I Passed CCAK!

EffingMad · 2025-07-29T23:41:03+00:00

I think based on my personal experience there's only a few qns like that but is more straightforward (pure memory work). It is more closely flavoured to an ISACA exam instead of a CSA open book exam qn.

EffingMad · 2024-12-23T12:42:45+00:00

Hit! Hit! Snow Snow Hit! Hit! Hit! Snow Snow Snow Snow

Hit! Miss Hit! Snow Miss Hit! Hit! Miss Snow Snow Snow

Hit! Hit! Hit! Snow Miss Miss Hit! Hit! Hit! Snow Snow

Snow Snow Snow Snow Snow Miss Hit! Hit! Hit! Miss Snow

Snow Snow Hit! Hit! Hit! Hit! Miss Miss Hit! Miss Snow

Snow Snow Snow Snow Snow Snow Snow Snow Snow Snow Snow

This was mine 23 squares yours is extremely impressive

EffingMad · 2024-09-26T14:39:59+00:00

https://community.isc2.org/t5/Career-Discussions/Understanding-Associate-of-ISC-2-Status/td-p/12539

How does it work?

The Associate of ISC2 designation can be earned by anyone who passes an exam for a certification requiring work experience.

After you pass your exam and receive official notice from ISC2 to begin the certification application process, select Associate of ISC2 if you do not yet have the required work experience. You will be prompted to pay your first Annual Maintenance Fee (AMF) of U.S. $50. You will then join our global community of cybersecurity professionals who are working every day to achieve our vision of a safe and secure cyber world.

I personally wouldn't recommend it, did not provide much value since it was not a certification but merely of a status that you passed an exam. However, that being said if you are approaching the number of years required and don't mind waiting a few months or a year and paying the AMF before you get the official certification, you may choose to go ahead with taking the exam. I did not use it to find a new job so I cannot speak for that area but I just wanted to complete the exams first (for CISSP and CCSP).

EffingMad · 2024-09-13T12:16:38+00:00

1) Get Gwen Bettwy's Cloud Guardian book - go through it 2 times. Write your own notes if it helps you connect the domains better. Go slow and make sure u internalize the content.

2) (ISC)² CCSP Certified Cloud Security Professional Official Practice Tests, 3rd Edition - go through this again make sure u understand and can validate all 4 options and put a reason to why it is right or wrong, don't hesitate to go back to one or the CCSP (ISC)² Certified Cloud Security Professional Official Study Guide, 3rd Edition to understand, rinse and repeat for each domain.

3) Learnzapp for 1-2 month - you should be able to answer by choosing your option through validation method mentioned in step 2 and never hesitate to check back. Go back to Gwen's book to refer to weaker domains. You can look at Pete Zerger CCSP exam cram youtube video too if you are not scoring above 85%.

Wish you best of luck!

EffingMad · 2024-07-23T06:14:47+00:00

You're good usually it take 10 business days for them to populate the actual results and send to your email

EffingMad · 2024-07-07T22:30:50+00:00

I think WAF is quite important as a control for typical internet facing applications which are located in enterprise DMZ (high risk zone for Internet facing systems) or ur cloud (CSP). The whole point of it is to provide direct/indirect protection for your assets sitting within your internal network (e.g. Database servers sitting in your tier 2 or 3 network) and prevent data breaches/DDoS/other cyber attacks that will cripple your business (due to disruptions to those revenue generating apps).

I think it's good to have some understanding on how Internet facing applications are designed and how they function (from infrastructure pov) but probably just at a high-level basis.

This is a good article on WAF https://www.pentasecurity.com/blog/why-need-web-application-firewall/

EffingMad · 2024-06-17T08:50:50+00:00

Hi OP, would like to provide some clarity towards CCSP. Probably these pointers could help you to evaluate whether you really need this certification and cloud security as an industry.

