This is a great book. Unlike many other CISSP books, the book goes into details of each topic. For example, chapter 2 of the books provide great details on the Kerberos Protocol, and describes it better that any other CISSP book. The description was so good that it reminded of university days, when we had to learn various algorithm/protocols inside-out. I would recommend this book to anyone. http://validate.sf.net

I just took the test yesterday and this book was basically the only one I used to prepare. It went over information you really don't need and didn't cover well enough the ones you do. There was a level of detail that was not addressed in this book as well areas that weren't even covered. A co-worker of mine used two books, this one and the All-in-One and he said that the All-in-One covered the areas and was more accurate to the test. One more point the questions in this book are nothing like the ones on the test and are not a good judge of what the questions will be like.

I studied for the CISSP exam using this book, parts of other books, and some online resources. I also took the seminar offered by ISC^2. A month after completing the seminar, I took the exam. And about a week or so after that, I was relieved to find out that I had passed. Based on my experience, here are some words to the wise about this book in reference to the actual exam.

A review of any preparatory book has to be done in comparison with other books that attempt to do the same. It is no use criticizing a particular book only to find out that no better resource exists. However, it is important to highlight how a particular book compares with the actual goal of preparing the student for the particular exam that has to be taken. With that in mind, I will state up front that IMHO this book is probably one of the better books out there when preparing for the CISSP exam. (I have not read the Shon Harris book so I can not comment on it. However, from what I've heard, it is better in its coverage of the not-so-technical domains of the CISSP exam like Security Models and Law/Ethics. Perhaps a combination of these two books would be most effective in terms of preparing for the exam -- along with other resources of course.)

Coverage of some of the technical topics in this book seems very good. I was particularly impressed with their coverage of the Cryptography chapter -- it is a difficult topic and the book seems to do a decent job of covering it. However, be aware that the coverage of this topic in the book is above and beyond the level required for CISSP. The authors go into significant details on certain algorithms etc. which is absolutely unnecessary for CISSP. On the other hand, the authors don't seem to explain (in a clear, comprehensive manner) how symmetric and asymmetric cryptography ties in together when carrying out a typical secure session over the internet -- including the exchange of asymmetric keys for securely exchanging symmetric keys which then can be used for data transfer as well as the authentication process using digital signatures. Another example of an area where the book seems to dwell too deep into topics which are only required at an inch-deep level for CISSP purposes is the section on Kerberos. However, one should keep in mind that a little extra knowlege never hurt anyone. (The only problem is that when studying for the exam, one may get the impression that a particular topic will indeed be covered in such detail -- which obviously is a false impression). In other areas, I found that the section on Security Models was not very well done and seemed disparate at times in its coverage. This was certainly one area where I found other sources to significantly add to my understanding of the topic.

Some people have stated that a number of questions presented in the Advanced Questions section of the book are not covered in the chapter reading and that this is a problem with the book. However, if one views these questions as further study/information material and not necessarily a test of one's understanding of the chapter, this problem goes away. The fact is that the authors provide independent, detailed explanation in answer to each question presented in the Advanced Questions section and these explanations serve to provide further information that was not present in the chapter reading. As such, I found this quite useful since it added to my knowledge rather than just testing on what I had read. For those who wish to test their understanding of the material, there is a good "testing" resource online at www.cccure.org.

Overall, the authors seem very knowledgeable about all of the domains and present the material in a clear manner. In fact, given the breadth of the material in CISSP domains, their depth in certain areas is quite impressive.

I have often heard people say that the CISSP exam tests your experience in the security field, and that is not something you can gain from a book. Don't take this statement lightly! Books such as this one can only give you the theory behind "common sense" decisions that a security personnel would make during his/her daily work. They provide a good foundation. When it comes to the exam, use many resources (including this book of course), don't get caught in the details, and think common sense -- but with a security perspective!

There are 250 questions in the exam. Since the authors are all CISSPs, they are not allowed to directly give away the questions. Each book offers a relative limited number of practice questions. When I was preparing for the exam I realized that I would need to practice with a large number of questions to be properly prepared. So, I decided to ignore all the comments here on which book was better. I bought and read several books to prepare for it. My logic was: if I read an additional book and it helped me to get just that one additional question that I might need to pass the exam, it would save me at least the $500 that I would have to otherwise pay to take it again. I took the exam recently and passed! Looking back, this and the others all helped.

Ironically, the chapters are fairly well written, clear and consise, as opposed to another popular all-in-one CISSP book. However, the reason for my one-star review is: I went through the chapters and took the "sample" and "bonus" questions to review, then proceeded to the real McCoy, the "advanced questions" that are "representative of the real exam". Well, about 1/2 the questions refer to material that is NOT even COVERED in the chapters. Confusing? Frustrating?? Dissappointing??? To say the least.