Bit frustrated with Boson

CyberCop123 · January 2018

I've just started this week with my CISSP studies. I invested in the BOSON test questions and downloaded the application to start looking at the questions.

My idea was that I would break up studies with some questions and hopefully over the next few weeks and months I'd start to get more and more right.

However:

Out of the 30 questions or so I've looked at so far, about 10 have answers and topics which are not in the Sybex Book. I've noticed that the answer section mentions the ISC2 book, so maybe I'm to blame for not researching the item properly...

I have the Sybex book and believed that everything in it would cover the exam and would get you into the mindset and give you the knowledge.

So when I get questions like:

What light is best for foggy conditions (apparently it sodium vapor lights)? I am a bit annoyed and confused.

Mainly as this is not covered in the Sybex or the Conrad book anywhere. It's also ridiculously specific and I can't help but feel it's out of scope. If that's not the case, then why don't they ask about CCTV in foggy conditions, or rainy conditions, or CCTV being too close to bright security lights, or the angle at which it should be mounted.

There's other questions which are like this too, like today it asked about the nine questions that the AIA recommend asking during a survey

My sybex book mensions the AIA but makes no mention of specific questions or in depth details about the survey.

......

My frustrations are that about 10 of the 30 questions so far have had answers and topics not detailed in this manner in the Sybex book. What am I missing here?

Thanks and sorry to vent, I'm just a bit stressed and frustrated.

TechGuru80 · January 2018

The exam is based on the CBK....not the study guide. The CBK is several hundred pages shorter so obviously some of the small topics are omitted.

There are always going to be questions people haven’t dealt with but as long as you have major topics down you should be fine.

TechGuru80 · January 2018

I meant the study guide is several hundred pages shorter*.

MIME · January 2018

I'm so glad you posted this because I just finished my first round of Boson practice questions and am ready to tear my hair out. I too saw questions like you did and I have the current edition of the ISC2 Study Guide and I got questions on things that aren't mentioned AT all in the book. In taking a look at some of the references for some of these questions they were using the Fourth Edition of the ISC2 study guide (when the current edition is #7). From the looks of it Boson hasn't removed the dated stuff, left it in and just added. I am very frustrated. For those questions where I can find zero references in the current study guide I'm going to skip on studying for them. Too much to learn, too little time. I'm also using the official Sybex study questions and am definitely not relying on one source of practice questions. All of that said, I feel your pain and misery loves company

Falcon56 · January 2018

MIME wrote: »

(snip) In taking a look at some of the references for some of these questions they were using the Fourth Edition of the ISC2 study guide (when the current edition is #7). From the looks of it Boson hasn't removed the dated stuff, left it in and just added. (snip)

Looks like you've confused a couple of the resources here. The 7th edition you are referring to is the Sybex book by Mike Chapple, James Stewart and our own Darril Gibson. The 4th edition is actually the the official ISC2 Common Body of Knowledge (CBK) book written by Adam Gordon.

Boson uses the Syngress book by Eric Conrad and the CBK 4th edition from Adam Gordon. The materials are up-to-date.

I am actually using the uCertify version of the Sybex book and the Boson practice exams. The real value in Boson, IMO, lies not so much in the questions, but the explanations.

So far, I am pretty happy with Boson. Once I realized I need to really dig and understand why I missed a question, their explanations and looking for additional resources have really brought the concepts home for me. Hopefully, this will get better for you as you continue your studies. When are you taking the exam?

CyberCop123 · January 2018

I think my main concern and worry here is that I don't want to stretch myself to learning unnecessary out-of-scope material. I can understand that the material based on what lights to use when it's foggy is in the CBK book (I don't have the book so can't check but I take your word for it).

My intention was to look up each of the questions/answers in my Sybex book to read from the source, maybe doing 5-10 questions a day to break things up.

However, of the 30 questions I've done, about 10 topics aren't covered in the Sybex book.

I'm trying to keep my learning to a scope around the Sybex book and the Conrad book and not look outside this as I've got enough to learn so don't want to stretch myself too thinly.