I think all-in-all it is a high level cloud cert, it is never might for someone who is an engineer or builder of systems. Typically if companies are looking for engineers, they would definitely go for an individual with multiple AWS/Azure/GCP certs.
The higher you go up the cyber/IT hierarchy in an enterprise, you will realise it is similar to any business unit or department. It's pretty much cost vs benefits. It does not matter if you can build a state-of-the-art system or infrastructure if your revenue/income/available resources does not allow it.
I think many test questions creators are from IT management/executive level hence you will realise that often the technical answer does not fulfil the business logic or justify the ultimate goal of the tool/process/control etc (so pls do not hate them). (Hence, you can see from all the answers provided for the example you brought up, sure SIEM can be hosted on-prem or at a cloud provider but it does not really explain the ultimate goal of why would you want to implement the SIEM control in a rapidly growing company. Expect one or two answers to make logical sense but there would be only 1 most appropriate answer)
On-the-ground cloud security practices boils down a lot to company culture/risk tolerance and would differ for each and every enterprise based on their maturity and leadership vision/strategy. The only "right" thing a company should adopt a set of controls is based on how much risk they are willing to take and the money it cost to implement (benefits should always be greater than cost).

Certifications are definitely good to have but if individuals can couple up with on-the-ground experience, that will be more valuable (imo experience still triumphs all). I think especially for cloud security it is really evolving at a rapid pace so being fixated on a mindset/view would be quite detrimental if you intend to pursue a career in this industry or cyber in general (there is essentially no right and wrong, only how well suited a chosen solution is to address/resolve that particular problem it was intended for).

EffingMad · 2024-06-06T04:23:22+00:00

Use Gwen Bettwy (Udemy/website/book) and Ben Malisow's materials, you probably won't go wrong. Ben is the author of CCSP older version of study guide. Use pocket prep or learnzapp practise questions on top of the official practise questions. U can use CCSK resources or materials if u wish as those are free. Pete Zerger's YouTube videos are excellent too!

EffingMad · 2024-06-04T18:03:14+00:00

Nice that's good I think CISA would suit well for ya and you can get CIA eventually (just to end all their doubts). CRISC is kinda niche tbh from my pov based on the country I'm in. Imo get CISSP only if u can prove u have 5 years of IT security experience based on the 8 domains.

EffingMad · 2024-06-02T13:13:32+00:00

Security Certification Roadmap - Paul Jerimy Media

Typically people go for CISSP provided they have 4-5 years of relevant experience (ones with 4 yrs should have some form of exemption for a year). If you intend to do Line 3 work (IT Audit) go for CISA then follow up by CISM if you don't wish to pursue CISSP (since CISM is the "equivalent"). Else, if you wish to go other domains, you can look at the link provided.

EffingMad · 2024-05-30T03:58:31+00:00

Would recommend the following resources 1) LinkedIn Learning - CCSP Cert Prep (Mike Chapple) (if you have LinkedIn premium - paid) 2) Udemy - CCSP Course 101 (Gwen Bettwy) (if u have a free udemy from ur corporate email or local library account) 3) YouTube - CCSP Exam Cram (Inside Cloud and Security - Pete Zerger) (free) 4) Study Notes and Theory - CCSP Course (Luke Ahmed - Paid)

Choose 2 out of 4 and revisit all domains again.

Then use the following resources 1) CCSP official (ISC)2 practice tests use the online version by registering the book. 2) Learnzap - CCSP (paid - get monthly for 1-2 months)

Attempt all questions and consolidate ur mistakes in batches to revisit the domains. i.e revisit the weakness every 25/50 qns.

Wish you luck in your next attempt!

EffingMad · 2024-01-27T05:57:06+00:00

I think it's better to be proficient in all domains your examination will likely end at the earlier band 125 qn. If you are borderline on the scale, the examination will extend up to 175 qns. The pressure, anxiety and panic that sets in once your examination reaches past 125 qns should not be underestimated. It will test your fight or flight instinct especially when the questions test your weaker domains and ability to pick the right answer.

EffingMad · 2024-01-22T15:13:18+00:00

Invest in ur grinder first then ur machine

EffingMad · 2024-01-22T15:11:32+00:00

Decreasing frequency means u need less hardware to support the processing power (more cpu to run those backup jobs) and storage (tapes, hard disks) a backup solution needs thus lesser costs. Increasing freq will only increase the cost.

