BKCISPE2.RVW 20050614 "CISSP Practice Questions Exam Cram 2", Michael C. Gregg, 2005, 0-7897-3305-6, U$29.99/C$42.99/UK#21.99 %A Michael C. Gregg %C 201 W. 103rd Street, Indianapolis, IN 46290 %D 2005 %G 0-7897-3305-6 %I Macmillan Computer Publishing (MCP) %O U$29.99/C$42.99/UK#21.99 800-858-7674 info@mcp.com pr@mcp.com %O http://www.amazon.com/exec/obidos/ASIN/0789733056/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0789733056/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0789733056/robsladesin03-20 %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation) %P 202 p. + CD-ROM %T "CISSP Practice Questions Exam Cram 2" All CISSP (Certified Information Systems Security Professional) candidates want sample questions to practice on before they write the exam. This set is not the worst I've seen (that would have been the question volume of the "CISSP Examination Textbooks" [cf. BKCISPET.RVW]), but it comes close. As usual, the book is divided into chapters by the domains of the CISSP CBK (Common Body of Knowledge). The questions are on the simplest level of the questioning taxonomy; fact based; rather than occupying the analytical and critical thinking levels that most actual CISSP exam questions represent. (Krutz and Vines' "Advanced CISSP Prep Guide: Exam Q & A" [cf. BKADCIPG.RVW] is as simplistic, but also tends to veer off-topic.) Wording on the questions is careless: a question that asks about "effectiveness" probably really means efficiency, otherwise the answer given is incorrect. Gregg seems to have decided and doctrinaire opinions, probably based on a quick reading of one of the less accurate CISSP exam guides. There is an attempt to make many of these simplistic questions more "complex" by creating scenarios: generally the scenarios have nothing to do with the point of the question and are simply excess verbiage. Major concepts are left out: in access controls, for example, Gregg seems to have no idea of the difference between access controls and overall security control types, and there is nothing to address the major topics of identification, authentication, authorization, and accountability. The telecommunications chapter has almost no questions on basic data communications concepts. (And Ethernet is *not* synchronous communication: a frame can be transmitted at any time. I suspect Gregg thinks any block communication is synchronous, and it's been a long time since that was true.) Building construction and layered defence issues are missing from physical security. Lots of stuff is missing from the cryptography section, and there is a larger number of errors than in other domains. Astoundingly, the security management quiz has almost nothing on policy. Investigations are the primary concern in that domain, with very little relating to law (or ethics). Malware gets all of one question in application security. The majority of answers given are not wrong as such: a qualified security professional would probably get most of them right, albeit with much head-scratching. (In this, the book is similar to "The Total CISSP Exam Prep Book" [cf. BKTCIEPB.RVW].) However, this set of questions would not provide a good basis for assessing your chances of passing the CISSP exam. copyright Robert M. Slade, 2005 BKCISPE2.RVW 20050614