Options

CISSP - Vendor Neutral Exam

Sam_aquaSam_aqua Member Posts: 72 ■■□□□□□□□□
in SSCP
ISC2 claims this exam to be a vendor neutral. It's frustrating to see a lot of Windows OS related stuff in their own 4th Edition book. e.g. Page 911 - 921 (from Identity and Access Management Domain).

What do you guys think about this ...
· Share on FacebookShare on Twitter

Comments

  • Options
    BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    I think that vendor neutral means they have to cover how things are handled on multiple vendors. It will cover Windows domain controls and access management, but it will also cover PAM and how to use it for domain control and access management on Linux. Nothing wrong with it IMO.
    · Share on FacebookShare on Twitter
  • Options
    gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    So, are you suggesting to remove all windows related and linux related and macos and vmware and all vendor-specific stuff from exam?

    I think they do well covering everything a little.
    · Share on FacebookShare on Twitter
  • Options
    E Double UE Double U Member Posts: 2,231 ■■■■■■■■■■
    ISC2 does not make hardware or software. ISC2 is vendor neutral.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
    · Share on FacebookShare on Twitter
  • Options
    Sam_aquaSam_aqua Member Posts: 72 ■■□□□□□□□□
    Hi Gespenstern, When you say --- "I think they do well covering everything a little." - It makes sense. Thanks for the reply.
    · Share on FacebookShare on Twitter
  • Options
    dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    The test is vendor neutral!!
    · Share on FacebookShare on Twitter
  • Options
    Sam_aquaSam_aqua Member Posts: 72 ■■□□□□□□□□
    So dustervoice - when you say "The test is vendor neutral!!" , these sections in 4th edition should be of no use ? I found couple of boring Windows pages again later in this domain and by the read of it, they don't seem to be any useful, atleast I won't even remember them considering there are a lot of other important stuff to focus within this domain ..
    · Share on FacebookShare on Twitter
  • Options
    cbkihongcbkihong Member Posts: 52 ■□□□□□□□□□
    I think they only meant to use those vendor-specific material as case studies for illustrative purpose but will likely not raise specifics in the exam or they could just make them 0-point questions (though you would never know). I did not see any vendor-specific question in my exam. It is indeed a bit annoying to see vendor-specific materials when the reader is not familiar with. I attended ISC2 authorized training which utilized official materials (excerpts from the CBK, mostly), the trainer kept bragging on Cisco and EMC stuff which I think would not appeal to anybody but practicing sys-/net- admins (and only those working in big companies that actually use them).

    But then, vendor implementation forms a significant slice of enterprise security solutions, and so I think it might sometimes be hard to derive clean abstractions from vendor implementations.

    For me, I only skim-read the vendor-specific stuff (in a way that is more like reading a magazine than textbook) or skipped them in the entirety. In any case I would not think reading these vendor-specific material should make a difference as to whether you eventually pass or fail - so if you have a lot of time to spare, read them but don't bother too much about that otherwise and concentrate on more important stuff instead.
    · Share on FacebookShare on Twitter
  • Options
    Sam_aquaSam_aqua Member Posts: 72 ■■□□□□□□□□
    Thanks cbkihong for the detailed insight, this makes sense. In Identity and Access managment domain, if one reads the last couple of pages from latest official guide, it gets crazy really so had to skip the section.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.