You are previewing CISSP Exam Cram™ 2.
O'Reilly logo
CISSP Exam Cram™ 2

Book Description

A new edition of this title is available, ISBN-10: 0789738066 ISBN-13: 9780789738066

Learn what you need to know to master the CISSP security technology and the certification exam with the CISSP Exam Cram 2. A perfect compliment to larger study guides, the CISSP Exam Cram 2 is a great way to find out exactly what will be expected of you during the real exam. The book includes:

  • Exam topic-focused chapters.

  • Practice questions at the end of each chapter.

  • Exam Alerts that highlight key terms and areas.

  • Two full-length practice exams.

  • An electronic test engine provided by MeasureUp on CD-ROM with additional practice exams.

  • The "Cram Sheet" tearcard for last minute exam review.

  • Prepare for the CISSP certification exam with the proven Exam Cram 2 learning tools provided in the CISSP Exam Cram 2.

    Table of Contents

    1. Copyright
      1. Dedication
    2. A Note from Series Editor Ed Tittel
    3. About the Author
    4. Acknowledgments
    5. We Want to Hear from You!
    6. Introduction
      1. How to Prepare for the Exam
        1. Practice Tests
      2. Taking a Certification Exam
        1. Arriving at the Exam Location
        2. In the Exam Room
        3. After the Exam
        4. Retaking a Test
      3. Tracking Your CISSP Status
      4. About This Book
        1. The Chapter Elements
        2. Other Book Elements
        3. Chapter Contents
        4. Contacting the Author
    7. Self-Assessment
      1. CISSPs in the Real World
      2. The Ideal CISSP Candidate
      3. Put Yourself to the Test
        1. Your Educational Background
        2. Testing Your Exam Readiness
      4. After the Exam
    8. 1. The CISSP Certification Exam
      1. Introduction
      2. Assessing Exam Readiness
      3. Taking the Exam
      4. Multiple-Choice Question Format
      5. Exam Strategy
      6. Question-Handling Strategies
      7. Mastering the Inner Game
      8. Need to Know More?
    9. 2. Physical Security
      1. Introduction
      2. Physical Security Risks
        1. Natural Disasters
        2. Man-Made Threats
        3. Emergency Situations
      3. Requirements for New Site Locations
        1. Location
        2. Construction
        3. Doors, Walls, Windows, and Ceilings
      4. Building Defense in Depth
        1. Perimeter Controls
          1. CCTV Cameras
          2. Mantraps
          3. Card Keys
          4. Radio Frequency Identification (RFID) Tags
          5. Lighting
          6. Guards
          7. Dogs
          8. Locks
            1. Preset Key Locks
            2. Mobile Security Locks
            3. Programmable Cipher Locks
          9. Biometric Access Controls
        2. Server Placement
        3. Intrusion Detection
      5. Environmental Controls
      6. Electrical Power
        1. Uninterruptible Power Supply (UPS)
      7. Equipment Life Cycle
      8. Fire Prevention, Detection, and Suppression
        1. Fire-Detection Equipment
        2. Fire Suppression
          1. Halon
          2. Water Sprinklers
      9. Exam Prep Questions
      10. Answers to Exam Prep Questions
      11. Need to Know More?
    10. 3. Security-Management Practices
      1. Introduction
      2. The Risk of Poor Security Management
      3. The Role of CIA
      4. Risk Assessment
        1. Risk Management
          1. Risk-Management Team
          2. Identifying the Threats and Vulnerabilities
          3. Placing a Value on Assets
            1. Quantitative Assessment
            2. Qualitative Assessment
          4. Handling Risk
      5. Policies, Procedures, Standards, Baselines, and Guidelines
        1. Security Policy
          1. Advisory Policy
          2. Informative Policy
          3. Regulatory Policy
        2. Standards
        3. Baselines
        4. Guidelines
        5. Procedures
      6. Implementation
        1. Data Classification
          1. Military Data Classification
          2. Public/Private Data Classification
        2. Roles and Responsibility
