet or as study material. The story is different now. It is important to keep in mind that you should have a primary source of study and others which you can just refer for a detailed understanding or solve the practice questions.

I had referred the 1st edition of SSCP AIO guide by Darril Gibson. The second edition of the book is now available. There are a lot of other sources available for this exam as listed below:


Remember, there is no alternative to hard work and studying (no matter whatever book you study)
It is important to prepare a plan to study, when to study and what to study. In case you are working, you need to identify as to when you can study. Identifying your strengths and weaknesses and working on them when you study is important to pass this exam.

Set Targets… & Pieces of advice

It is really important that you set your targets and achieve them. Set your targets by weeks or by domains as it suits you. I cannot tell how to set your targets as it involves a lot of parameters. 
The point I wish to make here is that in case you are not focused on achieving the targets which you fix for yourself and take the preparation casually, you’ll feel the pain while attempting the real exam.

An important piece of advice for you, my dear friend, is that, no matter which book or practice exam you study, NO practice exam or mock test is even a pinch close to the real exam.
If you are learning to run and think by practicing all the mock tests you can top the marathon, the exam will question you how good you can fly. Do NOT think that by getting 90% score in mock tests, you will definitely clear the exam.

It ultimately boils down to only one fact that how good your concepts are. Mock test will only broaden your thinking and understanding of these concepts. So it is important to clear all the misconceptions in your mind.

Another important advice (if you are already working in this field) – Do Not apply what happens in your organization to this exam. Most professionals make this mistake of thinking and answering questions based on their experience and what happens in their organization.

Your organization may be the best in its business, but it has made its own policies and ways of handling problems. Remember, whether its SSCP or CISSP, you need to go with an open mind as it focusses on testing your concepts, not your organizations’.

The D-Day

Go with a very clear and calm mind for the exam. Reach the center early and take appropriate rest the day before. 
1. When you will reach the Pearson Vue center, you will be given a set of instructions to read. These instructions are different from the NDA to be signed for the SSCP exam. In case you have any queries regarding the instructions, feel free to ask the proctors. They are friendly and helpful.
2. Your photograph and palm scans will be taken before beginning the exam.
3. Do not forget to carry two identification cards having signatures on both the proofs.

So all the best for your exam. Do not forget to read Quick Tips for the SSCP exam

If you like this article, do not forget to share and subscribe. Also, share your comments in the comment section below.

Comments

Post a Comment

You may also like to read...

Identification, Authentication, Authorization, and Accountability

By
Image
The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many confuse or consider that identification and authentication are the same, while some forget or give the least importance to auditing. These are four distinct concepts and must be understood as such. Identification Whenever you log in to most of the websites, you submit a username. In case you create an account, you are asked to choose a username which identifies you. This username which you provide during login is “Identification”. It is simply a way of claiming your identity. From an information security point of view, identification describes a method where you claim whom you are. If you notice, you share your username with anyone. Your email id is a form of identification and you share this identification with everyone to receive emails. This means that identification is a public form of information. Authentication So now you have entered you
Continue Reading...

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

By
Image
Identity and Access Management is an extremely vital part of information security. An access control model is a framework which helps to manage the identity and the access management in the organization. There are 5 main types of access control models: discretionary, rule-based, role-based, attribute-based and mandatory access control model. Every model uses different methods to control how subjects access objects. While one may focus on rules, the other focus on roles of the subject. As a security professional, we must know all about these different access control models. While one company may choose to implement one of these models depending on their culture, there is no rule book which says that you cannot implement multiple models in your organization. These models are built into the core or the kernel of the different operating systems and possibly their supporting applications. Every operating system has a security kernel that enforces a reference monitor concept, whi
Continue Reading...

Understanding Security Modes - Dedicated , System high, Compartmented , Multilevel

By
Image
Imagine a system that processes information. This information is classified in nature. When we say, its classified, it means that the information has been labeled according to the data classification scheme finalized by the organization. This scheme can be company specific, such as public, internal and confidential or military/government specific such as Confidential, Top Secret, Secret, Public. As a general user or a security professional, you would want that proper controls to be implemented and the system to be secure that processes such information. Imagine a scenario where such a malicious user tries to access this information. What clearance must this person have? Will he/she have access to all classified levels? Hey!!, stop imagining. Let’s discuss something else now. Hold on, I know, I had asked you to imagine the scenario above. But answers to all your questions would follow, so keep on reading further. We need to learn and understand a few terms before we are ready
Continue Reading...

Cloud Computing - The Logical Model

By
Image
At a high level, both cloud and traditional computing adhere to a logical model that helps identify different layers based on functionality.  The four layers are : Infrastructure: The core components of a computing system: compute, network, and storage.The foundation that everything else is built on. The moving parts. Metastructure: The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration. Infostructure: The data and information. Content in a database, file storage, etc. Applistructure: The applications deployed in the cloud and the underlying application services used to build them. For example, Platform as a Service features like message queues, artificial intelligence analysis, or notification services. The security at different levels is mapped to the different layers. The application security is managed at the applistructure layer while the data sec
Continue Reading...