CISSP April 2015 exam materials
[Deleted User]
Senior MemberPosts: 0 ■■□□□□□□□□
in SSCP
How is the exam prep material that is offered by offered by ISC2? I know most people recommend Shon Harris but I'm not finding any books for the new exam since she is dead. Other publishers will have material out there but not for some time. I'm thinking that since they are the provider of the exam it must be good material. Any opinions?
Comments
-
cyberguypr Mod Posts: 6,928 ModThe OIG was never a particularly excellent resource in the eyes of many here. When I took my test I glanced at it but that was it. BTW, the authors have no advanced knowledge of the changes so you will not find any books right now geared towards the "new" material.
-
[Deleted User] Senior Member Posts: 0 ■■□□□□□□□□I've looked on Amazon for any possible earlier releases for the new exam however all I am seeing are just the old 10 domains. Nothing for the new 8 domains. I think I might give their material a go. I was looking at the Microsoft Press book for CISSP and I am hoping that they publish a newer version of this title. Has anyone used the Microsoft Press version of the CISSP guide and can share any remarks?
-
TheFORCE Member Posts: 2,297 ■■■■■■■■□□kMastaFlash wrote: »I've looked on Amazon for any possible earlier releases for the new exam however all I am seeing are just the old 10 domains. Nothing for the new 8 domains. I think I might give their material a go. I was looking at the Microsoft Press book for CISSP and I am hoping that they publish a newer version of this title. Has anyone used the Microsoft Press version of the CISSP guide and can share any remarks?
Why everyone trying to get "new" material for this? I don't get it. Look at what you just said on your post, 10 domains are becoming 8 domains. Now let me ask you a question, do you think they reduced the domains or did they actually just restructured them and reorganized them?
Study anything that you find, the material will be the same, CISSP is about Security and everything that pertains to security in general. The more you read and research the more you will learn, it doesn't matter if it is 8 domains, 10 domains or 20 domains. I had questions on my exam that I never even saw on any of the study material, official or unofficial ones, this is where experience comes in. If you have the excperience, then you dont have to worry about the number of domains. Like I've said under other posts it doesn't matter if BCP and DRP is combined with Security Operations under 1 domain, the fact is, you will see questions on both, so study for both. -
dustervoice Member Posts: 877 ■■■■□□□□□□use the microsoft book and shon harris those are more than enough to pass... please read the "passed" threads here for tips on how to conquer this beast. like Theforce said just study it doesnt matter how the domains are grouped its the same material.
-
[Deleted User] Senior Member Posts: 0 ■■□□□□□□□□I just don't want to go and buy the material for the test knowing it maps for the old exam. I don't want to have to study old material anyways. I know most of the material is the same but they also probably removed parts and added new parts also. Why go over old material you won't need or use. I am also not taking the exam that has the 10 objectives but the 8 objectives. I won't have enough time for the old exam so I would have to take the new exam.
That is like saying the 220-701 and 220-801 are the same exam. They are different because they have added material and removed old material. You don't see the 801 covering XP like the 701 covered.
That is also like saying you can prepare for the 100-101 exam from Cisco with a 640-822 guide. RIP is not covered and they added new material like OSPF, and ACLs. Good luck with that man. -
TheFORCE Member Posts: 2,297 ■■■■■■■■□□kMastaFlash wrote: »I just don't want to go and buy the material for the test knowing it maps for the old exam. I don't want to have to study old material anyways. I know most of the material is the same but they also probably removed parts and added new parts also. Why go over old material you won't need or use. I am also not taking the exam that has the 10 objectives but the 8 objectives. I won't have enough time for the old exam so I would have to take the new exam.
That is like saying the 220-701 and 220-801 are the same exam. They are different because they have added material and removed old material. You don't see the 801 covering XP like the 701 covered.
That is also like saying you can prepare for the 100-101 exam from Cisco with a 640-822 guide. RIP is not covered and they added new material like OSPF, and ACLs. Good luck with that man.
Have you even done any research in regards to CISSP? Are you trying just to pass an exam or are you trying to learn the material and what it is about? You will get tested on the same 10 domains, just differently structured.
Now back to your post. You are comparing apples to oranges. The CISSP is a high level theoretical somewhat management exam that is vendor neutral! You cannot compare it with the Microsoft certificates or Cisco certificates. CISSP applies to everything in general. Microsoft certification only applies to Microsoft products and that is why with every new product you have to be certified anew. Same thing with Cisco, new features new technologies and new ways of doings.
Now hopefully the below will clear things for you even further.
