topic CISSP book enough for the exam? in Exam Preparation

CISSP book enough for the exam?

Cees — Sun, 02 Sep 2018 11:22:16 GMT

Hi everybody,

I am studying the (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide

7th edition. The book is very interesting and gives me a broad overview.

I need to take it one step further, to pass the exam. Before spending more time, I am very disturbed by the post:

https://community.isc2.org/t5/Certifications/Failed-the-new-CISSP-CAT-exam-on-April-07-2018/td-p/9754

Are all the questions in the exam covered by this book?

Cees Doets

PS I expect to miss 15% of the questions because I am not a native English speaker + I am not an technician (how many bits is xyz encryption) + I am not American (which bill passed ...). There is very important for me to have a high score on the remaining questions.

Re: CISSP book enough for the exam?

CraginS — Mon, 03 Sep 2018 15:10:29 GMT

@Cees ,

No single book, or cram course for that matter, can prepare you completely for the CISSP exam. Remember, the exam is designed to check breadth of knowledge and experience over many diverse knowledge domains. The exam is not intended to be passable by a newbie with no experience and only one book or course as preparation.

Every good CISSP study book is meant to give you the basics of what each domain is about, and help you find other resource to learn more deeply about each domain. Each chapter in a CISSP pep book has multiple references listed. study selected items from those reference lists.

As WIlliam @denbesten said in a CSSLP thread last July:

=-=-=-=

‎07-11-2018 01:13 AM

If you read through these boards, you will find that there is no single source of material that will prepare you for an (ISC)² exam. The recommendations that you will consistently get are to use many references, to take lots of practice tests and to earn (much of) the required experience prior to sitting for the exam. (ISC)² exams are all about ability to apply your knowledge and experience in real-world situations. Although important, "book knowledge" is not enough to pass (ISC)² exams.

=-=-=-=

Several of the 'I failed, now what?' threads here have responses pointing out the need to understand management judgement in information security based on knowledge of he basics. Study Ross Anderson's Security Engineering, 2nd ed. (available free online) for an understanding of that approach.

Keep studying, and good luck.

Re: CISSP book enough for the exam?

HTCPCP-TEA — Mon, 03 Sep 2018 15:02:23 GMT

I would Second Craig's comments here.

While studying books will certainly help in terms of knowledge refresh, the exam will predominatley test you as an experienced individiual.

I have heard tales of candidates revising content for hours a day for months and still failing.It's never about the text book, more about the concepts and understanding around managing Cyber within a professional situation.

By all means study, read, and write about all things security, but make sure you get boots on the ground and get yourself immersed in the subject from a practical application stand point. It will serve you better.

Remember, this is not a technical exam, but a far more expansive-breadth-of-knowledge-and-experience-type exam.

Wishing you the best of luck!

Re: CISSP book enough for the exam?

Cees — Mon, 03 Sep 2018 17:07:19 GMT

thank you for your replies.

Maybe I am just confused because on the cover page of the "(ICS)2 Official CISSP Study guide" is written:

quote

Covers 100% of exam 2015 CISSP ...

quote

Cees

Re: CISSP book enough for the exam?

CraginS — Mon, 03 Sep 2018 18:13:31 GMT

@HTCPCP-TEA wrote:
While studying books will certainly help in terms of knowledge refresh, the exam will predominatley test you as an experienced
...
Remember, this is not a technical exam, but a far more expansive-breadth-of-knowledge-and-experience-type exam.

Certification is not about the exam, it is about the professional experience. Passing the exam is not the 'long pole in the tent' to become certified. Having demonstrated deep experience in multiple infosec arenas, as defined by the CBK domains, is the critical, important, and hard part of the equation.

The exam is to ensure that anyone claiming certification knows enough about the breadth of infosec arenas to recognize which ones apply in a given situation, and also to realize when it is essential to have skills, or learn skills, or hire skills to complete all tasks in a project.

For a more complete exposition of this topic please see the blog post

The What and Why of CISSP Certification

Re: CISSP book enough for the exam?

CraginS — Mon, 03 Sep 2018 18:29:09 GMT

@Cees wrote:

Maybe I am just confused because on the cover page of the "(ICS)2 Official CISSP Study guide" is written:

quote
Covers 100% of exam 2015 CISSP ...
quote

Cees,

That claim means that the book covers 100% of the topics, but not of the detailed question content. A major aspect of every CISSP prep guide, including that one, is the set of pointers to other references and resources to fill out details in the topics. If it were otherwise, the book would be considered "teaching to the test" and totally improper for a professional certification, especially one that must maintain its own certification under ISO/IEC 17024, as the CISSP and other (ISC)2 certifications must do to meet US. Defense Department requirements.

Re: CISSP book enough for the exam?

rslade — Mon, 03 Sep 2018 19:03:52 GMT

> Cees (Viewer II) posted a new topic in Certifications on 09-02-2018 07:22 AM in

> Are all the questions in the exam covered
> by this book?

