(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle

by: Mike Chapple (0)

Two bestselling CISSP guides in one serious study set

This value-packed packed set for the serious CISSP certification candidate combines the bestselling (ISC)²
CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition with an updated and refined collection of Practice Exams to give you the best preparation ever for the high-stakes CISSP Exam.

(ISC)² CISSP Study Guide, 9th Edition has been completely updated for the latest 2021 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes four practice exams each with 125 unique questions to help you identify where you need to study more, more than 1000 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam, a searchable glossary in PDF to give you instant access to the key terms you need to know for the exam.

Add to that the updated (ISC)² CISSP Certified Information Systems Security Professional Official Practice Tests, 3rd edition with 4 more complete 125-question exams and another 100 questions for each of the 8 domains and you'll be as ready as you can be for the CISSP exam.

All of the practice questions from both books have been vetted again for 2021 by multiple CISSPs and instructors, retaining only the best questions from previous editions insuring that the questions you practice with give you the best possible preparation.

Coverage of all of the exam topics in each book means you'll be ready for:

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

The Reviews

I'm five chapters through this, so far (out of 21), and am writing this because Amazon prompted me to.The business and organizational portions of this seem strong. The authors warn their readers to consult attorneys in matters of law.They should have followed their own advice. The legal portions are wrong. They conflate criminal and civil law, say that the Federal Sentencing Guidelines are mandatory and set definitions for things in civil law that are governed by the states in finding liability, claim there are three burdens of proof for negligence, and imply that the EU's claims of universal jurisdiction in the GDPR might make it international law. None of that is right. Some of it doesn't even make sense.Criminal and civil law are completely different. The FSG only apply in criminal cases, post-judgment. They have nothing to do with civil liability or with state law. There are four *elements* to negligence, not three "burdens of proof." And it takes way, WAY more to incorporate something into an accepted principle of international law than a collection of legislators declaring the whole universe is subject to their whims.There's more, but I'm not going to go fetch my books to see what I wrote in the margins every time. Just know that the legal portions of this book are, at *best*, wrong. Sometimes, they're "not even wrong" (meaning the premises are SO f'd up they don't even make sense).UPDATE: I'm now >400 pages in and I'm deleting a star. The reason is that the number of definitional and technical mistakes (not just legal) are now accumulating. For instance, mis-using the terms 1st-, 2nd-, and 3rd-party (p. 415), "eavesdropping" (p. 410), and even "screen saver" (p. 410); incorrectly implying that Arduinos are limited to 8-bit operations (p. 387); saying "see the section "Edge and Fog Computing," earlier in this chapter" when the section not only had not yet appeared, it was the *next* section (p. 385); saying that "SCADA is often referred to as a human-machine interface (HMI) since it enables people to better..." which is not correct--an HMI is a point in an ICS system where a person can control the otherwise automated control systems, as per NIST and Idaho National Labs ICS course, whereas SCADA is the entire geographically spread-out system (p. 379); and incorrectly stating that a Faraday cage can be designed to allow longer radio waves but deny shorter ones (p. 368). [Note that all these listed errors are in ONE chapter (Chapter 9).] On p. 254, the authors got mathematical variables confused.Another legal point, because it's really bad. On p. 198, they say that a company can delete evidence after they know an incident has happened, but before a lawsuit is filed. That's almost universally wrong, and doing so can result in (depending on jurisdiction and spoliation rules) criminal sanctions or the "civil death penalty" of automatically losing any resulting lawsuit on the grounds that you destroyed evidence favorable to the other party."The unanimous view of the federal courts is that federal law imposes upon a party a duty to preserve relevant evidence from the time that the party can reasonably anticipate litigation." That is the opening sentence of FEDERAL COMMON LAW AND THE COURTS’ REGULATION OF PRE-LITIGATION PRESERVATION, a law article by a judicial clerk named John Koppel.Doing what