CISSP Exam Cram, 4th Edition

Book description

None

Table of contents

  1. About This E-Book
  2. Title Page
  3. Copyright Page
  4. Contents at a Glance
  5. Table of Contents
  6. About the Author
  7. About the Technical Reviewers
  8. Dedication
  9. Acknowledgments
  10. We Want to Hear from You!
  11. Reader Services
  12. Introduction
    1. How to Prepare for the Exam
      1. Practice Tests
    2. Taking a Certification Exam
      1. Arriving at the Exam Location
      2. In the Testing Center
      3. After the Exam
      4. Retaking a Test
      5. Tracking Your CISSP Status
    3. About This Book
      1. The Chapter Elements
      2. Other Book Elements
      3. Chapter Contents
    4. Companion Website
    5. Pearson IT Certification Practice Test Engine and Questions
      1. Accessing the Pearson Test Prep Software Online
      2. Accessing the Pearson Test Prep Software Offline
      3. Customizing Your Exams
    6. Contacting the Author
    7. Self-Assessment
      1. CISSPs in the Real World
      2. The Ideal CISSP Candidate
      3. Put Yourself to the Test
      4. After the Exam
  13. Chapter 1. The CISSP Certification Exam
    1. Introduction
    2. Assessing Exam Readiness
    3. Taking the Exam
    4. Examples of CISSP Test Questions
      1. Multiple-Choice Question Format
      2. Drag and Drop Question Format
      3. Hotspot Question Format
    5. Answer to Multiple-Choice Question
    6. Answer to Drag and Drop Question
    7. Answer to Hotspot Question
    8. Exam Strategy
    9. Question-Handling Strategies
    10. Mastering the Inner Game
    11. Need to Know More?
  14. Chapter 2. Logical Asset Security
    1. Introduction
    2. Basic Security Principles
    3. Data Management: Determine and Maintain Ownership
      1. Data Governance Policy
      2. Roles and Responsibility
      3. Data Ownership
      4. Data Custodians
      5. Data Documentation and Organization
      6. Data Warehousing
      7. Data Mining
      8. Knowledge Management
    4. Data Standards
      1. Data Lifecycle Control
      2. Data Audit
      3. Data Storage and Archiving
    5. Data Security, Protection, Sharing, and Dissemination
      1. Privacy Impact Assessment
      2. Information Handling Requirements
      3. Data Retention and Destruction
      4. Data Remanence and Decommissioning
    6. Classifying Information and Supporting Assets
      1. Data Classification
    7. Asset Management and Governance
      1. Software Licensing
      2. Equipment Lifecycle
    8. Determine Data Security Controls
      1. Data at Rest
      2. Data in Transit
      3. Endpoint Security
      4. Baselines
    9. Laws, Standards, Mandates and Resources
      1. United States Resources
      2. International Resources
    10. Exam Prep Questions
    11. Answers to Exam Prep Questions
    12. Need to Know More?
  15. Chapter 3. Physical Asset Security
    1. Introduction
    2. Physical Security Risks
      1. Natural Disasters
      2. Man-Made Threats
      3. Technical Problems
    3. Facility Concerns and Requirements
      1. CPTED
      2. Area Concerns
      3. Location
      4. Construction
      5. Doors, Walls, Windows, and Ceilings
      6. Asset Placement
      7. Physical Port Controls
    4. Perimeter Controls
      1. Fences
      2. Gates
      3. Bollards
      4. CCTV Cameras
      5. Lighting
      6. Guards and Dogs
      7. Locks
    5. Employee Access Control
      1. Badges, Tokens, and Cards
      2. Biometric Access Controls
    6. Environmental Controls
      1. Heating, Ventilating, and Air Conditioning
    7. Electrical Power
      1. Uninterruptible Power Supply
    8. Equipment Life Cycle
    9. Fire Prevention, Detection, and Suppression
      1. Fire-Detection Equipment
      2. Fire Suppression
    10. Alarm Systems
      1. Intrusion Detection Systems
      2. Monitoring and Detection
    11. Exam Prep Questions
    12. Answers to Exam Prep Questions
    13. Suggested Reading and Resources
  16. Chapter 4. Security and Risk Management
    1. Introduction
    2. Security Governance
      1. Third-Party Governance
