Unnecessarily and deeply explained subjects in CISSP All-in-One Exam Guide, Sixth Ed.
Hi,
I was wondering if it also appeared you that, this book is consisting of almost 1500 pages and almost 50% of it is not even relevant to the exam?
I was going through chapter 4 - Security Arch. Design and it starts explaining CPU architecture (deeply) and adding tons of acronyms for CPU, RAM, ROM (it is not simply a RAM or ROM it has 5-6 different types for each) and additionally tons of access rights frame works (Bell-LaPadula model , Biba model etc...)
I have just downloaded the exam outline and non of these are covered...
I feel like I am wasting my time studying for staff which are not even going to be asked in the exam...
I was wondering if it also appeared you that, this book is consisting of almost 1500 pages and almost 50% of it is not even relevant to the exam?
I was going through chapter 4 - Security Arch. Design and it starts explaining CPU architecture (deeply) and adding tons of acronyms for CPU, RAM, ROM (it is not simply a RAM or ROM it has 5-6 different types for each) and additionally tons of access rights frame works (Bell-LaPadula model , Biba model etc...)
I have just downloaded the exam outline and non of these are covered...
I feel like I am wasting my time studying for staff which are not even going to be asked in the exam...
Comments
Another way, that I see to make the preparation interesting is to watch videos / do practice questions from various sources. I have started doing this whenever I get frustrated going through the domain chapters.
You can't be serious right? You want to get into security without knowing how the basics and the fundamental access models work? Really? And just an FYI to you, you will get questions about the access models on the exam. Enough said.
If you do know most/all of the stuff inside the book, go for Conrad, but if you're just getting into the Security realm with very little or no knowledge at all, then this book is a gem.
P/S: Access Control Models are not a waste of time
"Ideal as both a study tool and an on-the-job reference"
Fortunately I've read Wiki on access control models and have found that they are covered pretty well there and I know assembly language and actually worked as an x86 assembly programmer for a while in the past so I breezed through this stuff.
Thanks!
My two cents, ultimately it's up to you, but as I mentioned here already, I haven't opened nor Shon Harris nor official CBK nor videos and passed relying solely on experience (15 yrs), wikipedia and quizzing. So yeah, it's doable.
Since you plan to purchase the Harris book anyway, I would use that to fill the gaps after you do your quizzes or to look deeper into topics you are interested in. I don't know when your exam is, but 1400+ pages is a lot to read. I have the book myself and use it to supplement my weaker areas after reading the Conrad book and watching the cybrary videos. The testing software that comes with the Harris book is very useful as well.
As usual, I object to this "manager hat" perception regarding CISSP. It's technical, about 75%. Lots of crypto, AES and algorithms DES phases, IP protocol numbers, IPSec phases, TCP/UDP protocol numbers etc.
Where this manager hat perception comes from? From when tech people study for it they often run into new and unknown concepts, such as BCP, DRP, RA, stuff like that it is perceived as difficult because tech people don't deal with it that often. While technical stuff on the exam is perceived as easy because it's their everyday life.
It is designed for much broader audience than just managers, for example security engineers, security architects, security analysts, etc.
I just looked briefly at the new 8 domains and they look to me that one of them (security and risk management) is certainly not technical (but certainly not 100% managerial) and others two contain some managerial stuff (operations security and assets security).
So 1 out of 8 is somewhat managerial, 3 out of 8 contain some management stuff. And somehow it is an exam for high level security managers. Containing, just for giggles, questions on IPSec phases. Because how managers can manage people without this valuable information.
Oh and for the poster who thinks anyone saying they have more than a decade of experience is lying? I can safely state I had to start complying with HIPAA 18 years ago (GRC) and matching those feeble policies against my PIX firewall rules leading to my Security+, etc. Otherwise yes, most of these people were at best recalling the days of working in physical security as no one really gave a rat's rear about computer security. Though I brought down a mainframe in 1979 with a buffer overflow. Does that count as well? LOL.
- b/eads
- b/eads
The same thing with CPU, just say it is the brain of the computer and thats it but the book goes really deep into the architecture and provides deep detail about how CPU works etc...
I am 100 % sure that there wont be any question about how a CPU works and if there are 2 processes 1 in RAM 1 in register which one will be first executed according to their priority and which core will take the job in a hypervisor where there are 3 virtual machines with 8 core infrastructure...
Were they only talking about the US Federal Government's effort at C&A? I didn't see their post but it would've made me laugh.
I am however grateful for the comments that are being shared here, as I am planning on writing in the next few weeks, i will be taking all the advise and council that was provided and applying it to my studies.
Do you mean CISSP exam's level of questions are different if one takes Associate Level & a different level of questions if one takes the regular one ?
+1, yea, I hate books that go into detail and help you understand the technology instead of just giving me the answers... Its almost as if the author actually expects you to understand the topics thoroughly. The nerve!