REVIEW: "The Total CISSP Exam Prep Book", Thomas R. Peltier/Patrick D. Howard
- BKTCIEPB.RVW 20020823
"The Total CISSP Exam Prep Book", Thomas R. Peltier/Patrick D. Howard,
2002, 0-8493-1350-3, U$59.95
%A Thomas R. Peltier
%A Patrick D. Howard
%C 920 Mercer Street, Windsor, ON N9A 7C2
%I Auerbach Publications
%O U$59.95 800-950-1216 auerbach@... orders@...
%P 287 p.
%T "The Total CISSP Exam Prep Book: Practice Questions, Answers, and
Test Taking Tips and Techniques"
Both the preface and the back cover copy stress the assertion that
"until now, [CISSP (Certified Information Systems Security
Professional) candidates] were not afforded the luxury of studying a
single, easy-to-use manual." Despite the reservations that I may have
about the quality of their works, this statement must surely be a
shock to Shon Harris (cf. BKCISPA1.RVW), Mandy Andress (cf.
BKCISPEC.RVW), S. Rao Vallabhaneni (cf. BKCISPET.RVW), and Ronald
Krutz and Russell Vines (cf. BKCISPPG.RVW) and Carl Endorf (wait for
it). (Well, I suppose that, technically, Vallabhaneni's is *two*
It would be difficult to say that you could use this volume for study,
either. It doesn't actually have any tutorial material, other than
some advice on how to write the exam. Some of the tips are outdated,
and most of the rest of the content is rather generic, such as the
suggestion to eat a hearty breakfast before you go. (I'd suggest that
you go easy on the recommendation to drink lots of coffee before you
head off: some of the proctors can be pretty sticky about letting you
go to the washroom.)
What it does have is ten chapters (one for each of the CBK [Common
Body of Knowledge] domains) of twenty five "exam" questions each.
That's twenty five questions for physical security (the smallest
domain) and twenty five questions for telecommunications (the
largest). The questions in the chapters have explanations of which
answers are right and which are wrong. Then there is a sample "exam,"
and then the same exam with the answers.
Sample exams are highly sought after: it makes sense to know the type
and style of questions that you may encounter on the exam. There is
only one problem: (ISC)^2 doesn't hand out sample exams. In fact,
they guard the exam questions rather closely. The sample exams at
cccure.org are a staple in CISSP study groups, and there is a
commercial outfit that will sell you a set that they have made up.
Essentially, of course, this is what Peltier et al have done. So the
question is, how close are the sample questions in this book to the
The answer, unfortunately, is not very. Different people worked on
the questions for different chapters, so the level of success varies.
(Security management has possibilities, telecommunications is rather
ghastly.) Ultimately, though, these questions are not representative
of what you will find on an actual CISSP exam. Those familiar with
Bloom's Taxonomy of questions will know that you progress from simple
questions of fact through synthesis of multiple facts through analysis
based on synthesis to a level of judgement or critical thinking. Most
of the questions a candidate will encounter on the CISSP exam are at
the analytical or critical levels. Too many of the questions found in
most sample exams are at the simple factual level. The questions in
this current work do move beyond the simplistic, but they tend to turn
on specific wording in some very weak references, rather than the
principles and concepts encountered in the CISSP exam itself.
(Appendix A is a bibliography used in the creation of the questions,
and it is a decidedly poor one.) Some questions and answers are
flatly wrong (planting malicious software is definitely *not* a
passive attack). Others may have some point to their creation but get
confused. One question states that a certain answer is not correct
because the technology is not an encryption algorithm, but the
"correct" answer isn't an algorithm either.
This book may give you a very rough idea of the types of questions you
may encounter, and the range of topics you may need to know. If you
rely on it to prepare you for the exam, however, you may be in for a
copyright Robert M. Slade, CISSP, 2002 BKTCIEPB.RVW 20020823
rslade@... rslade@... slade@... p1@...
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
November 25, 2002 November 29,2002 Toronto, ON, Canada
December 16, 2002 December 20,2002 San Francisco, CA
February 10, 2003 February 14, 2003 St. Louis, MO