IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled


"Advanced CISSP Prep Guide: Exam Q & A", Ronald L. Krutz/Russell Dean Vines, 2003, 0-471-23663-2, U$50.00/C$77.50/UK#37.50
%A Ronald L. Krutz
%A Russell Dean Vines
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%D 2003
%G 0-471-23663-2
%I John Wiley & Sons, Inc.
%O U$50.00/C$77.50/UK#37.50 416-236-4433 fax: 416-236-4448
%O http://www.amazon.com/exec/obidos/ASIN/0471236632/robsladesinterne
%O http://www.amazon.ca/exec/obidos/ASIN/0471236632/robsladesin03-20
%P 331 p. + CD-ROM
%T "Advanced CISSP Prep Guide: Exam Q & A"

See also "The CISSP Prep Guide Gold Edition", Ronald L. Krutz/Russell Dean Vines, 2003

Like "The Total CISSP Exam Prep Book" (cf. BKTCIEPB.RVW) before it, this volume contains no tutorial material, only questions, and then questions and answers. The format is quite similar to the Peltier work, with the book divided into the standard ten domains. A major difference is the inclusion of a CD-ROM with a testing engine. Every CISSP candidate wants sample exams and sample questions, so the query remains, are the questions any good?

The CD-ROM contains "the Boson-powered test engine," but the questions are not quite as simplistic as those on the Boson exams. They tend to be longer, and, at first glance, look a lot more like real CISSP exam questions. However, upon closer examination, two problems become obvious. One is that a number of the questions are still very simple, despite the additional verbiage. They concentrate on pure recitation of facts, without the analysis and critical thinking that the actual exam requires. The second issue is that a large number of questions rely on very specific, and often esoteric facts. Again, this is counter to the genuine test, where concepts and principles are emphasized.

Occasionally these two difficulties combine in a single question, such as "Which choice below is NOT one of NIST's 33 IT security principles?" If you haven't fully memorized NIST's 33 security principles, don't worry. Even if you have no idea where to find NIST's 33 security principles you can still get the answer. One of your options is "Totally eliminate any level of risk." Even the rawest security neophyte can tell you that, since this is impossible, it obviously has to be the right answer.

This book may give you a somewhat better idea of the types of questions you may encounter, and the range of topics you may need to know. As preparation for the exam, however, it will both scare you unnecessarily (although if it drives you to take the ISC2 course, that might not be a bad thing), and fail to prepare you fully.

copyright Robert M. Slade, CISSP, 2003 BKADCIPG.RVW 20030110