Just got my results back and scored 68% on the CSX Fundamentals. The passing score is 75% so I came up 7 points short. I've registered for a retake in 6 weeks and I want to figure out where my weakest areas were so I can fix them this time rather than just re-covering the same ground.
Looking at my score breakdown, Incident Response and Threat Intelligence were both well below my overall — probably around 55–60% on those subsections by my estimate. Network Defense and Cryptography felt solid during the exam, those sections I'm not worried about.
I studied for about 5 weeks the first time at roughly 1 hour a day and I think I spread myself too thin trying to cover everything evenly. For the retake I'm planning 90 minutes a day with the majority going toward IR frameworks and threat modeling. Anyone who's gone through a similar retake situation and come out on the other side?
Make sure you know the specific distinctions between containment, eradication, and recovery phases — those came up multiple times in my exam and are easy to blur when you're under pressure and second-guessing yourself.
Threat Intelligence was brutal for me too. I spent 2 full weeks on threat actor frameworks and IOC analysis the second time around and bumped that subsection from an estimated 58% to what felt like high 70s on the retake.
I passed on my second attempt after failing at 71%. I zeroed in on the NIST IR lifecycle and memorized the phases cold — it came up in about 5 questions on my retake alone. Focused study on weak areas beats broad review every time.
90 minutes a day for 6 weeks should be plenty given you're not starting from scratch. Don't ignore the scenario-based questions — I found the ISACA practice scenarios closer to the real exam format than flashcard-style materials.