How difficult is the CCSK exam? It will probably depend on your background and experience, but most candidates find that CCSK is not an easy exam.
Why is it not easy ? That is because it tests your knowledge and understanding of a wide range of cloud security domains (the big picture of cloud security). And also because the exam has a passing score of 80%, which is a high passing score.
CCSK has 16 domains
Let’s have a look at these domains :
1 : cloud computing concepts and architectures
2 : governance and enterprise risk management
3 : legal issues, contracts and electronic discovery
4 : compliance and audit management
5 : information governance
6 : management plane and business continuity
7 : infrastructure security
8 : virtualization and containers
9 : incident response
10 : application security
11 : data security and encryption
12 : identity, entitlement and access management
13 : security as a service
14 : related technologies
15 : cloud control matrix (CCM)
16 : cloud computing risk assessment (ENISA)
CCSK domains scope
When you think about it, this is quite a large range of topics that you need to digest. These domains cover the architectural, legal, risk, compliance, technical, audit, governance and operational aspects of cloud security.
This is the big picture of cloud security. And you need to be fully comfortable with all these domains before you attempt the CCSK exam.
CCSK covers both the tactical and strategic aspects of cloud security, and this is the challenge. You want to master both to be able to pass the exam.
Maybe you are mainly a technical person or you are mainly a business person. Or you have some practical experience with only a few of these domains. Then you’re likely going to expand your knowledge of cloud security by studying for CCSK.
It can be hard work but It will be highly rewarding, considering the current demand for cloud security experts.
As the cloud expands, the need for cloud security skills is getting bigger, and CCSK holders are in high demand. Clearly, you will gain a lot by learning and mastering these domains.
the CCSK exam is challenging
The CCSK exam is open book, but that doesn’t make it easier than a closed book exam.
With 60 questions to answer in 90 minutes, and a passing score of 80% , you will ﬁnd it very diﬃcult – if not impossible – to search the CCSK documents for every question.
Don’t think you can go there with no or little preparation and figure out the answers on the fly just by searching the documents. You just won’t have enough time.
And even if you can turbo search the CCSK documents at light speed, it won’t work. That’s because the exam questions are not designed in a way that allows you to answer them after a simple search.
To pass the CCSK exam, you really need to master all the CCSK domains, in and out, and in context. There is no quick and easy shortcut.
how to prepare for CCSK
Basically, you have 3 options:
1. self-study : you can download the CCSK self-prep kit and study on your own.
This is a budget-friendly option as the CCSK self-prep kit can be obtained at no cost directly from the Cloud Security Alliance website.
You will still need to purchase a CCSK exam token to take the exam.
2. self-paced : this is ideal if you want to get access to the official CCSK training but your work or personal schedule doesn’t allow you to be away for a few days and attend a live instructor-led training session.
The main benefit is that you study whenever you can and from wherever you can access the self-paced videos.
3. instructor-led : official CCSK training with a CCSK instructor, either online or onsite – probably mainly online at the moment because of the current pandemic.
You can ask your questions directly to the instructor and have them answered during the training session. This is a very efficient way to study and prepare for CCSK.
This is probably the best option. Within a few days and by the end of the live session, most of the cloud security concepts you need to master for the exam will have demystified.
prepare with a CCSK Authorized Instructor
When you register for self-paced or instructor-led training you should always prefer training sessions delivered by CCSK Authorized Instructors.
They are proven cloud security experts with practical experience and they have passed the CCSK exam themselves. In addition they will always teach the most up-to-date CCSK version (version 4.1 at the time of writing).
As a result, you will be thoroughly prepared and your chances of passing the CCSK exam will increase.
the official CCSK training
The official CCSK training comes in 2 forms :
CCSK Foundation covers the theory only – that is all the concepts from all the CCSK domains that you need to master for the exam. You can find all the CCSK Foundation details here .
CCSK Plus covers all the theory just like CCSK Foundation, and it also has hands-on labs (currently on AWS and Azure).
With the hands-on labs you will be able to demonstrate and implement the CCSK concepts in a real cloud environment. This is ideal and recommended if you don’t have any recent cloud experience. You will find all the CCSK Plus details here .
a CCSK exam token is included with the official CCSK Foundation and CCSK Plus trainings.
useful CCSK resources
The Circle CSA community platform has a CCSK Forum here , where you can engage with CCSK holders and CCSK instructors.
Cloud Security Alliance launched this forum in 2020. This is a good place to join if you have CCSK related questions and you need some specific topics to be further clarified.
You will find in this forum discussions on cloud deployment pros and cons , virtualisation components , sql injections , fuzzing , access controls , enterprise risk management , elevation of privilege, and much more.
The domain weights for the CCSK exam are detailed in the Cloud Security Alliance “Roadmap to Earning Your CCSK” article here .
You will also read in this article that only 62% of candidates pass the CCSK exam with just 1 exam token, which confirms CCSK is not an easy exam.
And you can download the CCSK self-prep kit here . It comes with 3 important documents – they form together the 16 CCSK domains :
- Security Guidance for critical areas of focus in cloud computing – version 4
- Cloud Computing – Benefits, risks and recommendations for information security (ENISA)
- Cloud Control Matrix (CCM)
CCSK is not an easy exam, but with the right focus and the right preparation you can certainly make it to that level of cloud security knowledge that is expected to pass the exam.
You will then become a highly sought after CCSK holder.
Check our CloudSecurityPass training dates here if you are interested in booking a CCSK official training session.