Falcon56 · January 2018

I completely understand what you're saying. I am taking a custom exam on Boson right now. I went back over my last 35 questions and all were referenced to Syngress or the 4th edition CBK. I found the 4th edition CBK to be a VERY dry read so that is one of the reasons I've relied on Boson.

Many folks here have passed using the Sybex 7th edition and their corresponding practice questions.

Whichever you decide, best of luck with the exam!

MIME · January 2018

Falcon56 wrote: »

Looks like you've confused a couple of the resources here. The 7th edition you are referring to is the Sybex book by Mike Chapple, James Stewart and our own Darril Gibson. The 4th edition is actually the the official ISC2 Common Body of Knowledge (CBK) book written by Adam Gordon.

Thank you for the heads up. Like CyberCop123 I have the Sybex book and l also am finding questions on the Boson exam that aren't covered AT all (detailed lighting types for example). I take it they would expect I buy ANOTHER book? Being constantly told that the materials you're using are incomplete is getting rather pricey. That said I do like the question types and explanations of the Boson tests. Rather than buying another book I'm inclined to go through the topics not covered in Sybex and read through those answers carefully.

MIME · January 2018

Falcon56 wrote: »

Many folks here have passed using the Sybex 7th edition and their corresponding practice questions.

Whichever you decide, best of luck with the exam!

I'm glad to hear this. I've gone through all the Sybex exams, will continue to review and add Boson to the mix. I really really really want to pass the exam the first time!

Falcon56 · January 2018

I think if you can get the concepts in Sybex and the Conrad book, you are going to be fine. If you look at the 'passed' threads, that seems to be the common denominator.

I am scheduled to take this thing on February 14th and have been hammering the Sybex questions and the Boson exams. Still struggling in quite a few areas but slowly starting to get some of the tougher concepts.

MIME · January 2018

Falcon56 wrote: »

I think if you can get the concepts in Sybex and the Conrad book, you are going to be fine. If you look at the 'passed' threads, that seems to be the common denominator.

I am scheduled to take this thing on February 14th and have been hammering the Sybex questions and the Boson exams. Still struggling in quite a few areas but slowly starting to get some of the tougher concepts.

Good luck to you. I just scheduled mine for March 29th (want to knock it out before the material changes).

Resonate! · January 2018

Don't take it to heart. Boson is one of the most challenging test engines in terms of the score you get, especially if you did not read the CBK. After passing the exam, I can say you should not worry too much about extreme specifics like lamp types. Understand the principles of security and risk management and you'll be fine.

shoey · January 2018

Best of luck studying @CyberCop123!!

The CISSP is a cert used by many outside of the IT industry... I was actually first introduced to it when I was working as an OPs manager for a private security (physical) firm (completely separate from IT). If you were reading/studying solely from an IT perspective I could see how that question might seem out of place.

With that said, if you see a question/topic like this (I.e. Essentially not covered by Sybex or ISC2) then it's prob not worth the effort to focus on it.

TeeDarling77 · January 2018

Don't be frustrated with Boson. I have Boson too and it references the CBK guide and Eric Conrad's book. Good luck to those who used the Sybex book only and passed the CISSP exam. I have not passed it yet but my advice to you is to also check the official (ISC)2 Guide to the CISSP CBK.
I took the exam last year and did not pass. I used the Sybex book 7th edition and Shon Harris 7th edition. I used the Official (ISC)2 CBK guide as a reference. And guess what, most of the questions I missed came directly from the Official (ISC)2 CISSP CBK guide 4th edition.

I have been reading it since I last missed the test. I have read it twice now and I am doing a lot of practice tests from Boson, Sybex online practice test, and others out there before I take the test again. I hope you check the Official (ISC)2 guide. It's dry but if you take your time and read it, you will be fine with it. The way I look at it, I think (ISC)2 frame their questions from the Official (ISC)2 study guide.

th.kalyvas · January 2018

I used Boson environment as one of my exam tools and I can say that it helped me a lot dealing with the "technical" questions of the exam. I believe that one can achieve positive results if Boson is used in combination with the Sybex Test Bank.