the authors tell you to do here will screw you and your organization.I'm also irritated by the authors' PC censorship streak, where they rename existing, well-understood technical terms because their pansy sensibilities are offended. This is supposed to be a technical study manual. Keep your propaganda to yourself.Examples? They've decided that the generations-old and universally understood terms "blacklist" and "whitelist" aren't allowed anymore. Likewise with the term Chinese Wall (p. 335). I wonder what kind of fit they throw about the 'Great Firewall of China,' a term used by the same millions of Chinese who are subject to its censorship and social controls, or about master and slave systems, or male and female connectors? Do gender-benders (adapters that reverse connection types from male to female or vice versa) make them faint? Man-in-the-Middle attacks are renamed, because the term is "gendered."On the up side, the cryptography sections seem correct.UPDATE 2: I'm now through chapter 20 of 21. It is obvious this book was the product of multiple authors writing multiple sections separately and then having them shoved together. Portions are uselessly redundant (like the Service-Level Agreements [SLA] section in Chapter 20 and the SLA section in Chapter 16). Some parts disagree with other parts. Some chapters are organized well to apply to the exam callouts they are supposed to cover; others are *not*. On p. 842, a paragraph in one section is obviously supposed to be part of the preceding section; someone screwed up their cut/paste.They routinely f-up the concept of "third party." Guys, you cannot have a "third party" unless you already have a "second party." If I sign a contract with with a company and no one else is involved, they are not a "third party." Seriously, this is not complicated. But it's wrong virtually everywhere throughout this book.There are still serious technical mistakes. On p. 566, they try to sell the idea that digital signals are more reliable than analog signals over long distances but don't know the difference between attenuation and interference, seem to think "direct current voltage" is a thing, imply that direct current signals are immune to attenuation (lol), and don't seem to understand that the '1s and 0s' they always hear about are actually 'voltage highs and voltage lows' and if their digital signal fails to cross the requisite threshold cleanly the signal becomes corrupted.Oh, this one drives me f'ing crazy. One of these authors (see Chapter 11) is absolutely, utterly convinced that TCP/IP is a single protocol; a special 'multi-layer protocol.' No. Just no. TCP is a layer 4 transport protocol, like UDP is. IP is a layer 3 network protocol. 'TCP/IP' was the term the DOD applied to their network model in the 1980s, that is slowly supplanting the OSI model because the OSI one is needlessly complicated. This is so ridiculously stupid I can't believe the three technical editors let it fly. But there're a lot of editing problems in this book, so...On p. 503, there is a sidebar about routing protocols that says "interior routing protocols... make next hop decisions based solely on information related to that next immediate hop." This is wrong. Even RIP (the oldest, most primitive routing protocol in use) makes routing decisions based off the whole topology; that's the entire point, it operates by number of hops between source and destination without regard to things like throughput, reliability, and congestion.One of the practice questions on p. 493 asks "what type of motion detector senses changes in the electrical or magnetic field surrounding a monitored object." Answer: capacitance. Uh, no. Magnetic flux is a function of inductors, not capacitors. Some touch screens are capacitance based, because the physical changes cause capacitive changes. They don't work by waving your hands around. There are a lot of electrical mistakes in this book... see their butchered explanation of noise on p. 467, where they misused the term 'transverse mode' as 'traverse mode,' misused the term power (there's no electrical power without a load, guys), and gave the almost-definition of voltage (the difference in electrical potential between the ground and 'hot' wire) as the definition for noise.They conflate rooting and jailbreaking on p.417, and then try to discuss the legality of it. They fail.Some parts are just dumb, like saying it's "hardly fair" to hold software engineering to the same standards as other engineering disciplines "that are centuries old," like civil engineering (without any mention of nuclear, aerospace, or electrical engineering, which are vastly younger), or addressing the merits of the matter at all. This is just whining that most engineers think 'software engineering' is an appropriation of their discipline name to try to lend a veneer of credibility to