The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'CISSP Exam Cram'

Cover of CISSP Exam Cram
TitleCISSP Exam Cram
Author(s)Mandy Andress
ISBN1588800296
LanguageEnglish
PublishedSeptember 2001
PublisherThe Coriolis Group
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer security
Amazon.com info for CISSP Exam Cram

Score:

Vote for this book

The Virtual Bookcase Reviews of 'CISSP Exam Cram':

Reviewer Rob Slade wrote:
It is interesting, and somewhat disturbing, to note that while there are a number of effusive quotes on and inside the cover extolling the virtues of the Exam Cram series, none specifically mention this book. Bound into the inside front cover is a cram sheet, with 50 points on it that are obviously supposed to be vitally important to the exam. Leaving aside both the simplistic nature of the information presented, and the difficulty of answering a 250 question exam with a mere 50 points, we only have to get to the third point on the sheet before we run into rather significant errors. (Role-based access control is not an alternative to discretionary or mandatory controls, but can implement either.) This does not bode well. The introduction explains the CISSP (Certified Information Systems Security Professional) designation. The text makes frequent references to the (ISC)^2 web site, but, since the recent site redesign, all these URLs are incorrect. There is also a short self- assessment section, intended to help you determine whether or not you are prepared for the exam, but the vague and generic metrics suggested are unlikely to help determine your readiness. Chapter one's discussion of the exam, and techniques for writing the exam, does contain some useful recommendations (if you don't know, answer anyway), but other advice is problematic, and may be detrimental. Access control, in chapter two, is the first of the ten domains of the Common Body of Knowledge (CBK) of the CISSP. The material is presented as a list of key terms and phrases, and the presentation might be helpful to the exam candidate were it not for the extremely limited nature of the deliberation and frequent errors. For some reason a significant amount of space is given to topics (like SYN floods) that do not belong in this domain. There is a brief list of questions at the end of the chapter, with answers and discussion presented immediately afterward. Unfortunately, these questions are so simplistic that they cannot be said to represent, in any way, the exam itself, and the wording is so careless that it is often impossible to say whether the answers given are, in fact, right or wrong. Chapter three provides an almost random assortment of topics related to telecommunications and networking. (There is a modicum of structure in that subjects are grouped together, but there is no logical flow: IPsec is discussed before the base IP concepts are covered.) There are many problems with the material: it is difficult to say whether the definition of a "circuit gateway" firewall means anything, let alone is right or wrong, and we are told that SSL (Secure Sockets Layer) is only used for host-to-host communications and resides in the session layer. (The book contradicts itself: chapter six does note that SSL is used between client browser and web server.) Again, many irrelevant topics are included while important areas are missed. (PPP (Point-to-Point Protocol) is listed, PPTP (Point-to-Point Tunnelling Protocol) is not.) Security management practices are not covered in chapter four: the vital areas of policies and risk analysis are given brief mention at the end of a meandering and incomplete list of management concerns. Another haphazard catalogue of terms takes the place of the applications development domain in chapter five. (The definition of a virus is that of a trojan and the definition for a worm seems to fit payload.) That the author is unfamiliar with basic concepts of cryptography is obvious when, in chapter six, "strong encryption" is defined as the use of a 128-bit key. (In the discussion of triple DES (Data Encryption Standard), the "meet-in-the-middle" attack is obviously confused with "man-in-the-middle.") Chapter seven's review of security architectures contains another arbitrary list of computer architecture topics. There is some material that is security related, but in the discussion of the Bell-La Padula model, about the only reliable information is that it involves security levels. Operations security is fairly straightforward, so chapter eight doesn't make any glaring errors. (The content is, however, very terse.) Much the same holds true for business continuity and disaster recovery in chapter nine. Aside from an over-emphasis on US legislation, chapter ten does not do a really bad job with law, investigation, and ethics. Chapter eleven collates some checklists related to physical security, but has numerous gaps in the discussion of the overall topic. About the best that can be said for this book is that most of the items in the common body of knowledge get a mention at some point. Beyond that, the material is too scattered and unreliable to be used either to study for the CISSP exam (unless you want to play "spot the error"), or even as a quick guide for those charged with security. copyright Robert M. Slade, 2002
Add my review for CISSP Exam Cram

Book description:

The CISSP Exam Cram is an exciting new study guide for the rapidly growing number of professionals seeking to pass the CISSP certification exam. Clear, concise, and highly focused content lays out core technologies covered on the exam like Access Control, Compute Operations Security, Cryptography, Application Program Security, Communications Security, and Systems and Physical Security. Candidates gain a significant advantage during the test from the book's tear-out cram sheets and memory joggers, sections on proven test-taking strategies, warnings on trick questions, and time-saving study tips.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement