Mistake or typo ?

Fkbr

From Shon Harris, 5-th edition:

When media is erased (cleared of its contents), it is said to be sanitized.
....
Purging means making information unrecoverable even with extraordinary effort
such as physical forensics in a laboratory.
...
Media can be sanitized in several ways: zeroization (overwriting with a pattern designed to ensure that the data formerly on the media are not practically recoverable), degaussing (magnetic scrambling
of the patterns on a tape or disk that represent the information stored there), and destruction (shredding, crushing, burning).

Should not the last paragraph says : ""Media can be PURGED in several ways....." ?

Fkbr

JDMurray

Sanitizing and purging are equivalent terms with regards to the treatment of data on storage media--at least according to AIO5. I would also throw sterilizing on to that same pile. Forensically sterile media is what you get when you zero-out a hard drive. I would only use a pseudo-random wiping pattern if I wanted to create media to make forensics investigation more difficult.

Fkbr

Thank you JDMurray.

I probably was confused, as from what I read it looked like purging is more advanced method of data erasing than sanitizing. It is just playing with words then.

Fkbr

JDMurray

Also consider that not all of the information in a book is necessarily written by the same author. It may have been information written by two different people who used two different terms for the same thing. That discrepancy may or may not be caught by an editor and questioned.

Fkbr

Another confusion for me:

Page 157: A race condition is when processes carry out their tasks on a shared resource in an incorrect order.

Page 1119:Race conditions exist when the design of a program puts it in a vulnerable condition before ensuring that those vulnerable conditions are mitigated.

How do I answer what is "race condition" if I get this question on my exam ?

JDMurray

Well, the first reference does not describe what a race condition is; it's only a description of just one situation that may cause a race condition. The second reference is very badly worded and really doesn't describe what a race condition is either. I'm surprised either of those reference survived the technical reviewing process.

The Wikipedia has a very technical explanation of race condition, but it's essentially what you need to know.

In the big picture, the AIO isn't an authoratative indication of what topics are on the CISSP exam. There might not even be an item that refers to "race conditions" in the entire CISSP exam item pool. However, it is obviously considered important enough by the author(s) of AIO to include a description (or two) of the flaw/vulnerability.

And finally, never study for a cert exam from only a single source of reference material.

Fkbr

Shon Harris' book is recommended by everyone as the best book to prepare for exam. This is why I am reading it. What other book would you recommend ?

Thank you

JDMurray

The Official (ISC)2 Guide to the CISSP CBK, Second Edition is also highly recommended. If a cert's vendor writes a book on the cert then it's advisable to use it.

[Deleted User]

The user and all related content has been deleted.

Jinuyr

I like the CISSP For Dummies book, the writing style is more conversational and easier to read. I am finding a lot of discrepancies though. Like Access Control types. There are two different versions between the official book and the dummies book. I'm going to side with the official book for obvious reasons.

Just as JDMurray and others have mentioned, make sure you read multiple sources... And probably compare it against the official book.

Fkbr

I took exam few days ago after studying Shon Harris; book and going through transcender practice exam. I have a strong feeling I will not pass it. Many questions were so confusing so even now having google I am not sure what correct answers were. Another advice - do not waste you money on transcender test (I bought it because I remember they were very good for MS exams long time ago.)- it is useless, its 859 questions have nothing to do with real exam.

Good luck to everybody !