something that is manifestly not engineering (think 'custodial engineer' instead of 'janitor' and you have the idea).They like to make reference to government and military practices, but don't know that SCIF is pronounced "skiff," instead of "ess see eye eff," so they write "an SCIF" over and over.They insist that gait analysis is a reliable biological way of identifying people, even though emulating gaits has been used in disguise for centuries and every half-decent actor can pull it off.Crappy legal descriptions continue. They make fun of the idea of getting legal information from television shows, but then do the same thing: on p. 921, "If investigators fail to comply with even the smallest detail of these provisions, they may find their warrant invalidated and the results of the search deemed inadmissible." Uh, no. See Doctrine of Inevitable Discovery. Also, minor errors in warrant executions are routinely held inconsequential in court challenges. They try to describe hearsay rules and blow it. This not surprising; law students screw this up all the time. But the statement that "a witness... cannot testify about what someone else told them outside of court..." is fundamentally wrong. "He said he would kill her" is not hearsay. Saying he killed her because you heard someone else say he would is hearsay.They rename physical evidence as "real evidence," for no reason. They also say there is such a thing as "conclusive evidence... that is incontrovertible" and give DNA as an example... even though it controvertible in the case of multiple birth siblings, flawed evidence collection, planted evidence, and so on. They confuse evidentiary standards and burdens of proof. They try really hard to explain how MOUs and MOAs are different from binding contracts and fail, because they don't actually understand contracts. They do, however, use the term parol evidence rule correctly.On p. 829, they warn that you cannot entrap people with honeypots, because it's illegal. This is completely wrong. Entrapment applies specifically to law enforcement, and prevents them from enticing people to commit crimes they wouldn't have otherwise committed. It has nothing to do with civil behavior in any jurisdiction I've ever heard of.Another element of PC stupidity: Mantraps are now "access control vestibules." Because gendered. FFS.WHY LISTEN TO ME? I'm a lawyer, electrical engineer, and certified network engineer who has about 9 years experience working for a military with meaningful (but not extensive) security training (CEH, Sec+, some other stuff).FINAL JUDGMENT: I can't recommend other specific books because this is the only one I've read for CISSP. But if there is another comprehensive book out there that purports to cover the test, go read it. This one misleads you. It doesn't mislead you on everything (the cryptography, technical security, and certain other sections seem to be correct, and the business/organization sections comport with what I already knew [though I'm not a business guy]), but someone who doesn't know better will 'learn' a lot of stupid BS about the law, electrical devices and behavior, and think that capacitors measure magnetic fields and no internal routing protocols make topology-based routing decisions, and might also think that stupid made-up politically correct horse-crap terminology is, in fact, normal and established.They play loose and easy with law, electromagnetism and other technical details, but are *totally on top of* their post-modern Newspeak. They never missed an opportunity to remind you that "Man-in-the-Middle" is totally uncool, guys. That indicates the priorities of this book.The About the Authors section says they have 'written or contributed' to (collectively) >140 books. They hold all these certifications and have all these awards. I've worked as a legal editor, technical editor, and been published in my own right. They should be embarrassed by this product. I would be.Deleted another star. I can't justify three for an annoying, untrustworthy book I don't recommend.UPDATE 3: Moved onto the practice tests. Other reviewers' comments about bad questions are on target. Not all of them or even most, but some are just... wrong. Example: Chapter 3, #30, the answers don't match the question. Also Chapter 3, # 44, it asks about a topic that is apparently not covered by this edition of the study guide but, according to my investigation, WAS covered in a previous edition, indicating that these questions are (at least partly) a copy-paste job.And be aware that, according to others who have taken the exam after using these products, these 'Practice Tests' are not actually 'Practice Tests.' They are study aids. The questions and explanations (when they're right...) are for studying, not as an honest measurement of your likely performance on the real exam, which is significantly harder.

