Two bestselling CISSP guides in one serious study setThis value-packed packed set for the serious CISSP certification candidate combines the bestselling (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition with an updated and refined collection of Practice Exams to give you the best preparation ever for the high-stakes CISSP Exam.(ISC)² CISSP Study Guide, 9th Edition has been completely updated for the latest 2021 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You’ll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you’ve learned with key topic exam essentials and chapter review questions.Along with the book, you also get access to Sybex’s superior online interactive learning environment that includes four practice exams each with 125 unique questions to help you identify where you need to study more, more than 1000 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam, a searchable glossary in PDF to give you instant access to the key terms you need to know for the exam.Add to that the updated (ISC)² CISSP Certified Information Systems Security Professional Official Practice Tests, 3rd edition with 4 more complete 125-question exams and another 100 questions for each of the 8 domains and you’ll be as ready as you can be for the CISSP exam.All of the practice questions from both books have been vetted again for 2021 by multiple CISSPs and instructors, retaining only the best questions from previous editions insuring that the questions you practice with give you the best possible preparation.Coverage of all of the exam topics in each book means you’ll be ready for:Security and Risk ManagementAsset SecuritySecurity Architecture and EngineeringCommunication and Network SecurityIdentity and Access Management (IAM)Security Assessment and TestingSecurity OperationsSoftware Development Security
Mike Chapple
Sybex; 3rd edition (July 7, 2021)
English
978-1119790020
File Size: 89 MB
Available File Formats: PDF AZW3 DOCX EPUB MOBI TXT or Kindle audiobook Audio CD(Several files can be converted to each other)
Language: English, Francais, Italiano, Espanol, Deutsch, chinese
Mike Chapple, Ph.D., CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame. Mike spent four years in the information security research group at NSA and served as an intelligence officer in the U.S. Air Force. Mike provides cybersecurity certification resources at his website, CertMike.com.James Michael Stewart, CISSP, CEH, CHFI, and Security+ has been working with technology for nearly thirty years. His work focuses on security, certification, and various operating systems. Recently, Michael has been teaching job skill and certification courses, such as CISSP, ethical hacking/penetration testing, computer forensics, and Security+. He is the author of numerous publications, books, and courseware.Darril Gibson, CISSP, is the CEO of YCDA, LLC and regularly writes and consults on a wide variety of technical and security topics and holds numerous other certifications including MCSE, MCDBA, MCSD, MCITP, ITIL v3, and Security+. He has authored or coauthored more than 30 books.David Seidl, CySA+, CISSP, PenTest+, is Vice President for Information Technology and CIO at Miami University. David previously co-led Notre Dame’s move to the cloud, and has written multiple cybersecurity certification books. <div id="
I’m five chapters through this, so far (out of 21), and am writing this because Amazon prompted me to.The business and organizational portions of this seem strong. The authors warn their readers to consult attorneys in matters of law.They should have followed their own advice. The legal portions are wrong. They conflate criminal and civil law, say that the Federal Sentencing Guidelines are mandatory and set definitions for things in civil law that are governed by the states in finding liability, claim there are three burdens of proof for negligence, and imply that the EU’s claims of universal jurisdiction in the GDPR might make it international law. None of that is right. Some of it doesn’t even make sense.Criminal and civil law are completely different. The FSG only apply in criminal cases, post-judgment. They have nothing to do with civil liability or with state law. There are four *elements* to negligence, not three “burdens of proof.” And it takes way, WAY more to incorporate something into an accepted principle of international law than a collection of legislators declaring the whole universe is subject to their whims.There’s more, but I’m not going to go fetch my books to see what I wrote in the margins every time. Just know that the legal portions of this book are, at *best*, wrong. Sometimes, they’re “not even wrong” (meaning the premises are SO f’d up they don’t even make sense).UPDATE: I’m now >400 pages in and I’m deleting a star. The reason is that the number of definitional and technical mistakes (not just legal) are now accumulating. For instance, mis-using the terms 1st-, 2nd-, and 3rd-party (p. 415), “eavesdropping” (p. 410), and even “screen saver” (p. 410); incorrectly implying that Arduinos are limited to 8-bit operations (p. 387); saying “see the section “Edge and Fog Computing,” earlier in this chapter” when the section not only had not yet appeared, it was the *next* section (p. 385); saying that “SCADA is often referred to as a human-machine interface (HMI) since it enables people to better…” which is not correct–an HMI is a point in an ICS system where a person can control the