      2. Organization Processes
    3. Protection of Intellectual Properly
    4. Privacy Laws and Protection of Personal Information
    5. Relevant Laws and Regulations
    6. United States Legal System and Laws
    7. International Legal Systems and Laws
    8. Computer Crime and Hackers
      1. Sexual Harassment
    9. Risk Management Concepts
      1. Risk Management Frameworks
      2. Risk Assessment
    10. Countermeasure Selection
    11. Develop and Implement Security Policy
      1. Security Policy
      2. Standards
      3. Baselines
      4. Guidelines
      5. Procedures
    12. Types of Controls
      1. Administrative Controls
      2. Technical Controls
      3. Physical Controls
      4. Access Control Categories
    13. Implement Personnel Security
      1. New-Hire Agreements and Policies
      2. Separation of Duties
      3. Job Rotation
      4. Least Privilege
      5. Mandatory Vacations
      6. Termination
    14. Security Education, Training, and Awareness
      1. Security Awareness
      2. Social Engineering
    15. Professional Ethics Training and Awareness
      1. ISC2 Code of Ethics
      2. Computer Ethics Institute
      3. Internet Architecture Board
      4. NIST SP 800-14
      5. Common Computer Ethics Fallacies
      6. Regulatory Requirements for Ethics Programs
    16. Exam Prep Questions
    17. Answers to Exam Prep Questions
    18. Need to Know More?
  17. Chapter 5. Security Engineering
    1. Introduction
    2. Fundamental Concepts of Security Models
      1. Central Processing Unit
      2. Storage Media
      3. I/O Bus Standards
      4. Virtual Memory and Virtual Machines
      5. Computer Configurations
    3. Security Architecture
      1. Protection Rings
      2. Trusted Computer Base
      3. Open and Closed Systems
      4. Security Modes of Operation
      5. Operating States
      6. Recovery Procedures
      7. Process Isolation
    4. Common Formal Security Models
      1. State Machine Model
      2. Information Flow Model
      3. Noninterference Model
      4. Confidentiality
      5. Integrity
      6. Other Models
    5. Product Security Evaluation Models
      1. The Rainbow Series
      2. Information Technology Security Evaluation Criteria
      3. Common Criteria
    6. System Validation
      1. Certification and Accreditation
    7. Security Guidelines and Governance
      1. Enterprise Architecture
      2. Regulatory Compliance and Process Control
    8. Vulnerabilities of Security Architectures
      1. Buffer Overflow
      2. Back Doors
      3. State Attacks
      4. Covert Channels
      5. Incremental Attacks
      6. Emanations
      7. Web-based Vulnerabilities
      8. Mobile System Vulnerabilities
    9. Exam Prep Questions
    10. Answers to Exam Prep Questions
    11. Need to Know More?
  18. Chapter 6. The Application and Use of Cryptography
    1. Introduction
    2. Cryptographic Basics
    3. History of Encryption
    4. Steganography
      1. Steganography Operation
      2. Digital Watermark
    5. Algorithms
    6. Cipher Types and Methods
    7. Symmetric Encryption
      1. Data Encryption Standard
      2. Triple-DES
      3. Advanced Encryption Standard (AES)
      4. International Data Encryption Algorithm
      5. Rivest Cipher Algorithms
    8. Asymmetric Encryption
      1. Diffie-Hellman
      2. RSA
      3. El Gamal
      4. Elliptical Curve Cryptosystem
      5. Merkle-Hellman Knapsack
      6. Review of Symmetric and Asymmetric Cryptographic Systems
    9. Hybrid Encryption
    10. Integrity and Authentication
      1. Hashing and Message Digests
      2. Digital Signatures
      3. Cryptographic System Review
    11. Public Key Infrastructure
      1. Certificate Authority
      2. Registration Authority
      3. Certificate Revocation List
      4. Digital Certificates
      5. The Client’s Role in PKI
    12. Email Protection Mechanisms
      1. Pretty Good Privacy
      2. Other Email Security Applications
    13. Securing TCP/IP with Cryptographic Solutions
      1. Application/Process Layer Controls
      2. Host to Host Layer Controls
      3. Internet Layer Controls
      4. Network Access Layer Controls
      5. Link and End-to-End Encryption
    14. Cryptographic Attacks
    15. Exam Prep Questions
    16. Answers to Exam Prep Questions
    17. Need to Know More?
  19. Chapter 7. Communications and Network Security
    1. Introduction
    2. Secure Network Design
    3. Network Models and Standards
      1. OSI Model
      2. Encapsulation/De-encapsulation
    4. TCP/IP
      1. Network Access Layer
      2. Internet Layer
      3. Host-to-Host (Transport) Layer
      4. Application Layer
    5. LANs and Their Components
      1. LAN Communication Protocols
      2. Network Topologies
      3. LAN Cabling
      4. Network Types
      5. Network Storage
    6. Communication Standards
    7. Network Equipment
      1. Repeaters
      2. Hubs
      3. Bridges
      4. Switches
      5. Mirrored Ports and Network Taps
      6. VLANs
      7. Routers
      8. Gateways
    8. Routing
    9. WANs and Their Components
      1. Packet Switching
      2. Circuit Switching
    10. Cloud Computing
    11. Voice Communications and Wireless Communications
      1. Voice over IP
      2. Cell Phones
      3. 802.11 Wireless Networks and Standards
    12. Network Access Control Devices
      1. Firewalls
      2. Demilitarized Zone
      3. Firewall Design
    13. Remote Access
      1. Point-to-Point Protocol
      2. Remote Authentication Dial-in User Service
      3. Terminal Access Controller Access Control System
      4. IPsec
    14. Message Privacy and Multimedia Collaboration
    15. Exam Prep Questions
    16. Answers to Exam Prep Questions
    17. Need to Know More?
  20. Chapter 8. Identity and Access Management
    1. Introduction
    2. Identification, Authentication, and Authorization of People and Devices
      1. Authentication Techniques
      2. Identity Management Implementation
    3. Single Sign-On
      1. Kerberos
      2. Sesame
    4. Authorization and Access Control Techniques
      1. Discretionary Access Control
      2. Mandatory Access Control
      3. Role-Based Access Control
      4. Other Types of Access Controls
    5. Access Control Models
      1. Centralized Access Control
      2. Decentralized Access Control
    6. Audit and Monitoring
      1. Monitoring Access and Usage
      2. Intrusion Detection Systems
      3. Intrusion Prevention Systems
      4. Network Access Control
      5. Keystroke Monitoring
    7. Exam Prep Questions
    8. Answers to Exam Prep Questions
    9. Suggesting Reading and Resources
  21. Chapter 9. Security Assessment and Testing
    1. Introduction
    2. Security Assessments and Penetration Test Strategies
      1. Audits
      2. Vulnerability Assessments
      3. Penetration Testing
    3. Test Techniques and Methods
    4. Security Threats and Vulnerabilities
      1. Threat Actors
      2. Attack Methodologies
    5. Network Security Threats and Attack Techniques
      1. Session Hijacking
      2. Sniffing
      3. Wiretapping
      4. DoS Attacks
      5. Distributed Denial of Service
      6. Botnets
      7. Other Network Attack Techniques
    6. Access Control Threats and Attack Techniques
      1. Unauthorized Access
      2. Access Aggregation
      3. Password Attacks
      4. Spoofing
      5. Eavesdropping and Shoulder Surfing
      6. Identity Theft
    7. Social-based Threats and Attack Techniques
    8. Malicious Software Threats and Attack Techniques
      1. Viruses
      2. Worms
      3. Logic Bombs
      4. Backdoors and Trojans
      5. Rootkits
      6. Crimeware Kits
      7. Advanced Persistent Threats
      8. Ransomware
    9. How Computer Crime Has Changed
    10. Well-Known Computer Crimes and Criminals
    11. Investigating Computer Crime
      1. Computer Crime Jurisdiction
      2. Incident Response
    12. Forensics
      1. Standardization of Forensic Procedures
      2. Computer Forensics
    13. Investigations
      1. Search, Seizure, and Surveillance
      2. Interviews and Interrogations
      3. Honeypots and Honeynets
      4. Evidence Types
    14. Trial
      1. The Evidence Life-Cycle
    15. Exam Prep Questions
    16. Answers to Exam Prep Questions
    17. Need to Know More?
  22. Chapter 10. Security Operations
    1. Introduction
    2. Foundational Security Operations Concepts
      1. Managing Users and Accounts
      2. Privileged Entities
      3. Controlling Access
      4. Clipping Levels
    3. Resource Protection
      1. Due Care and Due Diligence
      2. Asset Management
      3. System Hardening
      4. Change and Configuration Management
      5. Trusted Recovery
      6. Remote Access
      7. Media Management, Retention, and Destruction
    4. Telecommunication Controls
      1. Cloud Computing
      2. Email
      3. Whitelisting, Blacklisting, and Graylisting
      4. Fax
      5. PBX
      6. Anti-malware
      7. Honeypots and Honeynets
      8. Patch Management
    5. System Resilience, Fault Tolerance, and Recovery Controls
      1. Backups
      2. Fault Tolerance
      3. RAID
      4. Recovery Controls
    6. Monitoring and Auditing Controls
      1. Auditing User Activity
      2. Monitoring Application Transactions
      3. Security Information and Event Management (SIEM)
      4. Network Access Control
      5. Keystroke Monitoring
      6. Emanation Security
      7. Controlling Physical Access
    7. Intrusion Detection Systems
      1. Network-Based Intrusion Detection Systems
      2. Host-Based Intrusion-Detection Systems
      3. Signature-Based, Anomaly-Based, and Rule-Based IDS Engines
      4. Intrusion Prevention Systems
    8. Responding to Operational Security Incidents
      1. Incident Response
    9. The Disaster Recovery Life Cycle
      1. Teams and Responsibilities
    10. Exam Prep Questions
    11. Answers to Exam Prep Questions
    12. Need to Know More?
  23. Chapter 11. Software Development Security
    1. Introduction
    2. Software Development
      1. Avoiding System Failure
      2. The System Development Lifecycle
    3. Development Methods
      1. The Waterfall Model
      2. The Spiral Model
      3. Joint Application Development
      4. Rapid Application Development
      5. Incremental Development
      6. Prototyping
      7. Modified Prototype Model (MPM)
      8. Computer-Aided Software Engineering
      9. Agile Development Methods
      10. Capability Maturity Model
      11. Scheduling
    4. Change Management
    5. Programming Languages
      1. Object-Oriented Programming
      2. CORBA
    6. Database Management
      1. Database Terms
      2. Integrity
      3. Transaction Processing
      4. Artificial Intelligence and Expert Systems
    7. Security of the Software Environment
      1. Mobile Code
      2. Buffer Overflow
      3. Financial Attacks
      4. Change Detection
      5. Viruses
      6. Worms
    8. Exam Prep Questions
    9. Answers to Exam Prep Questions
    10. Need to Know More?
  24. Chapter 12. Business Continuity Planning
    1. Introduction
    2. Threats to Business Operations
    3. Business Continuity Planning (BCP)
      1. Project Management and Initiation
      2. Business Impact Analysis
      3. Recovery Strategy
      4. Plan Design and Development
      5. Implementation
      6. Testing
      7. Monitoring and Maintenance
    4. Exam Prep Questions
    5. Answers to Exam Prep Questions
    6. Need to Know More?
  25. Practice Exam I
    1. Practice Exam Questions
  26. Answers to Practice Exam I
  27. Practice Exam II
    1. Practice Exam Questions
  28. Answers to Practice Exam II
  29. Glossary
  30. Index
  31. Exam Cram The CISSP Cram Sheet
    1. Logical and Physical Asset Security
    2. Security and Risk Management
    3. Security Engineering
    4. The Application and Use of Cryptography
    5. Telecommunications and Communications and Network Security
    6. Identity and Access Management
    7. Security Assessment and Testing
    8. Security Assessment
    9. Software Development Security
    10. Business Continuity Planning
  32. Where are the companion content files?
  33. Code Snippets

Product information

  • Title: CISSP Exam Cram, 4th Edition
  • Author(s):
  • Release date:
  • Publisher(s): Pearson IT Certification
  • ISBN: None