CISSP Domains, Prior to April 15, 2015
https://www.isc2.org/cissp-domains/default.aspx
1 Access Control
2 Telecommunications and Network Security
3 Information Security Governance and Risk Management
4 Software Development Security
5 Cryptography
6 Security Architecture and Design
7 Operations Security
8 Business Continuity and Disaster Recovery Planning
9 Legal, Regulations, Investigations and Compliance
10 Physical (Environmental) Security
https://www.isc2.org/cissp-sscp-domains-faq/default.aspx
CISSP Domains, Effective April 15, 2015
1 Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
2 Asset Security (Protecting Security of Assets)
3 Security Engineering (Engineering and Management of Security)
4 Communications and Network Security (Designing and Protecting Network Security)
5 Identity and Access Management (Controlling Access and Managing Identity)
6 Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
7 Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
8 Software Development Security (Understanding, Applying, and Enforcing Software Security)
Look at it and read it line by line. You see how "1 Access Control" has been renamed " 5 Identity and Access Management" will the material and questions for this domain change? No they will not, they just gave the domain a new name.
See how "8. Business Continuity and Disaster Recovery Planning" and " 9. Legal, Regulations, Investigations and Compliance" have been combined in the new domain " 1 Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)"
Also, notice how one of the old domains "5. Cryptography" is completely missing from the new domains? Do you think that you will not get tested in Cryptography? It is one of the biggest domains in CISSP, it is where security begins! You would not be making a wise move if you skip Cryptography from your studies. If i would take a guess, i would say that now Cryptography aligns more with "8. Software Development Security (Understanding, Applying, and Enforcing Software Security)"
So do you see what we are trying to say? Only trying to give you a different perspective of the same thing. Eventually you will get tested on the same concepts, just worded differently.
I hope this helps you clarify things for you, If i was you, i would start reading anything i could and then if new books came out, atleast you have an understanding and the new books would be even easier. -
[Deleted User] Senior Member Posts: 0 ■■□□□□□□□□That makes sense. I am just used to typical college exams where they are more know this and that and spit it back out (And same for CompTIA I would say also for the most part still learned a lot about IT from CompTIA) I am still new to the IT certification realm and used to when a new exam comes out, get the new stuff and ditch the old. But in reality I am finding that they make small updates and buying all new material is just not worth it. Ex: Network+ has some small updates like (From CompTIA's site)
"The main differences between CompTIA Network+ N10-005 and Network+ N10-006 are the following:- Updated terms and technologies in the IT networking field.
- More hands-on experiences such as installing, configuring, implementing, managing and troubleshooting.
- Three new topics:
- Compare and contrast physical security controls.
- Summarize basic forensic concepts.
- Summarize safety practices. "
I see that in general it is about mastering the concepts. I agree that Cisco and Microsoft technologies when they come out you have to get certified in that technology because the old is gone. I guess that is what I am used to (Ex. Microsoft XP certs are useless now since Windows 8/8.1 and now 10 will be released and XP is not supoprted and how CompTIA 200-301 tested on DOS and not Vista or 7 obviously).
Still new to the cert realm and IT in general so I am just wanting to find the best sources and most knowledgeable people I can find. So I guess from what you are saying certs such as Microsoft and Cisco constantly update because they are big names and their products change. I agree however settiing up ACLs on a Cisco router doesn't change much at all. But with Microsoft knowing the layout of Task manager from XP to 8 has changed a lot. I am seeing it with programming books such as VB from college. When I bought 2008 book for one class, 2010 was for another class. In reality, they updated about 30 pages more for a newer edition. So I was dumb and bought the 2010 book assuming that there was a giant change. "WRONG". Thanks for the advice. I will probably just purchase the Microsoft Press CISSP book for now even though it is for the old objectives but the concepts are what is important. Thanks again!
Since I won't be taking this exam until 2017 anyways, I might as well just buy the newer exam book that is coming out anyways by ISC2 since the book is coming out in March 2015 I can just buy that and go from there. -
mjsinhsv Member Posts: 167The CBK changes should be minor with the exception of updating the current technologies in play.
Would assume that ISC would add more material for cloud computing and hopefully remove some of the outdated stuff.
Don't know why they haven't updated the CBK. Does anybody actually use token ring networks anywhere now?
If I were going to take the test after April, I would buy the new ISC book when i is released. Just for peace of mind that I didn't miss anything.
I studied everything from over a dozen sources while preparing for the test and still seen some stuff that came out of no where.
You can not be over prepared for this test.
Since you aren't going to take the test until 2017, you should have plenty of time to learn all you need to know. -
[Deleted User] Senior Member Posts: 0 ■■□□□□□□□□ISC just updated their CBK to the 4th edition. It comes out on March 20th. That is the book I plan on pre-ordering. Seems like that will be the only book that comes out for a long time so I might as well get it while I still can. http://www.amazon.com/Official-Guide-CISSP-Fourth-Press/dp/1482262754/ref=sr_1_2?ie=UTF8&qid=1425261306&sr=8-2&keywords=CISSP+2015 The cert is just a better investment compared to doing something like Linus+. ($188 * 2 = 376 plus books and training material). I can spend around $200 more in total and get a better investment. Yes I have to renew it every 3 years by maintaining CPEs but overall you get a higher salary and more companies look at CISSP and not Linux+.
-
Momala2525@gmail.com Member Posts: 33 ■■□□□□□□□□Friend, think your goal to achieve CISSP was in 2017 and changed to CASP.
CISSP is a professional certification compared to CASP.
Don't wait too long. Start to take the exam within 6 months.