otherwise automated control systems, as per NIST and Idaho National Labs ICS course, whereas SCADA is the entire geographically spread-out system (p. 379); and incorrectly stating that a Faraday cage can be designed to allow longer radio waves but deny shorter ones (p. 368). [Note that all these listed errors are in ONE chapter (Chapter 9).] On p. 254, the authors got mathematical variables confused.Another legal point, because it’s really bad. On p. 198, they say that a company can delete evidence after they know an incident has happened, but before a lawsuit is filed. That’s almost universally wrong, and doing so can result in (depending on jurisdiction and spoliation rules) criminal sanctions or the “civil death penalty” of automatically losing any resulting lawsuit on the grounds that you destroyed evidence favorable to the other party.”The unanimous view of the federal courts is that federal law imposes upon a party a duty to preserve relevant evidence from the time that the party can reasonably anticipate litigation.” That is the opening sentence of FEDERAL COMMON LAW AND THE COURTS’ REGULATION OF PRE-LITIGATION PRESERVATION, a law article by a judicial clerk named John Koppel.Doing what the authors tell you to do here will screw you and your organization.I’m also irritated by the authors’ PC censorship streak, where they rename existing, well-understood technical terms because their pansy sensibilities are offended. This is supposed to be a technical study manual. Keep your propaganda to yourself.Examples? They’ve decided that the generations-old and universally understood terms “blacklist” and “whitelist” aren’t allowed anymore. Likewise with the term Chinese Wall (p. 335). I wonder what kind of fit they throw about the ‘Great Firewall of China,’ a term used by the same millions of Chinese who are subject to its censorship and social controls, or about master and slave systems, or male and female connectors? Do gender-benders (adapters that reverse connection types from male to female or vice versa) make them faint? Man-in-the-Middle attacks are renamed, because the term is “gendered.”On the up side, the cryptography sections seem correct.UPDATE 2: I’m now through chapter 20 of 21. It is obvious this book was the product of multiple authors writing multiple sections separately and then having them shoved together. Portions are uselessly redundant (like the Service-Level Agreements [SLA] section in Chapter 20 and the SLA section in Chapter 16). Some parts disagree with other parts. Some chapters are organized well to apply to the exam callouts they are supposed to cover; others are *not*. On p. 842, a paragraph in one section is obviously supposed to be part of the preceding section; someone screwed up their cut/paste.They routinely f-up the concept of “third party.” Guys, you cannot have a “third party” unless you already have a “second party.” If I sign a contract with with a company and no one else is involved, they are not a “third party.” Seriously, this is not complicated. But it’s wrong virtually everywhere throughout this book.There are still serious technical mistakes. On p. 566, they try to sell the idea that digital signals are more reliable than analog signals over long distances but don’t know the difference between attenuation and interference, seem to think “direct current voltage” is a thing, imply that direct current signals are immune to attenuation (lol), and don’t seem to understand that the ‘1s and 0s’ they always hear about are actually ‘voltage highs and voltage lows’ and if their digital signal fails to cross the requisite threshold cleanly the signal becomes corrupted.Oh, this one drives me f’ing crazy. One of these authors (see Chapter 11) is absolutely, utterly convinced that TCP/IP is a single protocol; a special ‘multi-layer protocol.’ No. Just no. TCP is a layer 4 transport protocol, like UDP is. IP is a layer 3 network protocol. ‘TCP/IP’ was the term the DOD applied to their network model in the 1980s, that is slowly supplanting the OSI model because the OSI one is needlessly complicated. This is so ridiculously stupid I can’t believe the three technical editors let it fly. But there’re a lot of editing problems in this book, so…On p. 503, there is a sidebar about routing protocols that says “interior routing protocols… make next hop decisions based solely on information related to that next immediate hop.” This is wrong. Even RIP (the oldest, most primitive routing protocol in use) makes routing decisions based off the whole topology; that’s the entire point, it operates by number of hops between source and destination without regard to things like throughput, reliability, and congestion.One of the practice questions on p. 493 asks “what type of motion detector senses changes in the electrical or magnetic field surrounding a monitored object.” Answer: capacitance. Uh, no. Magnetic flux is a function of inductors, not capacitors. Some touch screens are capacitance based, because the physical changes cause capacitive changes. They don’t work by waving your hands around. There are a lot of electrical mistakes in this book… see their butchered explanation of noise on p. 467, where they misused the term ‘transverse mode’ as ‘traverse mode,’ misused the term power (there’s no electrical power without a load, guys), and gave the almost-definition of voltage (the difference in electrical potential between the ground and ‘hot’ wire) as the definition