[ISN] REVIEW: "CISSP Practice Questions Exam Cram 2", Michael C. Gregg

From: InfoSec News (isn@private)
Date: Wed Aug 24 2005 - 02:44:10 PDT


Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@private>

BKCISPE2.RVW   20050614

"CISSP Practice Questions Exam Cram 2", Michael C. Gregg, 2005,
0-7897-3305-6, U$29.99/C$42.99/UK#21.99
%A   Michael C. Gregg
%C   201 W. 103rd Street, Indianapolis, IN   46290
%D   2005
%G   0-7897-3305-6
%I   Macmillan Computer Publishing (MCP)
%O   U$29.99/C$42.99/UK#21.99 800-858-7674 info@private pr@private
%O  http://www.amazon.com/exec/obidos/ASIN/0789733056/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0789733056/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0789733056/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   202 p. + CD-ROM
%T   "CISSP Practice Questions Exam Cram 2"

All CISSP (Certified Information Systems Security Professional)
candidates want sample questions to practice on before they write the
exam.  This set is not the worst I've seen (that would have been the
question volume of the "CISSP Examination Textbooks" [cf.
BKCISPET.RVW]), but it comes close.

As usual, the book is divided into chapters by the domains of the
CISSP CBK (Common Body of Knowledge).  The questions are on the
simplest level of the questioning taxonomy; fact based; rather than
occupying the analytical and critical thinking levels that most actual
CISSP exam questions represent.  (Krutz and Vines' "Advanced CISSP
Prep Guide: Exam Q & A" [cf. BKADCIPG.RVW] is as simplistic, but also
tends to veer off-topic.)  Wording on the questions is careless: a
question that asks about "effectiveness" probably really means
efficiency, otherwise the answer given is incorrect.  Gregg seems to
have decided and doctrinaire opinions, probably based on a quick
reading of one of the less accurate CISSP exam guides.  There is an
attempt to make many of these simplistic questions more "complex" by
creating scenarios: generally the scenarios have nothing to do with
the point of the question and are simply excess verbiage.  Major
concepts are left out: in access controls, for example, Gregg seems to
have no idea of the difference between access controls and overall
security control types, and there is nothing to address the major
topics of identification, authentication, authorization, and
accountability.  The telecommunications chapter has almost no
questions on basic data communications concepts.  (And Ethernet is
*not* synchronous communication: a frame can be transmitted at any
time.  I suspect Gregg thinks any block communication is synchronous,
and it's been a long time since that was true.)  Building construction
and layered defence issues are missing from physical security.  Lots
of stuff is missing from the cryptography section, and there is a
larger number of errors than in other domains.  Astoundingly, the
security management quiz has almost nothing on policy.  Investigations
are the primary concern in that domain, with very little relating to
law (or ethics).  Malware gets all of one question in application
security.

The majority of answers given are not wrong as such: a qualified
security professional would probably get most of them right, albeit
with much head-scratching.  (In this, the book is similar to "The
Total CISSP Exam Prep Book" [cf. BKTCIEPB.RVW].)  However, this set of
questions would not provide a good basis for assessing your chances of
passing the CISSP exam.

copyright Robert M. Slade, 2005   BKCISPE2.RVW   20050614


======================  (quote inserted randomly by Pegasus Mailer)
rslade@private      slade@private      rslade@private
 Book review menus:   http://victoria.tc.ca/techrev/mnbk.htm
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org 



This archive was generated by hypermail 2.1.3 : Wed Aug 24 2005 - 02:49:20 PDT