CyberCop123 · January 2018

Confused by this Question

Just a bit of a confusing question on the Boson exam:

Which of the following User accounts are LEAST likely to require privilege monitoring

A. Ordinary User Accounts

B. Power User Accounts

C. Root Accounts

D. Service Accounts

......................................................................

What's your answer?

...
..
.

I chose C, Root Accounts which is wrong.

I believed that Ordinary User accounts needed lots of privilege monitoring, as they're most likely to be escalated, or to step out of their permissions as they're generally low.

Root accounts in my view was LEAST likely as they already have the highest permissions and so what's the point in monitoring them

I think my mindset is wrong maybe

The Correct Answer was A - Ordinary User Accounts

Reason given: Privilege monitoring is the act of scrutinizing a user account that has hightened privileges to ensure that the user does not have more access than is necessary for their job. Ordinary user accounts do not typically require hightened privileges, therefore they are less likely to require privilege monitoring than hightened-privileged accounts.

...

I've just written this out and still don't get it. I think ordinary user accounts require lots of attention to scan for privilege issues.

I can see in a way why root accounts need monitoring too, to make sure there's nothing malicious being done with the high permissions they have.

Guess it depends on the way you interpret this question and the angle you go with.

appcanon · January 2018

Your right if you think like a pure techie. but CISSP is all about thinking like a manager, according to them ordinary users can't escalate their privileges.

GirlyGirl · January 2018

CyberCop123 wrote: »

Confused by this Question

Just a bit of a confusing question on the Boson exam:

Which of the following User accounts are LEAST likely to require privilege monitoring

A. Ordinary User Accounts

B. Power User Accounts

C. Root Accounts

D. Service Accounts

......................................................................

What's your answer?

...
..
.

I chose C, Root Accounts which is wrong.

I believed that Ordinary User accounts needed lots of privilege monitoring, as they're most likely to be escalated, or to step out of their permissions as they're generally low.

Root accounts in my view was LEAST likely as they already have the highest permissions and so what's the point in monitoring them

I think my mindset is wrong maybe

The Correct Answer was A - Ordinary User Accounts

Reason given: Privilege monitoring is the act of scrutinizing a user account that has hightened privileges to ensure that the user does not have more access than is necessary for their job. Ordinary user accounts do not typically require hightened privileges, therefore they are less likely to require privilege monitoring than hightened-privileged accounts.

...

I've just written this out and still don't get it. I think ordinary user accounts require lots of attention to scan for privilege issues.

I can see in a way why root accounts need monitoring too, to make sure there's nothing malicious being done with the high permissions they have.

Guess it depends on the way you interpret this question and the angle you go with.

The key word was privilege monitoring. You would be less likely to monitor a user account because they don't have elevated privs. I picked A honestly. Usually I pick the wrong answer and don't comment. But, since I got it right I thought I would comment.

You need to be more concerned with the accounts that have elevated privs. The account types with elevated privs have the potential to cause more damage intentional/unintentional. A user account already has restrictions in place. It's like they are sandboxed. With an elevated account, the sky is the limit.

GirlyGirl · January 2018

appcanon wrote: »

Your right if you think like a pure techie. but CISSP is all about thinking like a manager, according to them ordinary users can't escalate their privileges.

You can't think like a manager with the question and have this answer.

Most if not every administrator account has a corresponding user account. Not everything an admin does requires elevated access. Some admins log in with admin credentials some log in with user credentials. You can always move back and forth, especially with regards to elevating privs in Windows/Linux environment when necessary. So, technically if I have a user account and an admin account escalating prives takes 15 seconds. I will be in one account one minute and be in another account the next. My ordinary user account as a user has the same restrictions as any other ordinary user account. I just might be in more groups and have a tad bit more access to a few other things.

CyberCop123 · January 2018

I can see your points ...

just one last thing before I forget, it was even more confusing as I recalled the STRIDE mnemonic:

Where the E is for Escalation of Privileges.