for noise.They conflate rooting and jailbreaking on p.417, and then try to discuss the legality of it. They fail.Some parts are just dumb, like saying it’s “hardly fair” to hold software engineering to the same standards as other engineering disciplines “that are centuries old,” like civil engineering (without any mention of nuclear, aerospace, or electrical engineering, which are vastly younger), or addressing the merits of the matter at all. This is just whining that most engineers think ‘software engineering’ is an appropriation of their discipline name to try to lend a veneer of credibility to something that is manifestly not engineering (think ‘custodial engineer’ instead of ‘janitor’ and you have the idea).They like to make reference to government and military practices, but don’t know that SCIF is pronounced “skiff,” instead of “ess see eye eff,” so they write “an SCIF” over and over.They insist that gait analysis is a reliable biological way of identifying people, even though emulating gaits has been used in disguise for centuries and every half-decent actor can pull it off.Crappy legal descriptions continue. They make fun of the idea of getting legal information from television shows, but then do the same thing: on p. 921, “If investigators fail to comply with even the smallest detail of these provisions, they may find their warrant invalidated and the results of the search deemed inadmissible.” Uh, no. See Doctrine of Inevitable Discovery. Also, minor errors in warrant executions are routinely held inconsequential in court challenges. They try to describe hearsay rules and blow it. This not surprising; law students screw this up all the time. But the statement that “a witness… cannot testify about what someone else told them outside of court…” is fundamentally wrong. “He said he would kill her” is not hearsay. Saying he killed her because you heard someone else say he would is hearsay.They rename physical evidence as “real evidence,” for no reason. They also say there is such a thing as “conclusive evidence… that is incontrovertible” and give DNA as an example… even though it controvertible in the case of multiple birth siblings, flawed evidence collection, planted evidence, and so on. They confuse evidentiary standards and burdens of proof. They try really hard to explain how MOUs and MOAs are different from binding contracts and fail, because they don’t actually understand contracts. They do, however, use the term parol evidence rule correctly.On p. 829, they warn that you cannot entrap people with honeypots, because it’s illegal. This is completely wrong. Entrapment applies specifically to law enforcement, and prevents them from enticing people to commit crimes they wouldn’t have otherwise committed. It has nothing to do with civil behavior in any jurisdiction I’ve ever heard of.Another element of PC stupidity: Mantraps are now “access control vestibules.” Because gendered. FFS.WHY LISTEN TO ME? I’m a lawyer, electrical engineer, and certified network engineer who has about 9 years experience working for a military with meaningful (but not extensive) security training (CEH, Sec+, some other stuff).FINAL JUDGMENT: I can’t recommend other specific books because this is the only one I’ve read for CISSP. But if there is another comprehensive book out there that purports to cover the test, go read it. This one misleads you. It doesn’t mislead you on everything (the cryptography, technical security, and certain other sections seem to be correct, and the business/organization sections comport with what I already knew [though I’m not a business guy]), but someone who doesn’t know better will ‘learn’ a lot of stupid BS about the law, electrical devices and behavior, and think that capacitors measure magnetic fields and no internal routing protocols make topology-based routing decisions, and might also think that stupid made-up politically correct horse-crap terminology is, in fact, normal and established.They play loose and easy with law, electromagnetism and other technical details, but are *totally on top of* their post-modern Newspeak. They never missed an opportunity to remind you that “Man-in-the-Middle” is totally uncool, guys. That indicates the priorities of this book.The About the Authors section says they have ‘written or contributed’ to (collectively) >140 books. They hold all these certifications and have all these awards. I’ve worked as a legal editor, technical editor, and been published in my own right. They should be embarrassed by this product. I would be.Deleted another star. I can’t justify three for an annoying, untrustworthy book I don’t recommend.UPDATE 3: Moved onto the practice tests. Other reviewers’ comments about bad questions are on target. Not all of them or even most, but some are just… wrong. Example: Chapter 3, #30, the answers don’t match the question. Also Chapter 3, # 44, it asks about a topic that is apparently not covered by this edition of the study guide but, according to my investigation, WAS covered in a previous edition, indicating that these questions are (at least partly) a copy-paste job.And be aware that, according to others who have taken the exam after using these products, these ‘Practice Tests’ are not actually ‘Practice Tests.’ They are study aids. The questions and explanations (when they’re right…) are for studying, not as an honest measurement of your likely performance on the real exam, which is significantly harder.
