The CISSP Prep Guide: Gold Edition

This book is divided, correctly so, into the 10 domains covered on the CISSP exam. At the end of each chapter/domain, there are Sample Questions, Bonus Questions and Advanced Sample Questions, with the answers and explainations in the back of the book.

The Sample and Bonus Questions are simple review questions to help you gauge if you have a basic grasp of the subject matter. The Advanced Sample Questions are supposedly at the same level as the actual test questions.

What I've run in to with the Advanced questions is that THEY INTRODUCE NEW MATERIAL, NOT COVERED IN THE SUBJECT MATTER TEXT!! This is extemely frustrating. You read the question, know you don't know the answer, then review the section in the text where the answer should be, only you don't find it, because it is not covered. When you read the explaination of the answers in the back you discover new material and the assuption by the authors the reader is to make inferences.

A study guide should cover all the material in the subject matter text.

My confidence in using this book as my primary study guide is blown. How much critical material that will be on the exam has been left out? How much more am I supposed to infer?

I will update this review as I go forward.

Rating:
Summary: Good information but not necessarily on-target
Review: I studied for the CISSP exam using this book, parts of other books, and some online resources. I also took the seminar offered by ISC^2. A month after completing the seminar, I took the exam. And about a week or so after that, I was relieved to find out that I had passed. Based on my experience, here are some words to the wise about this book in reference to the actual exam.

A review of any preparatory book has to be done in comparison with other books that attempt to do the same. It is no use criticizing a particular book only to find out that no better resource exists. However, it is important to highlight how a particular book compares with the actual goal of preparing the student for the particular exam that has to be taken. With that in mind, I will state up front that IMHO this book is probably one of the better books out there when preparing for the CISSP exam. (I have not read the Shon Harris book so I can not comment on it. However, from what I've heard, it is better in its coverage of the not-so-technical domains of the CISSP exam like Security Models and Law/Ethics. Perhaps a combination of these two books would be most effective in terms of preparing for the exam -- along with other resources of course.)

Coverage of some of the technical topics in this book seems very good. I was particularly impressed with their coverage of the Cryptography chapter -- it is a difficult topic and the book seems to do a decent job of covering it. However, be aware that the coverage of this topic in the book is above and beyond the level required for CISSP. The authors go into significant details on certain algorithms etc. which is absolutely unnecessary for CISSP. On the other hand, the authors don't seem to explain (in a clear, comprehensive manner) how symmetric and asymmetric cryptography ties in together when carrying out a typical secure session over the internet -- including the exchange of asymmetric keys for securely exchanging symmetric keys which then can be used for data transfer as well as the authentication process using digital signatures. Another example of an area where the book seems to dwell too deep into topics which are only required at an inch-deep level for CISSP purposes is the section on Kerberos. However, one should keep in mind that a little extra knowlege never hurt anyone. (The only problem is that when studying for the exam, one may get the impression that a particular topic will indeed be covered in such detail -- which obviously is a false impression). In other areas, I found that the section on Security Models was not very well done and seemed disparate at times in its coverage. This was certainly one area where I found other sources to significantly add to my understanding of the topic.

Some people have stated that a number of questions presented in the Advanced Questions section of the book are not covered in the chapter reading and that this is a problem with the book. However, if one views these questions as further study/information material and not necessarily a test of one's understanding of the chapter, this problem goes away. The fact is that the authors provide independent, detailed explanation in answer to each question presented in the Advanced Questions section and these explanations serve to provide further information that was not present in the chapter reading. As such, I found this quite useful since it added to my knowledge rather than just testing on what I had read. For those who wish to test their understanding of the material, there is a good "testing" resource online at www.cccure.org.

Overall, the authors seem very knowledgeable about all of the domains and present the material in a clear manner. In fact, given the breadth of the material in CISSP domains, their depth in certain areas is quite impressive.

I have often heard people say that the CISSP exam tests your experience in the security field, and that is not something you can gain from a book. Don't take this statement lightly! Books such as this one can only give you the theory behind "common sense" decisions that a security personnel would make during his/her daily work. They provide a good foundation. When it comes to the exam, use many resources (including this book of course), don't get caught in the details, and think common sense -- but with a security perspective!