Short answer: no.
Longer answer:
1) Read "Security Engineering" by Ross Anderson
2) Search for "anderson" on this system and read those threads/topics.
3) Check out titles on http://victoria.tc.ca/int-grps/books/techrev/mnbksccd.htm

> PS I expect to miss 15% of the questions
> because I am not a native English speaker

This *is* an issue, but not insurmountable.

> + I am not an technician (how many
> bits is xyz encryption)

Don't sweat trivia: know the foundational concepts.

> + I am not American (which bill passed ...).

Don't sweat American laws: that stuff *should* have been weeded out of the exam
bank by now, and, if you run into questions on it you can challenge. (How do you
"bluesheet" on a CAT exam?)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
The presence of those seeking the truth is infinitely to be
preferred to those who think they've found it.
- `Monstrous Regiment,' Terry Pratchett
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

Re: CISSP book enough for the exam?

denbesten — Tue, 04 Sep 2018 21:38:12 GMT

@Cees wrote:
Are all the questions in the exam covered by this book? ... the cover page is written: "Covers 100% of exam 2015 CISSP ..."

The complete statement is:

"Covers 100% of exam 2015 CISSP candidate information bulletin objectives including, Access Control, Application Development Security, Business Continuity and Disaster Recovery Planning, Cryptology and much more..."

The operative word is "objectives". The best answer is "no" because "Objectives" are not the same thing as "questions".

The exam itself requires a similar focus on detail. Often times, a single question will have many seemingly "correct" answers and a single word in the question will dictate which is "most correct". In part, this is what gives the exam a reputation of being a "grammar exam".

PS I expect to miss 15% of the questions because I am not a native English speaker + I am not an technician (how many bits is xyz encryption) + I am not American (which bill passed ...). There is very important for me to have a high score on the remaining questions.

The exam is available in English, French, German, Brazilian Portuguese, Spanish, Japanese, Simplified Chinese and Korean. Hopefully, one of these is your native tongue and could counteract some of the "15%". Be aware though that there are reports that some of the translations are lacking. Also, (ISC)² has made a specific effort to remove references to any specific country's laws from the exam. You are likely to see questions regarding world-known legal concepts like GDPR, copyright, and tort vs civil law, but there should not be anything on CFAA or HIPPA or other US-specific laws.

"Technician" is covered reasonably well by the preparation materials. If you are doing OK on the practice exams, you will likely be OK on the "technician" aspects. The other aspects required are real-world experience, management-perspective (think like your boss's boss) and attention to detail. These are harder because they are neither learned through books nor classrooms.

Incidentally, the cover you quoted is from the 7th edition, which is one-version outdated. It is not required to upgrade, but some prefer a precise alignment with the current objectives. My study materials were similarly outdated (the 2013 version for the 2015 exam). I don't think it made it any harder for me to pass the exam.

Re: CISSP book enough for the exam?

Cees — Wed, 05 Sep 2018 08:31:07 GMT

Thanks for your answers en encouragments.

My mother tongue is Dutch. I am just making a small dictionary of unknown words like non-repudiation, ubiquitous, pilfer etc.

It is very nice to hear that the exam gets more international.

I keep going because the material is most interesting and useful.

Re: CISSP book enough for the exam?

denbesten — Wed, 05 Sep 2018 13:27:14 GMT

@Cees wrote:
I am just making a small dictionary of unknown words like non-repudiation, ubiquitous, pilfer etc.

That's an interesting thought... Perhaps if a few non-native speakers were to list the "non-familiar" words, (ISC)² could eliminate some of them from the exam. Simpler grammar helps everyone.

Of course, some words like non-repudiation do need to be learned as they are important parts of life in security. For what it's worth, non-repudiation is a word that many of us native speakers also need to look up. I know I had to years ago.

Re: CISSP book enough for the exam?

rslade — Wed, 05 Sep 2018 18:09:02 GMT

@Cees wrote:
My mother tongue is Dutch. I am just making a small dictionary of unknown words like non-repudiation, ubiquitous, pilfer etc.

Yeah, jargon can be a beggar. That's why I wrote a dictionary.

Re: CISSP book enough for the exam?

Cees — Wed, 12 Dec 2018 09:06:26 GMT

PS I expect to miss 15% of the questions because I am not a native English speaker + I am not an technician (how many bits is xyz encryption) + I am not American (which bill passed ...). There is very important for me to have a high score on the remaining questions.

Last week I passed the exam. I want to share my experience of above worries. I have 3 books; CISSP offical study guide, 7th edition + CISSP offical study guide, 8th edition + CISSP offical student guide, 5th edition

The language disavantage during the exam was minimal, compared to the books.
The number of "USA" specific questions was zeo.
The number of "just learn in by hart" technical questions was minimal.
there were no triple negative questions (like question 9 on page 422 of the 1st book.)

So my 15% worry was way too pessimistic.

I do want to make a sugestion about the English langage, that will be in another post.

Re: CISSP book enough for the exam?

Curiousmind18 — Wed, 12 Dec 2018 16:40:12 GMT

This completely depends on the individual. Personally, I took my exam in 2009, and only thing I used was the current, at that time, Shon Harris book.