I just passed my CISSP using these materials. The study guide is very thorough and complete. The practice tests are helpful to tell you what areas to focus on. But let me tell you, unless you are scoring 90% on these practice tests, don’t even attempt the real test. These tests are like kittens that are fun to play with but sometimes bite and play a little rough. The real test is a full grown lion. In the last practice test I took, I was unsure of about 10 questions out of 125. On the real test I was unsure of 75% of the questions and had to work hard to reason out what the question was asking and what the best answer was.Update, I took away some stars because I was not adequately prepared for the exam by the material. Without violating my NDA let me give you a sport analogy to show you what I mean.Study Guide: Here is the names and positions of all of the players for the 1968 Mets.Practice Test: Who is the third baseman for the 1968 Mets (and 2 of the options will be FDR and Marilyn Monroe)Real Test: Considering both their offensive and defensive abilities, who is the BEST player for the 1968 Mets.
Hello,I have over 30+ years working in information technology and services, I also multi certified and hold seven other vendor neutral certifications, some in infosec as well. Out of those 30 years, I have taught CompTIA certification training both nationwide and worldwide remote and live. I know two, out of the three authors of this main 9th edition book (they would not remember me, and I’m quite certain of that). This is my fair and unbiased review of this book.I unfortunately, bought the 8th edition bundle at the middle of the last year, per ISC2 recommendation. And also I did not know that the exam changed this past “May 2021”, so I verified with ISC2 that this “current” exam will stay the same in three years time.I bought this book bundle out of convenience alone, the content looks the same to me as the 8th edition., The only difference is, that the authors have broken down domains and those “re-named topics” under each domain to their book chapters. This matches what ISC2 has on there site for those changes starting this past May for the new CISSP exam. Reference: https://www.isc2.org/Landing/new-cisspI could have taken A LOT of time and gone through and noted the changes of those topics per domains and newly changed / written topics, but decided it would save A LOT of time and frustration to just buy this new copy of the book, also again recommended directly to me by ISC2 because of the changes. I also understand that the certification book publishing business is a 100% money making business, and releasing a updated list of those domains and topics on the wiley-sybex “Wiley Efficient Learning” page, for those candidates that are listed as “registered owners of the older book 8th edition” book, probally would impact sales of this new 9th edition… But it wouldn’t it be a great idea to offer that in the future? Just saying…The thing that the large 9th edition book has, is bonus content accessible online after you register the book online where there is downloadable .MP3 file of the exam essentials that one of the authors reads what you need to know in each chapter. The audio is recorded on a Apple Mac computer using a muti-track audio editor software called Amadeus Pro. The files are recorded at a high quality bit rate (192 kbps) but the author / speaker did not use a “pop filter” on his microphone so as a tip, make sure you bring the bass down a bit on whatever media player device you listen to the audio recordings as the “p” in the speaking audio, pops a lot.The companion official practice test 3rd edition book that is in this bundle, is worth it and I believe the online “test bank” is also different. You get access to that test bank after registering online.Also, to be 100% clear.. The content in the main book is great, and the bundle with the companion book that is a part of this bundle, the official practice test 3rd edition makes up for what the main book lacks regarding practicing for the exam itself. One tip that should of been noted, is the syntax of the questions in the book are going to be far more easier to understand than the actual test itself (like every exam out there). So DO NOT get into the mindset, that your going to get easy to understand questions like what you see on the practice tests…. Don’t get in that mindset! Again, expect the syntax of the questions to be way more complex.In closing, I think if you do not have the 8th edition of this book, you’ll find this bundle is very helpful and worth the purchase. If you did like I did, and bought the 8th edition book you’ll find that buying this bundle, is less of value over all and more of a convenience than anything else. Good Luck to all that sit for this exam. – Mr.Tom
