BKTCIEPB.RVW 20020823 "The Total CISSP Exam Prep Book", Thomas R. Peltier/Patrick D. Howard, 2002, 0-8493-1350-3, U$59.95 %A Thomas R. Peltier %A Patrick D. Howard %C 920 Mercer Street, Windsor, ON N9A 7C2 %D 2002 %G 0-8493-1350-3 %I Auerbach Publications %O U$59.95 800-950-1216 auerbach@wgl.com orders@crcpress.com %P 287 p. %T "The Total CISSP Exam Prep Book: Practice Questions, Answers, and Test Taking Tips and Techniques" Both the preface and the back cover copy stress the assertion that "until now, [CISSP (Certified Information Systems Security Professional) candidates] were not afforded the luxury of studying a single, easy-to-use manual." Despite the reservations that I may have about the quality of their works, this statement must surely be a shock to Shon Harris (cf. BKCISPA1.RVW), Mandy Andress (cf. BKCISPEC.RVW), S. Rao Vallabhaneni (cf. BKCISPET.RVW), and Ronald Krutz and Russell Vines (cf. BKCISPPG.RVW) and Carl Endorf (wait for it). (Well, I suppose that, technically, Vallabhaneni's is *two* books ...) It would be difficult to say that you could use this volume for study, either. It doesn't actually have any tutorial material, other than some advice on how to write the exam. Some of the tips are outdated, and most of the rest of the content is rather generic, such as the suggestion to eat a hearty breakfast before you go. (I'd suggest that you go easy on the recommendation to drink lots of coffee before you head off: some of the proctors can be pretty sticky about letting you go to the washroom.) What it does have is ten chapters (one for each of the CBK [Common Body of Knowledge] domains) of twenty five "exam" questions each. That's twenty five questions for physical security (the smallest domain) and twenty five questions for telecommunications (the largest). The questions in the chapters have explanations of which answers are right and which are wrong. Then there is a sample "exam," and then the same exam with the answers. Sample exams are highly sought after: it makes sense to know the type and style of questions that you may encounter on the exam. There is only one problem: (ISC)^2 doesn't hand out sample exams. In fact, they guard the exam questions rather closely. The sample exams at cccure.org are a staple in CISSP study groups, and there is a commercial outfit that will sell you a set that they have made up. Essentially, of course, this is what Peltier et al have done. So the question is, how close are the sample questions in this book to the real thing. The answer, unfortunately, is not very. Different people worked on the questions for different chapters, so the level of success varies. (Security management has possibilities, telecommunications is rather ghastly.) Ultimately, though, these questions are not representative of what you will find on an actual CISSP exam. Those familiar with Bloom's Taxonomy of questions will know that you progress from simple questions of fact through synthesis of multiple facts through analysis based on synthesis to a level of judgement or critical thinking. Most of the questions a candidate will encounter on the CISSP exam are at the analytical or critical levels. Too many of the questions found in most sample exams are at the simple factual level. The questions in this current work do move beyond the simplistic, but they tend to turn on specific wording in some very weak references, rather than the principles and concepts encountered in the CISSP exam itself. (Appendix A is a bibliography used in the creation of the questions, and it is a decidedly poor one.) Some questions and answers are flatly wrong (planting malicious software is definitely *not* a passive attack). Others may have some point to their creation but get confused. One question states that a certain answer is not correct because the technology is not an encryption algorithm, but the "correct" answer isn't an algorithm either. This book may give you a very rough idea of the types of questions you may encounter, and the range of topics you may need to know. If you rely on it to prepare you for the exam, however, you may be in for a rude shock. copyright Robert M. Slade, CISSP, 2002 BKTCIEPB.RVW 20020823