I can see why me being too geeky with my thoughts was wrong, and that purely as a manager why the correct answer was A. Will just have to remember this mindset as I carry one.

GirlyGirl · January 2018

Reading a question more than once and looking for keywords is what I attempt to do. It is one thing I can guarantee. You will always be left with more than one right answer. That's a promise. Your mindset, re-reading the question a time or three, and looking for the key word will more than likely point you in the right direction. It is like they are playing mind games on you. One answer would be correct if it was ISC and another answer would be correct if it was GIAC. I like exams where it's one definitely an obvious right answer and definitely obviously three wrong answers. Not this one is definitely wrong and the rest could be right. ISC leaves you with a lot of possibles. Like playing spades.

What I will say is that with this site and another site that starts with a R, a lot of people have passed this new CISSP exam. I have seen more pass threads than fail threads, by far. I think the next few months is the perfect time to take it, before they realize 88% of the people who take it pass and revamp the exam to make it harder.

Falcon56 · January 2018

Great post, GirlyGirl....I've answered about 50 Boson questions since I read this earlier this morning. Starting to pick up the key words after reading and re-reading the question per your suggestion. Was scoring about 76% on the current exam and now at 82.

Don't feel bad CyberCop123, I answered the question the same way you did. As soon as I read the reasoning, I understood it. The replies here have definitely helped with my understanding.

Funny thing, the domain I am doing the worst in is the one I work in. Communication and Network Security....pages 469-489 are just killing me. It's flashcard time now. The WAN connection technologies are just kicking my teeth in....for some reason, just not picking these up like I should.

I think my final two resources are going to be Boson and the practice test book by Mike Chapple.

CyberCop123 · January 2018

Falcon56 wrote: »

Great post, GirlyGirl....I've answered about 50 Boson questions since I read this earlier this morning. Starting to pick up the key words after reading and re-reading the question per your suggestion. Was scoring about 76% on the current exam and now at 82.

Don't feel bad CyberCop123, I answered the question the same way you did. As soon as I read the reasoning, I understood it. The replies here have definitely helped with my understanding.

Funny thing, the domain I am doing the worst in is the one I work in. Communication and Network Security....pages 469-489 are just killing me. It's flashcard time now. The WAN connection technologies are just kicking my teeth in....for some reason, just not picking these up like I should.

I think my final two resources are going to be Boson and the practice test book by Mike Chapple.

That's good to hear that you're making progress, fingers crossed I will be the same. I am getting better that the questions in my Sybex Question book. I'm going to look at Boson more as I get more into the book. I'm only about 20% into it so far.

As I get to know the CISSP exam more that doesn't surprise me that you're scoring worse in your own domain! I've noticed that there's some phrases, terms etc... on things that I know about, that I've not heard before. Or things that are written or phrased as a manager and any technical person would say "What's that?"

NOTE: just saw that the Mike Chapple book is the Sybex question book that I've got. I'm finding that very helpful. As I get more through the content, I think I will get more from Boson.

Good Luck!

ITSec14 · January 2018

A is the correct answer. Don't read too deep into the questions. You will see a lot of these kinds of questions on the exam (Choosing LEAST, MOST, etc.).

Falcon56 · January 2018

The Chapple book [Official CISSP Practice Tests] is helping me a lot. I've got the Web application on one screen and the Chapple 7th edition on the other. When I miss a question or get a concept I can't explain, I go back and research in the book. I think this is really helping more than Boson.

I would have to think if you can get the concepts of the Practice Tests and Boson down pat, you'd have to be able to do pretty decent on the exam. For Boson, I have been using the Sari Greene strategy of reading each answer and seeing if I can explain each answer and then trying GirlyGirl's approach of re-reading the question. Even if I know the answer in my mind. This way, hopefully, I'll get in the mindset to not just answer questions with a hair trigger.

I think you're going to be fine with both study resources. I've got to say, hammering out the OSCP and CISSP within a year of each other is cooking with gas! I really enjoyed reading your OSCP thread over the weekend.

Keep up the good work.....looking forward to another progress report.

Bit frustrated with Boson

Comments