There are a lot of reviews on here that go into long diatribes on the content in this book, and it’s usefulness or their precieved lack of.Here’s the long and short of it: I only used this book to study and used the practice questions to gauge my progress & areas to review. I studied for 4 weeks and then took the exam.I passed the exam on question 100. This book works, and you will pass if truly you read, go through, and review the material in it.
Delivered on time, excellent book and print quality
Amazon stays true to the schedule and I am happy that it arrives on time. It was a critical time as the training was a few days away and we have to rush the materials to the trainees before the start date.
two pages were bigger then whole book pages
It is good to start with this book. But yes you can’t claim for online preps tests, as this is not original but reprinted. I think , as I also have pdf which has few coloured diagrams where in the book they are like Xerox or print copy., in black n white images. But end of the day content matters which Mike chapple truly justified. Go for it. All the best.
I read two different books to prepare the CISSP exam. One of them is the Ninth edition of the Official Study Guide. It’s big, full of valuable knowledge, and the questions related to each chapter are quite ok with the content, with few exceptions. As I’m not living in the USA, I can’t tell about US Laws, I hope it’s true for the exam.I found some missing things, and some errors in the Guide. For example, questions are talking about Fagan, but fagan isn’t explained in the book. Also a question about the four most common VPN, but the books lists five, and L2F isn’t ins the list, but in the question.For the Official Practices Tests, it’s totally different. There are a lot of mistakes. Too much… Some questions are about things that aren’t explained at all in the Guide, some answers are false, and so on. For example, they explain SNAT doesn’t exist (made up for the question), one question tells SDS is Software-defined-Security (onlsy SDS is given), but in reality SDS is Software-Defined Storage even if the other one exists but not as a acronym, one answer tells that the name “threshold” isn’t commonly used, on another question you’ve to define that the use of the openSSL library by a dev isn’t using a Third-Party library, but is using open-source library, and so on.Each time I found something like this, I’m sending a feedback (from the training website). I hope somebody will read.If the exam is like this, then 100% sure I don’t get it.
About Aaovo.com :
We are committed to sharing all kinds of e-books, learning resources, collection and packaging, reading notes and impressions. The book resources of the whole station are collected and sorted by netizens and uploaded to cloud disk, high-definition text scanning version and full-text free version. This site does not provide the storage of the file itself.
Description of file download format: (Note: this website is completely free)
The e-books shared by this site are all full versions, most of which are manually refined, and there are basically no omissions. Generally, there may be multiple versions of files. Please download the corresponding format files as needed. If there is no version you need, it is recommended to use the file format converter to read after conversion. Scanned PDF, text PDF, ePub, Mobi, TXT, docx, Doc, azw3, zip, rar and other file formats can be opened and read normally by using common readers.
Copyright Disclaimer :
This website does not store any files on its server. We only index and link to the content provided by other websites. If there is any copyrighted content, please contact the content provider to delete it and send us an email. We will delete the relevant link or content immediately.
Download link description :
We usually use Dropbox, Microsoft onedrive and Google drive to store files. Of course, we may also store backup files in other cloud content management service platforms such as Amazon cloud drive, pcloud, mega, mediafire and box. They are also great. You can choose the download link on demand.
