Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] REVIEW: "CISSP Practice Questions Exam Cram 2", Michael C. Gregg

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] REVIEW: "CISSP Practice Questions Exam Cram 2", Michael C. Gregg
Date: Wed, 24 Aug 2005 04:44:10 -0500 (CDT) 
Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" 
<rslade@sprint.ca>

BKCISPE2.RVW   20050614

"CISSP Practice Questions Exam Cram 2", Michael C. Gregg, 2005,
0-7897-3305-6, U$29.99/C$42.99/UK#21.99
%A   Michael C. Gregg
%C   201 W. 103rd Street, Indianapolis, IN   46290
%D   2005
%G   0-7897-3305-6
%I   Macmillan Computer Publishing (MCP)
%O   U$29.99/C$42.99/UK#21.99 800-858-7674 info@mcp.com pr@mcp.com
%O  http://www.amazon.com/exec/obidos/ASIN/0789733056/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0789733056/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0789733056/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   202 p. + CD-ROM
%T   "CISSP Practice Questions Exam Cram 2"

All CISSP (Certified Information Systems Security Professional)
candidates want sample questions to practice on before they write the
exam.  This set is not the worst I've seen (that would have been the
question volume of the "CISSP Examination Textbooks" [cf.
BKCISPET.RVW]), but it comes close.

As usual, the book is divided into chapters by the domains of the
CISSP CBK (Common Body of Knowledge).  The questions are on the
simplest level of the questioning taxonomy; fact based; rather than
occupying the analytical and critical thinking levels that most actual
CISSP exam questions represent.  (Krutz and Vines' "Advanced CISSP
Prep Guide: Exam Q & A" [cf. BKADCIPG.RVW] is as simplistic, but also
tends to veer off-topic.)  Wording on the questions is careless: a
question that asks about "effectiveness" probably really means
efficiency, otherwise the answer given is incorrect.  Gregg seems to
have decided and doctrinaire opinions, probably based on a quick
reading of one of the less accurate CISSP exam guides.  There is an
attempt to make many of these simplistic questions more "complex" by
creating scenarios: generally the scenarios have nothing to do with
the point of the question and are simply excess verbiage.  Major
concepts are left out: in access controls, for example, Gregg seems to
have no idea of the difference between access controls and overall
security control types, and there is nothing to address the major
topics of identification, authentication, authorization, and
accountability.  The telecommunications chapter has almost no
questions on basic data communications concepts.  (And Ethernet is
*not* synchronous communication: a frame can be transmitted at any
time.  I suspect Gregg thinks any block communication is synchronous,
and it's been a long time since that was true.)  Building construction
and layered defence issues are missing from physical security.  Lots
of stuff is missing from the cryptography section, and there is a
larger number of errors than in other domains.  Astoundingly, the
security management quiz has almost nothing on policy.  Investigations
are the primary concern in that domain, with very little relating to
law (or ethics).  Malware gets all of one question in application
security.

The majority of answers given are not wrong as such: a qualified
security professional would probably get most of them right, albeit
with much head-scratching.  (In this, the book is similar to "The
Total CISSP Exam Prep Book" [cf. BKTCIEPB.RVW].)  However, this set of
questions would not provide a good basis for assessing your chances of
passing the CISSP exam.

copyright Robert M. Slade, 2005   BKCISPE2.RVW   20050614


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
 Book review menus:   http://victoria.tc.ca/techrev/mnbk.htm
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] REVIEW: "CISSP Practice Questions Exam Cram 2", Michael C. Gregg, InfoSec News <=
Previous by Date:  [ISN] Sarbanes-Oxley seen as biggest IT time waster, InfoSec News
Next by Date:  [ISN] Schoolboy Detained for Hacking Russian State Banks Website, InfoSec News
Previous by Thread:  [ISN] Sarbanes-Oxley seen as biggest IT time waster, InfoSec News
Next by Thread:  [ISN] Schoolboy Detained for Hacking Russian State Banks Website, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]