Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "CISSP Practice Questions Exam Cram 2", Michael C. Gregg

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCISPE2.RVW 20050614 CISSP Practice Questions Exam Cram 2 , Michael C. Gregg, 2005, 0-7897-3305-6, U$29.99/C$42.99/UK#21.99 %A Michael C. Gregg %C 201
    Message 1 of 2 , Aug 22, 2005
    • 0 Attachment
      BKCISPE2.RVW 20050614

      "CISSP Practice Questions Exam Cram 2", Michael C. Gregg, 2005,
      0-7897-3305-6, U$29.99/C$42.99/UK#21.99
      %A Michael C. Gregg
      %C 201 W. 103rd Street, Indianapolis, IN 46290
      %D 2005
      %G 0-7897-3305-6
      %I Macmillan Computer Publishing (MCP)
      %O U$29.99/C$42.99/UK#21.99 800-858-7674 info@... pr@...
      %O http://www.amazon.com/exec/obidos/ASIN/0789733056/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0789733056/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0789733056/robsladesin03-20
      %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 202 p. + CD-ROM
      %T "CISSP Practice Questions Exam Cram 2"

      All CISSP (Certified Information Systems Security Professional)
      candidates want sample questions to practice on before they write the
      exam. This set is not the worst I've seen (that would have been the
      question volume of the "CISSP Examination Textbooks" [cf.
      BKCISPET.RVW]), but it comes close.

      As usual, the book is divided into chapters by the domains of the
      CISSP CBK (Common Body of Knowledge). The questions are on the
      simplest level of the questioning taxonomy; fact based; rather than
      occupying the analytical and critical thinking levels that most actual
      CISSP exam questions represent. (Krutz and Vines' "Advanced CISSP
      Prep Guide: Exam Q & A" [cf. BKADCIPG.RVW] is as simplistic, but also
      tends to veer off-topic.) Wording on the questions is careless: a
      question that asks about "effectiveness" probably really means
      efficiency, otherwise the answer given is incorrect. Gregg seems to
      have decided and doctrinaire opinions, probably based on a quick
      reading of one of the less accurate CISSP exam guides. There is an
      attempt to make many of these simplistic questions more "complex" by
      creating scenarios: generally the scenarios have nothing to do with
      the point of the question and are simply excess verbiage. Major
      concepts are left out: in access controls, for example, Gregg seems to
      have no idea of the difference between access controls and overall
      security control types, and there is nothing to address the major
      topics of identification, authentication, authorization, and
      accountability. The telecommunications chapter has almost no
      questions on basic data communications concepts. (And Ethernet is
      *not* synchronous communication: a frame can be transmitted at any
      time. I suspect Gregg thinks any block communication is synchronous,
      and it's been a long time since that was true.) Building construction
      and layered defence issues are missing from physical security. Lots
      of stuff is missing from the cryptography section, and there is a
      larger number of errors than in other domains. Astoundingly, the
      security management quiz has almost nothing on policy. Investigations
      are the primary concern in that domain, with very little relating to
      law (or ethics). Malware gets all of one question in application
      security.

      The majority of answers given are not wrong as such: a qualified
      security professional would probably get most of them right, albeit
      with much head-scratching. (In this, the book is similar to "The
      Total CISSP Exam Prep Book" [cf. BKTCIEPB.RVW].) However, this set of
      questions would not provide a good basis for assessing your chances of
      passing the CISSP exam.

      copyright Robert M. Slade, 2005 BKCISPE2.RVW 20050614


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      The best of seers is he who guesses well. - Euripedes
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    • Rob, grandpa of Ryan, Trevor, Devon & Han
      BKCISPPQ.RVW 20071119 CISSP Practice Questions Exam Cram 2 , Michael C. Gregg, 2005, 0-7897-3305-6, U$29.99/C$42.99 %A Michael C. Gregg %C 201 W. 103rd
      Message 2 of 2 , Feb 28, 2008
      • 0 Attachment
        BKCISPPQ.RVW 20071119

        "CISSP Practice Questions Exam Cram 2", Michael C. Gregg, 2005,
        0-7897-3305-6, U$29.99/C$42.99
        %A Michael C. Gregg
        %C 201 W. 103rd Street, Indianapolis, IN 46290
        %D 2005
        %E Ed Tittel
        %G 0-7897-3305-6
        %I Que
        %O U$29.99/C$42.99 800-858-7674 317-581-3743 http://www.mcp.com
        %O http://www.amazon.com/exec/obidos/ASIN/0789733056/robsladesinterne
        http://www.amazon.co.uk/exec/obidos/ASIN/0789733056/robsladesinte-21
        %O http://www.amazon.ca/exec/obidos/ASIN/0789733056/robsladesin03-20
        %O Audience i Tech 1 Writing 1 (see revfaq.htm for explanation)
        %P 202 p. + CD-ROM
        %T "CISSP Practice Questions Exam Cram 2"

        There are a number of book versions of practice questions for those
        challenging the CISSP (Certified Information Systems Security
        Professional) exam. This is yet another.

        Most of the questions are far too simplistic to represent those on the
        CISSP exam. The vast majority of the queries in the book have simple
        fact-based answers, only occasionally moving into the realm of
        synthesis. The analytical and critical thinking challenges, dealing
        with conceptual issues, that make up the bulk of the CISSP exam are
        almost completely absent from this text. A great many questions in
        the book have a significant amount of extraneous and irrelevant detail
        added, apparently in an attempt to appear to be complex, but the
        solution almost inevitably turns out to be based on a rudimentary
        definition.

        In most cases the answers given would probably match those accepted if
        these questions were on the exam. Many of the resolutions turn on
        minor issues of wording, and the CISSP exam, while it does pay
        attention to terminology, frequently requires that you accept
        synonyms, in order to prove understanding rather than rote memory.

        Again, even if the answer is correct, sometimes the explanation makes
        no sense. A question on the multilevel Biba model, for example,
        properly identifies integrity as the major factor, but the explanation
        states that Biba is a model "in which security may only flow down."
        (It makes no sense to talk about the flow of "security" since the Biba
        model deals with information flow restrictions, and "down" needs to be
        defined in terms of accuracy.)

        Don't rely on this to pass the CISSP exam.

        copyright Robert M. Slade, 2007 BKCISPPQ.RVW 20071119


        ====================== (quote inserted randomly by Pegasus Mailer)
        rslade@... slade@... rslade@...
        Have no fear of perfection: you'll never reach it. - Salvador Dali
        http://victoria.tc.ca/techrev/rms.htm
      Your message has been successfully submitted and would be delivered to recipients shortly.