REVIEW: "Advanced CISSP Prep Guide: Exam Q & A", Ronald L. Krutz/Russell Dean Vines

[InfoSec News <isn () c4i org>]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKADCIPG.RVW   20030110

"Advanced CISSP Prep Guide: Exam Q & A", Ronald L. Krutz/Russell Dean
Vines, 2003, 0-471-23663-2, U$50.00/C$77.50/UK#37.50
%A   Ronald L. Krutz
%A   Russell Dean Vines
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2003
%G   0-471-23663-2
%I   John Wiley & Sons, Inc.
%O   U$50.00/C$77.50/UK#37.50 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0471236632/robsladesinterne
%P   331 p. + CD-ROM
%T   "Advanced CISSP Prep Guide: Exam Q & A"

Like "The Total CISSP Exam Prep Book" (cf. BKTCIEPB.RVW) before it,
this volume contains no tutorial material, only questions, and then
questions and answers.  The format is quite similar to the Peltier
work, with the book divided into the standard ten domains.  A major
difference is the inclusion of a CD-ROM with a testing engine.  Every
CISSP candidate wants sample exams and sample questions, so the query
remains, are the questions any good?

The CD-ROM contains "the Boson-powered test engine," but the questions
are not quite as simplistic as those on the Boson exams.  They tend to
be longer, and, at first glance, look a lot more like real CISSP exam
questions.  However, upon closer examination, two problems become
obvious.  One is that a number of the questions are still very simple,
despite the additional verbiage.  They concentrate on pure recitation
of facts, without the analysis and critical thinking that the actual
exam requires.  The second issue is that a large number of questions
rely on very specific, and often esoteric facts.  Again, this is
counter to the genuine test, where concepts and principles are
emphasized.

Occasionally these two difficulties combine in a single question, such
as "Which choice below is NOT one of NIST's 33 IT security
principles?"  If you haven't fully memorized NIST's 33 security
principles, don't worry.  Even if you have no idea where to find
NIST's 33 security principles you can still get the answer.  One of
your options is "Totally eliminate any level of risk."  Even the
rawest security neophyte can tell you that, since this is impossible,
it obviously has to be the right answer.

This book may give you a somewhat better idea of the types of
questions you may encounter, and the range of topics you may need to
know.  As preparation for the exam, however, it will both scare you
unnecessarily (although if it drives you to take the ISC2 course, that
might not be a bad thing), and fail to prepare you fully.

copyright Robert M. Slade, CISSP, 2003   BKADCIPG.RVW   20030110

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
          March 31, 2003           Indianapolis, IN



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.