Bit frustrated with Boson
CyberCop123
Member Posts: 338 ■■■■□□□□□□
in SSCP
I've just started this week with my CISSP studies. I invested in the BOSON test questions and downloaded the application to start looking at the questions.
My idea was that I would break up studies with some questions and hopefully over the next few weeks and months I'd start to get more and more right.
However:
Out of the 30 questions or so I've looked at so far, about 10 have answers and topics which are not in the Sybex Book. I've noticed that the answer section mentions the ISC2 book, so maybe I'm to blame for not researching the item properly...
I have the Sybex book and believed that everything in it would cover the exam and would get you into the mindset and give you the knowledge.
So when I get questions like:
What light is best for foggy conditions (apparently it sodium vapor lights)? I am a bit annoyed and confused.
Mainly as this is not covered in the Sybex or the Conrad book anywhere. It's also ridiculously specific and I can't help but feel it's out of scope. If that's not the case, then why don't they ask about CCTV in foggy conditions, or rainy conditions, or CCTV being too close to bright security lights, or the angle at which it should be mounted.
There's other questions which are like this too, like today it asked about the nine questions that the AIA recommend asking during a survey
My sybex book mensions the AIA but makes no mention of specific questions or in depth details about the survey.
......
My frustrations are that about 10 of the 30 questions so far have had answers and topics not detailed in this manner in the Sybex book. What am I missing here?
Thanks and sorry to vent, I'm just a bit stressed and frustrated.
My idea was that I would break up studies with some questions and hopefully over the next few weeks and months I'd start to get more and more right.
However:
Out of the 30 questions or so I've looked at so far, about 10 have answers and topics which are not in the Sybex Book. I've noticed that the answer section mentions the ISC2 book, so maybe I'm to blame for not researching the item properly...
I have the Sybex book and believed that everything in it would cover the exam and would get you into the mindset and give you the knowledge.
So when I get questions like:
What light is best for foggy conditions (apparently it sodium vapor lights)? I am a bit annoyed and confused.
Mainly as this is not covered in the Sybex or the Conrad book anywhere. It's also ridiculously specific and I can't help but feel it's out of scope. If that's not the case, then why don't they ask about CCTV in foggy conditions, or rainy conditions, or CCTV being too close to bright security lights, or the angle at which it should be mounted.
There's other questions which are like this too, like today it asked about the nine questions that the AIA recommend asking during a survey
My sybex book mensions the AIA but makes no mention of specific questions or in depth details about the survey.
......
My frustrations are that about 10 of the 30 questions so far have had answers and topics not detailed in this manner in the Sybex book. What am I missing here?
Thanks and sorry to vent, I'm just a bit stressed and frustrated.
My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
Comments
There are always going to be questions people haven’t dealt with but as long as you have major topics down you should be fine.
Looks like you've confused a couple of the resources here. The 7th edition you are referring to is the Sybex book by Mike Chapple, James Stewart and our own Darril Gibson. The 4th edition is actually the the official ISC2 Common Body of Knowledge (CBK) book written by Adam Gordon.
Boson uses the Syngress book by Eric Conrad and the CBK 4th edition from Adam Gordon. The materials are up-to-date.
I am actually using the uCertify version of the Sybex book and the Boson practice exams. The real value in Boson, IMO, lies not so much in the questions, but the explanations.
So far, I am pretty happy with Boson. Once I realized I need to really dig and understand why I missed a question, their explanations and looking for additional resources have really brought the concepts home for me. Hopefully, this will get better for you as you continue your studies. When are you taking the exam?
My intention was to look up each of the questions/answers in my Sybex book to read from the source, maybe doing 5-10 questions a day to break things up.
However, of the 30 questions I've done, about 10 topics aren't covered in the Sybex book.
I'm trying to keep my learning to a scope around the Sybex book and the Conrad book and not look outside this as I've got enough to learn so don't want to stretch myself too thinly.
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
Many folks here have passed using the Sybex 7th edition and their corresponding practice questions.
Whichever you decide, best of luck with the exam!
Thank you for the heads up. Like CyberCop123 I have the Sybex book and l also am finding questions on the Boson exam that aren't covered AT all (detailed lighting types for example). I take it they would expect I buy ANOTHER book? Being constantly told that the materials you're using are incomplete is getting rather pricey. That said I do like the question types and explanations of the Boson tests. Rather than buying another book I'm inclined to go through the topics not covered in Sybex and read through those answers carefully.
I'm glad to hear this. I've gone through all the Sybex exams, will continue to review and add Boson to the mix. I really really really want to pass the exam the first time!
I am scheduled to take this thing on February 14th and have been hammering the Sybex questions and the Boson exams. Still struggling in quite a few areas but slowly starting to get some of the tougher concepts.
Good luck to you. I just scheduled mine for March 29th (want to knock it out before the material changes).
The CISSP is a cert used by many outside of the IT industry... I was actually first introduced to it when I was working as an OPs manager for a private security (physical) firm (completely separate from IT). If you were reading/studying solely from an IT perspective I could see how that question might seem out of place.