Rating:
Summary: Vital information missing from chapters.
Review: Ironically, the chapters are fairly well written, clear and consise, as opposed to another popular all-in-one CISSP book. However, the reason for my one-star review is: I went through the chapters and took the "sample" and "bonus" questions to review, then proceeded to the real McCoy, the "advanced questions" that are "representative of the real exam". Well, about 1/2 the questions refer to material that is NOT even COVERED in the chapters. Confusing? Frustrating?? Dissappointing??? To say the least.

Rating:
Summary: Vicks should publish this under the NyQuil brand
Review: The CISSP Prep Guide: Gold Edition is a very comprehensive, technical guide that will help you pass the CISSP. It is also horrible to read. If you need a reference guide to build on a few weak areas covered by this exam then you might find this book a valuable reference. I am very familiar with Telecom and networking, but need to read up on most other section. For this, I have been turning to a book purchased by a co-worker: CISSP Cert Exam Guide by Shon Harris. I don't know if the Harris book has the same information coverage as the Gold Edition, but it is far easier to read. Take this advice: Read a few sections of each book. These are too expensive to take the chance - I took the chance and regret it...

Rating:
Summary: Good CISSP reference prep guide
Review: The CISSP Prep Guide: Gold Edition is a very good reference for anyone wanting to study for the exam.

The Gold Edition is quite comprehensive, and covers all of the core elements of the CBK. The often overly technical writing makes the book difficult to read at times.

While most test software that comes with books is often second rate, the CD-ROM Prep Exam guides are quite valuable. The CD-ROM contains over 360 questions on the 10 areas of the CBK.

While no one should not base his or her entire CISSP exam preparation on any single reference, The CISSP Prep Guide: Gold Edition is nonetheless a good place to start.

Rating:
Summary: Don't study just one book!
Review: There are 250 questions in the exam. Since the authors are all CISSPs, they are not allowed to directly give away the questions. Each book offers a relative limited number of practice questions. When I was preparing for the exam I realized that I would need to practice with a large number of questions to be properly prepared. So, I decided to ignore all the comments here on which book was better. I bought and read several books to prepare for it. My logic was: if I read an additional book and it helped me to get just that one additional question that I might need to pass the exam, it would save me at least the $500 that I would have to otherwise pay to take it again. I took the exam recently and passed! Looking back, this and the others all helped.

Rating:
Summary: The CISSP Prep Guide: Gold Edition
Review: This book presented me a good outline of study material for the CISSP test in which I passed the first time. The CISSP test is no walk in the park. The book was excellent in the 10 domains of security.

If people are serious about this certification (and qualify) then this is a book that will disect each domain without too much runoff explanation. This book is a good fit for somebody that has 3 to 5 years experience in Information Security.

Rating:
Summary: Great Book
Review: This book was the only resource I used to pass the CISSP exam. I should mention, I am a computer architect and have advanced degrees in CS and math. If you have a tech background, use this text to fill in areas you may be unfamiliar with and you will succeed.

If you have a tech background, use this text to fill in areas you may be unfamiliar with and you will succeed.

Rating:
Summary: very good, but too broad
Review: This is a great cissp prep book.

But my only complaint is that the authors sometimes venture into areas, which are pretty, much off topic.

Other than that, a winner of a book.

Rating:
Summary: A golden score for the golden edtion.
Review: With computer and network security fast becoming the most important thing for administrators to worry about it is a good thing to have a reference manual that is both up to date for technical practices but also the manual must be more than just a study guide. This book does both and with the additions this manual makes a great go to guide for any administrator or manager.

The authors have put together a very comprehensive text making sure that they not only cover the exam objective, they exceed them. Over 900 pages of information that works for the CISSP exam but I have found that this book can also work for the new CompTIA Security+ exam as well as Microsoft new 70-214 exam.

At first glance you might think this book is written to the advanced level technician; however after reading through the text I found that the concepts and ideas were written for just about everyone. I was most impressed with the section on cryptography; this 175 page section is most useful for my job.

I also found that chapter on law and ethics very interesting reading and overall the book has given several new ideas to think about in terms of what can or should be done in everyday network practices. Also the authors have included several appendices on topics outside the exam realm which make this a very compete manual.

The book have over 700 practice exam questions so you have an excellent chance of passing the exam since the questions have explanation included. The cd-rom included uses the Boson quiz engine with hundreds of questions included. Couple this with the authors' advanced guide and you have an unbeatable combination to work with.