I noticed the CBK is 4th edition, but the official study guide and practice tests books are 3rd edition. Is the actual certification exam based on 3rd edition or 4th edition? And does anyone know the differences between the two? I don't want to purchase all three books if the exam is not going to contain 4th edition materials.
I took the exam nearly 20 years ago, but a year ago I was working with someone who was prepping to take it, and it struck me that a lot of the content hadn't changed that much. I think the big changes in the past two years or so have been in the exam format itself - the introduction of the adaptive test and then I believe they've also added some experimental questions.
I wouldn't fret too much about the difference in the editions. There might be some updated content from one to the other, but the majority of the content (at least from what I observed) is pretty timeless. Put another way, if you don't pass the exam, I don't think it would be a matter of having used old material. Heck, I'm old material, and I am still managing in this profession 😉
The challenge of the CISSP really falls into the breadth of the content, in my view. In that regard, I'd really come at the exam from multiple sources. Maybe two different test prep books, but also add some reading/viewing on topics/domains, especially the ones you're not strong in. In the end, you have to return to the official study guide. As you will learn, the ISC)2 might choose wording that's different from other sources. And again, that's something I don't think they've really changed over the years.
If I remember exactly, both the 4th edition CBK and 3rd edition study guides were released last Oct. The release dates came after the exam change which occurred last August. So yes, all those pubs you mentioned are current. I suggest studying both. The contents of each don't exactly mirror each other.
Is the actual certification exam based on 3rd edition or 4th edition?
Neither. The exams are based off "original reference material". Study guides, Classroom learning, Wikipedia, encyclopedias, experience, etc. are not original reference material.
Study Guides, practice tests, etc. are all based off of whatever the author decides EXCEPT for the exams themselves. Like the rest of us, they are prohibited from disclosing any exam contents.
Those that develop exam questions are prohibited from being involved in education for a number of years on either side. In theory, the only coordination between test writers and the education department is the above "references" link.
exam is based on latest Exam Outline, that is your bible, those books are just references to have a basic idea, better you read all the books suggested in the CCSP reference books in ISC2 website until you get confidence to face questions. the point here to pass the exam is having clear idea on all the concepts, technologies, and where and how to utilize them in the real life cloud security implementations. Not a specific book and books.