With that said, if you see a question/topic like this (I.e. Essentially not covered by Sybex or ISC2) then it's prob not worth the effort to focus on it.
I took the exam last year and did not pass. I used the Sybex book 7th edition and Shon Harris 7th edition. I used the Official (ISC)2 CBK guide as a reference. And guess what, most of the questions I missed came directly from the Official (ISC)2 CISSP CBK guide 4th edition.
I have been reading it since I last missed the test. I have read it twice now and I am doing a lot of practice tests from Boson, Sybex online practice test, and others out there before I take the test again. I hope you check the Official (ISC)2 guide. It's dry but if you take your time and read it, you will be fine with it. The way I look at it, I think (ISC)2 frame their questions from the Official (ISC)2 study guide.
Just a bit of a confusing question on the Boson exam:
Which of the following User accounts are LEAST likely to require privilege monitoring
A. Ordinary User Accounts
B. Power User Accounts
C. Root Accounts
D. Service Accounts
......................................................................
What's your answer?
...
..
.
I chose C, Root Accounts which is wrong.
I believed that Ordinary User accounts needed lots of privilege monitoring, as they're most likely to be escalated, or to step out of their permissions as they're generally low.
Root accounts in my view was LEAST likely as they already have the highest permissions and so what's the point in monitoring them
I think my mindset is wrong maybe
The Correct Answer was A - Ordinary User Accounts
Reason given: Privilege monitoring is the act of scrutinizing a user account that has hightened privileges to ensure that the user does not have more access than is necessary for their job. Ordinary user accounts do not typically require hightened privileges, therefore they are less likely to require privilege monitoring than hightened-privileged accounts.
...
I've just written this out and still don't get it. I think ordinary user accounts require lots of attention to scan for privilege issues.
I can see in a way why root accounts need monitoring too, to make sure there's nothing malicious being done with the high permissions they have.
Guess it depends on the way you interpret this question and the angle you go with.
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
The key word was privilege monitoring. You would be less likely to monitor a user account because they don't have elevated privs. I picked A honestly. Usually I pick the wrong answer and don't comment. But, since I got it right I thought I would comment.
You need to be more concerned with the accounts that have elevated privs. The account types with elevated privs have the potential to cause more damage intentional/unintentional. A user account already has restrictions in place. It's like they are sandboxed. With an elevated account, the sky is the limit.
You can't think like a manager with the question and have this answer.
Most if not every administrator account has a corresponding user account. Not everything an admin does requires elevated access. Some admins log in with admin credentials some log in with user credentials. You can always move back and forth, especially with regards to elevating privs in Windows/Linux environment when necessary. So, technically if I have a user account and an admin account escalating prives takes 15 seconds. I will be in one account one minute and be in another account the next. My ordinary user account as a user has the same restrictions as any other ordinary user account. I just might be in more groups and have a tad bit more access to a few other things.
just one last thing before I forget, it was even more confusing as I recalled the STRIDE mnemonic:
Where the E is for Escalation of Privileges.
I can see why me being too geeky with my thoughts was wrong, and that purely as a manager why the correct answer was A. Will just have to remember this mindset as I carry one.
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
What I will say is that with this site and another site that starts with a R, a lot of people have passed this new CISSP exam. I have seen more pass threads than fail threads, by far. I think the next few months is the perfect time to take it, before they realize 88% of the people who take it pass and revamp the exam to make it harder.
Don't feel bad CyberCop123, I answered the question the same way you did. As soon as I read the reasoning, I understood it. The replies here have definitely helped with my understanding.
Funny thing, the domain I am doing the worst in is the one I work in. Communication and Network Security....pages 469-489 are just killing me. It's flashcard time now. The WAN connection technologies are just kicking my teeth in....for some reason, just not picking these up like I should.
I think my final two resources are going to be Boson and the practice test book by Mike Chapple.
That's good to hear that you're making progress, fingers crossed I will be the same. I am getting better that the questions in my Sybex Question book. I'm going to look at Boson more as I get more into the book. I'm only about 20% into it so far.
As I get to know the CISSP exam more that doesn't surprise me that you're scoring worse in your own domain! I've noticed that there's some phrases, terms etc... on things that I know about, that I've not heard before. Or things that are written or phrased as a manager and any technical person would say "What's that?"
NOTE: just saw that the Mike Chapple book is the Sybex question book that I've got. I'm finding that very helpful. As I get more through the content, I think I will get more from Boson.
Good Luck!
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
I would have to think if you can get the concepts of the Practice Tests and Boson down pat, you'd have to be able to do pretty decent on the exam. For Boson, I have been using the Sari Greene strategy of reading each answer and seeing if I can explain each answer and then trying GirlyGirl's approach of re-reading the question. Even if I know the answer in my mind. This way, hopefully, I'll get in the mindset to not just answer questions with a hair trigger.
I think you're going to be fine with both study resources. I've got to say, hammering out the OSCP and CISSP within a year of each other is cooking with gas! I really enjoyed reading your OSCP thread over the weekend.
Keep up the good work.....looking forward to another progress report.