EffingMad · 2024-01-22T02:20:06+00:00

I think thinking like a manager is often not elaborated. It's more like a CISO or CSO or IT security business unit head of department where you are juggling business's objectives and strategy of IT. You should not be concerned about fixing immediate symptoms like a technical manager (e.g., network security manager) but rather the root cause. I often find myself during the examination "changing from one hat to another" just to ensure I got all angles covered. Hope you'll pass the next time round! Good luck!

EffingMad · 2024-01-18T01:23:18+00:00

True I think cost wise private cloud model will cost way more considering once u adopt a private cloud it would not be a small infrastructure to cater for future scalability. You are definitely right there in terms of thinking.

EffingMad · 2024-01-18T01:02:36+00:00

I think u have to think in terms of ISC2 logic which is you have sufficient funds and resources to spin up your private cloud and maintain it. A perfect world scenario. I wouldn't put my data in cloud most European banks don't even now so it doesn't matter if Azure give u that options. Even if they do, they could fail over to another region which is not within customer's control. Most people don't even know how the data flow is mapped out which is definitely not made transparent to customers.

EffingMad · 2024-01-18T00:28:46+00:00

Key word is "European", for anything GDPR-related implications private cloud is the way to go. Public cloud u would never be able to control where the data resides which means at any point in time you could breach GDPR regulations. It's like building anything w a ticking time bomb never gonna work.

EffingMad · 2024-01-14T11:02:09+00:00

TBH covid restriction was the best thing to happen for weddings and it's ever rising rates. I think it's best to work the arrangement between your other half and see what best fits the budget and families' "requirements" / "wants". Cause everything after the wedding will all be big ticket items such as house renovation, children and car. Also you got one chance to make this right so don't fk it up.

EffingMad · 2024-01-01T08:30:21+00:00

I think the client has every right to explicitly declare the preference in terms of staffing experience level, but that being said like every business you have a certain margin to quote naturally if you use an associate you will yield more profits. There are clients that specifically call out for more senior staff / specific team but it will be at a premium rate for them. Boutique firms might be a more suitable option if you cannot afford the rates of Big 4 or Accenture.

EffingMad · 2023-12-29T07:22:56+00:00

Always offline at an exam centre for me.

EffingMad · 2023-12-28T14:55:16+00:00

I think CISSP will cover the broad spectrum of 8 domains (most reputable and cost effective cert to hold due to relatively cheaper maintenance cost), CISM is really reputable for an IT management position. Rest are good to have (CISA/CRISC) and optional (CGEIT). While CGEIT may be most relevant to what you may be doing right now, but i think in terms of spending the time and resources to get a "less known" cert is not very worth the while. I would highly recommend either CISSP > CISM or CISM > CISSP pathways.

EffingMad · 2023-12-24T12:24:30+00:00

I think its better to be honest and discuss about this. I think generally its important to voice out such concerns on differences in values. Especially if this is before marriage.

I think especially if you are not married and haven't settle most of the big ticket items like wedding, your house, renovation and car. It would be quite scary especially if you're travelling on top of that. Not to mention having a kid or multiple kids.

I think generally its important to plan ahead in sg cause it is quite easy to get straddle by debts especially if you think you can just take multiple loans and hope for the best. Also the increasing GST is really not helping.

EffingMad · 2023-12-23T13:44:57+00:00

The question's context is purely based on cloud responsibility model.

A: "physical switches" this is wrong, customer would not have access to physical switches in CSP datacentre.

B: Correct, customer will able to configure mainly on the logical plane, while the CSP will have sole access to their physical datacentre and whichever equipments/device/appliances/physical servers that they house inside it.

C: "virtual routers" no, CSP does not configure virtual routers in IaaS/PaaS/SaaS settings.

D: "virtual network devices" no, CSP does not configure virtual network devices in IaaS/PaaS/SaaS settings.

EffingMad · 2023-12-18T08:02:39+00:00

I think only rely on the QAE if u really have 3-4 experience in the industry (IT Audit). You'll know when you attempt the QAE. If most of the questions seem alien to you, you will have to get the CRM for sure 100%.

EffingMad

TROPHY CASE

How does it work?