I just passed my CISSP using these materials. The study guide is very thorough and complete. The practice tests are helpful to tell you what areas to focus on. But let me tell you, unless you are scoring 90% on these practice tests, don't even attempt the real test. These tests are like kittens that are fun to play with but sometimes bite and play a little rough. The real test is a full grown lion. In the last practice test I took, I was unsure of about 10 questions out of 125. On the real test I was unsure of 75% of the questions and had to work hard to reason out what the question was asking and what the best answer was.Update, I took away some stars because I was not adequately prepared for the exam by the material. Without violating my NDA let me give you a sport analogy to show you what I mean.Study Guide: Here is the names and positions of all of the players for the 1968 Mets.Practice Test: Who is the third baseman for the 1968 Mets (and 2 of the options will be FDR and Marilyn Monroe)Real Test: Considering both their offensive and defensive abilities, who is the BEST player for the 1968 Mets.

There are a lot of reviews on here that go into long diatribes on the content in this book, and it's usefulness or their precieved lack of.Here's the long and short of it: I only used this book to study and used the practice questions to gauge my progress & areas to review. I studied for 4 weeks and then took the exam.I passed the exam on question 100. This book works, and you will pass if truly you read, go through, and review the material in it.

Hello,I have over 30+ years working in information technology and services, I also multi certified and hold seven other vendor neutral certifications, some in infosec as well. Out of those 30 years, I have taught CompTIA certification training both nationwide and worldwide remote and live. I know two, out of the three authors of this main 9th edition book (they would not remember me, and I'm quite certain of that). This is my fair and unbiased review of this book.I unfortunately, bought the 8th edition bundle at the middle of the last year, per ISC2 recommendation. And also I did not know that the exam changed this past "May 2021", so I verified with ISC2 that this "current" exam will stay the same in three years time.I bought this book bundle out of convenience alone, the content looks the same to me as the 8th edition., The only difference is, that the authors have broken down domains and those "re-named topics" under each domain to their book chapters. This matches what ISC2 has on there site for those changes starting this past May for the new CISSP exam. Reference: https://www.isc2.org/Landing/new-cisspI could have taken A LOT of time and gone through and noted the changes of those topics per domains and newly changed / written topics, but decided it would save A LOT of time and frustration to just buy this new copy of the book, also again recommended directly to me by ISC2 because of the changes. I also understand that the certification book publishing business is a 100% money making business, and releasing a updated list of those domains and topics on the wiley-sybex "Wiley Efficient Learning" page, for those candidates that are listed as "registered owners of the older book 8th edition" book, probally would impact sales of this new 9th edition... But it wouldn't it be a great idea to offer that in the future? Just saying...The thing that the large 9th edition book has, is bonus content accessible online after you register the book online where there is downloadable .MP3 file of the exam essentials that one of the authors reads what you need to know in each chapter. The audio is recorded on a Apple Mac computer using a muti-track audio editor software called Amadeus Pro. The files are recorded at a high quality bit rate (192 kbps) but the author / speaker did not use a "pop filter" on his microphone so as a tip, make sure you bring the bass down a bit on whatever media player device you listen to the audio recordings as the "p" in the speaking audio, pops a lot.The companion official practice test 3rd edition book that is in this bundle, is worth it and I believe the online "test bank" is also different. You get access to that test bank after registering online.Also, to be 100% clear.. The content in the main book is great, and the bundle with the companion book that is a part of this bundle, the official practice test 3rd edition makes up for what the main book lacks regarding practicing for the exam itself. One tip that should of been noted, is the syntax of the questions in the book are going to be far more easier to understand than the actual test itself (like every exam out there). So DO NOT get into the mindset, that your going to get easy to understand questions like what you see on the practice tests.... Don't get in that mindset! Again, expect the syntax of the questions to be way more complex.In closing, I think if you do not have the 8th edition of this book, you'll find this bundle is very helpful and worth the purchase. If you did like I did, and bought the 8th edition book you'll find that buying this bundle, is less of value over all and more of a convenience than anything else. Good Luck to all that sit for this exam. - Mr.Tom

