"Advanced CISSP Prep Guide: Exam Q & A", Ronald L. Krutz/Russell Dean
Vines, 2003, 0-471-23663-2, U$50.00/C$77.50/UK#37.50
%A Ronald L. Krutz
%A Russell Dean Vines
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O U$50.00/C$77.50/UK#37.50 416-236-4433 fax: 416-236-4448
%P 331 p. + CD-ROM
%T "Advanced CISSP Prep Guide: Exam Q & A"
Like "The Total CISSP Exam Prep Book" (cf. BKTCIEPB.RVW) before it,
this volume contains no tutorial material, only questions, and then
questions and answers. The format is quite similar to the Peltier
work, with the book divided into the standard ten domains. A major
difference is the inclusion of a CD-ROM with a testing engine. Every
CISSP candidate wants sample exams and sample questions, so the query
remains, are the questions any good?
The CD-ROM contains "the Boson-powered test engine," but the questions
are not quite as simplistic as those on the Boson exams. They tend to
be longer, and, at first glance, look a lot more like real CISSP exam
questions. However, upon closer examination, two problems become
obvious. One is that a number of the questions are still very simple,
despite the additional verbiage. They concentrate on pure recitation
of facts, without the analysis and critical thinking that the actual
exam requires. The second issue is that a large number of questions
rely on very specific, and often esoteric facts. Again, this is
counter to the genuine test, where concepts and principles are
Occasionally these two difficulties combine in a single question, such
as "Which choice below is NOT one of NIST's 33 IT security
principles?" If you haven't fully memorized NIST's 33 security
principles, don't worry. Even if you have no idea where to find
NIST's 33 security principles you can still get the answer. One of
your options is "Totally eliminate any level of risk." Even the
rawest security neophyte can tell you that, since this is impossible,
it obviously has to be the right answer.
This book may give you a somewhat better idea of the types of
questions you may encounter, and the range of topics you may need to
know. As preparation for the exam, however, it will both scare you
unnecessarily (although if it drives you to take the ISC2 course, that
might not be a bad thing), and fail to prepare you fully.
copyright Robert M. Slade, CISSP, 2003 BKADCIPG.RVW 20030110
rslade@... rslade@... slade@... p1@...
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
March 31, 2003 Indianapolis, IN