Customer Reviews

CISSP Exam Cram

5 star:		(3)
4 star:		(2)
3 star:		(6)
2 star:		(8)
1 star:		(5)

 

 

This book is filled with inaccurate or misleading information. In the first 3 chapters alone I have found over 11 errors. It is clear that the author is not an expert on this subject and that the book was not edited or proofread by someone knowledgeable in the area of security. Additionally, the information given is anemic. Sometimes giving only a few sentences to important topics and failing to make points regarding information on the exam.

I find it hard to believe that the author passed the CISSP test, and if she did, then that might speak to the reputation of the certification.

I spent a weekend in commercial airline purgatory reading the new Exam Cram CISSP book. This is the first book I've read for CISSP study prep, and I have to say, it's pretty basic. On the 50 question self-test at the end, I got 100% on my first try. (Not counting the two errored questions, of course -- every Exam Cram book has a couple wrong answers, which is to be expected.)

I know I'm not that smart, so the only other explanation for my phenomenal performance is that the material is really basic, and lacks the depth of the real test. This is reflected by my first attempt at the 10 random question test on cissp.org, where I scored a pretty pathetic 60%.

I also found the end of chapter "for more information" URLs annoying -- every chapter mentions securityfocus.com. Like it's one big ad for SecFoc.

So, the Exam Cram book may be useful for someone who's never, ever worked in InfoSec before, and is thinking of starting a career with an eye towards CISSP certification (I imagine the crypto stuff might be hard for someone who's never worked with/studied modern crypto, for example). Can't say it's useful for current professionals, though.

I had studied Mandy's "Surviving Security" book in preparation for my taking the CISSP exam. When the 'CISSP Exam Cram' became available, my expectations were sky high because of her previous book. Regretfuly, the 'CISSP Exam Cram' did not meet my expectations. I found the book to be extremely limited based on the breadth of the CISSP examination and that it contained little to no depth of subject. I could have done just as well reading a good security terms definition list. And I even memorized the 50-cram statements (they may have helped me answer 1 of the 250 questions on the exam). Therefore, the time I spent studying the book did not pay the expected dividens. The author's "Surviving Security" was more on target for preparing a person for the CISSP examination.

My hope is that the author will revise the 'CISSP Exam Cram' and make it more on target (Readers deserve a good return on their purchase and study time investment). Perhaps preparing an Exam Cram type book is not her cup of tea. I know she has the knowledge and capability to prepare a good Cram Book; this isn't it.

I come from the network engineering background with experience of 8 years, and i can safely say that the author doesn't know anything about networking beyond memorizing dry theoretical material without understanding it. In addition to errors and wrong descriptions relating to network security, the author omits enough information covered on the CISSP exam, for you to safely fail it. If you want a comprehensive CISSP book, get the CISSP PREP book.

CISSP exam cram? Not by a mile. I was very disappointed at how it glossed over most topics and how simple the practice questions are in comparison with those on the exam. The book is a decent intro to ISS (the only reason I gave it two stars) but doesn't come close to preparing you for the exam. The sad thing is that it gives the reader a false sense of preparedness. Don't think that by correctly answering all of the practice exam questions you're ready for the real thing. If so you'll realize your out money thirty minutes into the test.

I know that Mandy has her CISSP but I certainly hope that this book is not indicative of the exam's content quality or requirements.

There are numerous errors including giving incorrect solutions to sample questions - e.g. Question 44 in the sample exam:

Attacks that are targeted at individuals and companies who have done something that the attacker doesn't like are known as

a. Military and intelligence attacks
b. Business attacks
c. Grudge attacks
d. "Fun" attacks

In the answer explanation d is given as the answer and "...Answer c is incorrect because grudge attacks are targeted at individuals and companies who have done something the attacker doesn't like." !?!?

The InfoSec information described in the text is overly simplistic (with additional errors) and I give it a 2 star rating only as it may be of interest (value?) to school students looking for an introduction the topic (which isn't a bad thing as the subject is often omitted in existing computing curricula).

I am a senior engineer for network security operations. I bought "CISSP Exam Cram" (CEC) as a study aid for the CISSP exam, which I completed yesterday. CISSP candidates are not allowed to discuss the contents of the test, but I can comment on the quality of CEC's text. I consider myself a tough critic, but I'm surprised that earlier reviewers treat CEC so harshly. If you want a comprehensive treatise on all aspects of the CISSP exam, CEC will disappoint. If you're looking for supplementary material to jog your memory before the test, CEC is more than adequate.

Some criticize CEC because it doesn't thoroughly discuss each topic. They may forget this is an "exam cram," with only 200 pages of text for all ten domains of the Common Body of Knowledge (CBK). You're not going to read detailed essays on the Bell-LaPadula confidentiality model or exhaustive descriptions of the Kerberos authentication process. You will see short discussions of these topics, reminding you they may appear on the exam. Furthermore, I found most of these explanations of higher quality than those in "The CISSP Prep Guide." Compare the coverage of SYN floods on p. 16 of CEC with p. 76 of "The CISSP Prep Guide." Here (and elsewhere), Mandy Andress knows network security, while Ronald Kurtz and Russell Vines do not.

I concur with earlier concerns regarding URLs in the "Need to Know More?" sections. SecurityFocus appears far too often, while more worthy sites are ignored. The quizzes at the end of each chapter are far too easy, while those of "The CISSP Prep Guide" are more helpful.

Reading CEC is obviously not sufficient preparation for the CISSP exam. I also read "The CISSP Prep Guide," and reviewed a CBK outline on the Internet. My experience in the field proved better preparation than these references. Use CEC as a memory jogger right before the test. I read it the night before and it helped me focus my last-minute studies.

In a previous post, the author indicated she would post corrections to the numerous errors in her book. That link is dead and her site does not offer additional information.

I gave this a one star due to the errors, the insults to a person's intelligence in the practice tests and poor coverage (even at an ExamCram level) of essential material. This person has cobbled together much freely available information to make a buck.

As for actual CISSP study, the other mentioned books are not perfect either but are a better source of information. Join a study group, take the time to read-read-read and use the free/low-cost practice tests. Most of those provide ExamCram level material that far exceeds this book.

In a word...disappointing. I purchased Exam Cram--CISSP after having been through a review of the ten domains and after reading three other books in preparartion for the CISSP test. I found the material to be fairly shallow (as compared to the level of knowledge required to take the CISSP test) and the review questions were extremely simple. This book is best suited for someone that is considering a CISSP certification and would like to learn a little more about what's required. As a study tool, this book is a bust.

A recent review of this book in a major security magazine piqued my interest, as the reviewer basically said that Mandy Andress is a plagiarist in writing CISSP Exam Cram. I didnt find that to be the case; even though Andress could have done a better job with references.

Overall, Richard Bejtlichs review is pretty accurate. The book is basically Cliff Notes for the exam. If you have done a lot of reading preparing for the CISSP Exam, this book will serve you well. It is a quick and dirty reference that is to the point. It is perfect to take on a bus or plane to review as it does not weigh nearly 10 pounds like the CISSP All-in-One Exam Guide.

If you want breadth, this book is fine.
If you want depth, then dont use an Exam Cram title.

For those that want hearty references for the exam and wanting exhaustive tomes, they would be better served with books such as:

CISSP All-in-One Exam Guide
...