I just started this book and in the practice test alone there are errors, I highly suggest reading the entire explanation of the "answers" because the lettered answers may be incorrect. Like with all study guides there will be many of them, sometimes the best ones will be obvious, most of the times not.They key to taking these tests and passing them is diversification of material, especially practice tests. Normally these books don't give the true grit type of questions which is why you should find yourself using a different source for practice tests. However, this is a good start and for a very good price, just make sure you keep an open mind once you start smashing and dashing question banks.I will update once I get further along.

These books (ICS squared official CISSP study guide) have helped me recently to successfully pass the CISSP exam. The book and the accompanying questions guide give you the breadth of knowledge you need to dive deep into each domain. The book itself is a great reference guide for any IT professional or cybersecurity professional. The book also provides you with other references where you can go even deeper on certain topics. The questions guide book has tons of questions that will get you ready for the test. There are about 100 questions for each domain to test your knowledge about that specific domain so you can gauge how well you know the material. Additionally, you have four practice tests of 125 questions each covering all 8 domains similar to taking the exam. I highly recommend these books even if you are using other materials.

I bought the CISSP Official Study Guide (OSG) and Official Practice Tests (OPT) together. Mike Chapple breaks OSG into 21 chapters. While it is a lot of reading, I found it very informative and was my main source of learning for the CISSP. I foresee OSG to be used throughout my career. The book is very well written. Topics and subtopics have consistent headings, which makes the material easy to follow. Tests at the end of each OSG chapter helped validate my learning. The answers at the back are very informative.There are ample practice tests in OPT. They allowed me to validate my preparation by domain and there are some full practice test at the end. Although my examination had very different questions, the look and feel/format of the questions were similar to OSG and OPT. These books remained my go-to resources through a long preparatory period.

This is the absolute must read guide to study for CISSP exam no doubt, but the book quality is low and font is very small besides the book is very heavy.I would suggest getting the PDF version or kindle.The practice exams book is fine, still small font but the book is ok to use.

I purchased these two books on the recommendation of another CISSP and after watching Mike's videos on Linkedin. They are an excellent source of information and the practice questions were a great way to test your knowledge within each domain.The detailed answers to all practice questions were also a big help - since I was able to update my outlines / notes with more details as to the specific nuances that are needed to answer the questions correctly. Ultimately passing or failing the CISSP isn't about knowledge or studying - it's can you undertand the specific nuance that the questions is asking - where literally one word can change your answer. Taking these practice questions helps focus you on that, and the main book helps clarify if you need additional details. I would not have passed the exam without these two books.

The books include excellent information and are useful not only as CISSP resources but also as a reference for a wide range of information security topics.

Good exam guide and practice exam questions.

While our team has a fair amount of work experience in the field, this set was helpful in getting the terminology to line up with what (ISC)2 uses, and maybe to unlearn a few things picked up over the decades. :) All of us ordered a set, and all of us passed the test on the first attempt.If you are new to the field and may need more than alignment to (ISC)2's lingo, you may want to supplement this with a few other books, but this set is still essential, given that it is issued by the organization behind the test.

I’m a CCSP. It’s long. There’s content that is unlikely to show up on the exam and in some cases that’s noted.I’m augmenting by watching his LinkedIn courses as well as Ben’s courses from his website.

I’m a program manager in security so this book hit a lot of niche spots that specialists deal with while also adding a nice refresher for those who have some experience in security (whether hands on or off).I recommend the study guide and practice tests book. I dock it a star because this book can definitely be cut several hundred pages of examples/not useful info for me.

The books and practice exams were extremely helpful. The practice questions will prepare you carefully read each question before answering.

Fast delivery, good product

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle
⭐ 4.8 💛 872
paperback: $55.76
Buy the Book