REVIEW: "CISSP Practice Questions Exam Cram 2", Michael C. Gregg

Discussion in 'Computer Security' started by Robert Michael Slade, Aug 22, 2005.

  1. BKCISPE2.RVW 20050614

    "CISSP Practice Questions Exam Cram 2", Michael C. Gregg, 2005,
    0-7897-3305-6, U$29.99/C$42.99/UK#21.99
    %A Michael C. Gregg
    %C 201 W. 103rd Street, Indianapolis, IN 46290
    %D 2005
    %G 0-7897-3305-6
    %I Macmillan Computer Publishing (MCP)
    %O U$29.99/C$42.99/UK#21.99 800-858-7674
    %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
    %P 202 p. + CD-ROM
    %T "CISSP Practice Questions Exam Cram 2"

    All CISSP (Certified Information Systems Security Professional)
    candidates want sample questions to practice on before they write the
    exam. This set is not the worst I've seen (that would have been the
    question volume of the "CISSP Examination Textbooks" [cf.
    BKCISPET.RVW]), but it comes close.

    As usual, the book is divided into chapters by the domains of the
    CISSP CBK (Common Body of Knowledge). The questions are on the
    simplest level of the questioning taxonomy; fact based; rather than
    occupying the analytical and critical thinking levels that most actual
    CISSP exam questions represent. (Krutz and Vines' "Advanced CISSP
    Prep Guide: Exam Q & A" [cf. BKADCIPG.RVW] is as simplistic, but also
    tends to veer off-topic.) Wording on the questions is careless: a
    question that asks about "effectiveness" probably really means
    efficiency, otherwise the answer given is incorrect. Gregg seems to
    have decided and doctrinaire opinions, probably based on a quick
    reading of one of the less accurate CISSP exam guides. There is an
    attempt to make many of these simplistic questions more "complex" by
    creating scenarios: generally the scenarios have nothing to do with
    the point of the question and are simply excess verbiage. Major
    concepts are left out: in access controls, for example, Gregg seems to
    have no idea of the difference between access controls and overall
    security control types, and there is nothing to address the major
    topics of identification, authentication, authorization, and
    accountability. The telecommunications chapter has almost no
    questions on basic data communications concepts. (And Ethernet is
    *not* synchronous communication: a frame can be transmitted at any
    time. I suspect Gregg thinks any block communication is synchronous,
    and it's been a long time since that was true.) Building construction
    and layered defence issues are missing from physical security. Lots
    of stuff is missing from the cryptography section, and there is a
    larger number of errors than in other domains. Astoundingly, the
    security management quiz has almost nothing on policy. Investigations
    are the primary concern in that domain, with very little relating to
    law (or ethics). Malware gets all of one question in application

    The majority of answers given are not wrong as such: a qualified
    security professional would probably get most of them right, albeit
    with much head-scratching. (In this, the book is similar to "The
    Total CISSP Exam Prep Book" [cf. BKTCIEPB.RVW].) However, this set of
    questions would not provide a good basis for assessing your chances of
    passing the CISSP exam.

    copyright Robert M. Slade, 2005 BKCISPE2.RVW 20050614


    Find virus, book info
    Mirrored at
    Review mailing list: send mail to
    "Robert Slade's Guide to Computer Viruses" 0-387-94663-2
    "Viruses Revealed" 0-07-213090-3
    "Software Forensics" 0-07-142804-6
    Robert Michael Slade, Aug 22, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.