        3. Security Controls
          1. Administrative
          2. Technical
          3. Physical
      7. Training and Education
        1. Security Awareness
      8. Auditing Your Security Infrastructure
      9. Exam Prep Questions
      10. Answers to Exam Prep Questions
      11. Need to Know More?
    11. 4. Access-Control Systems and Methodology
      1. Introduction
      2. Threats Against Access Control
        1. Password Attacks
          1. Dictionary Crack
          2. Brute-Force Crack
        2. Emanation Security
        3. Denial of Service/Distributed Denial of Service (DoS/DDoS)
      3. Access-Control Types
        1. Administrative Controls
        2. Technical Controls
        3. Physical Controls
      4. Identification, Authentication, and Authorization
        1. Authentication
          1. Passwords
            1. Cognitive Passwords
            2. One-Time Passwords
          2. Token Device
            1. Synchronous
            2. Asynchronous
          3. Biometrics
          4. Strong Authentication
      5. Single Sign-On
        1. Kerberos
        2. SESAME
        3. Access-Control Models
          1. Centralized Access Control
            1. RADIUS
            2. TACACS
          2. Decentralized Access Control
      6. Data Access Controls
        1. Discretionary Access Control (DAC)
        2. Mandatory Access Control (MAC)
        3. Role-Based Access Control (RBAC)
        4. Other Types of Access Controls
      7. Intrusion-Detection Systems (IDS)
        1. Network-Based Intrusion-Detection Systems (NIDS)
        2. Host-Based Intrusion-Detection Systems (HIDS)
        3. Signature-Based and Behavior-Based IDS Systems
          1. Sensor Placement
      8. Penetration Testing
      9. Honeypots
      10. Exam Prep Questions
      11. Answers to Exam Prep Questions
      12. Need to Know More?
    12. 5. System Architecture and Models
      1. Introduction
      2. Common Flaws in the Security Architecture
        1. Buffer Overflow
        2. Back Doors
        3. Asynchronous Attacks
        4. Covert Channels
        5. Incremental Attacks
      3. Computer System Architecture
        1. Central Processing Unit (CPU)
        2. Storage Media
          1. Secondary Storage
          2. Virtual Memory and Virtual Machines
      4. Security Mechanisms
        1. Process Isolation
        2. Operation States
        3. Protection Rings
        4. Trusted Computer Base
      5. Security Models of Control
        1. Integrity
          1. Biba
          2. Clark-Wilson
        2. Confidentiality
          1. Bell-LaPadula
          2. Take-Grant Model
          3. Brewer and Nash Model
        3. Other Models
        4. Open and Closed Systems
      6. Documents and Guidelines
        1. The Rainbow Series
          1. The Orange Book: Trusted Computer System Evaluation Criteria
        2. The Red Book: Trusted Network Interpretation
        3. Information Technology Security Evaluation Criteria (ITSEC)
        4. Common Criteria
        5. British Standard 7799
      7. System Validation
        1. Certification and Accreditation
      8. Exam Prep Questions
      9. Answers to Exam Prep Questions
      10. Need to Know More?
    13. 6. Telecommunications and Network Security
      1. Introduction
      2. Threats to Network Security
        1. DoS Attacks
        2. Disclosure Attacks
        3. Destruction, Alteration, or Theft
      3. LANs and Their Components
        1. LAN Communication Protocols
        2. Network Topologies
          1. Bus Topology
          2. Star Topology
          3. Ring Topology
        3. LAN Cabling
        4. 802.11 Wireless Networking
        5. Bluetooth
      4. WANS and Their Components
        1. Packet Switching
          1. X.25
          2. Frame Relay
          3. Asynchronous Transfer Mode (ATM)
          4. Voice over IP (VoIP)
        2. Circuit Switching
          1. Plain Old Telephone Service (POTS)
          2. Integrated Services Digital Network (ISDN)
          3. T-Carriers
          4. Digital Subscriber Line (DSL)
          5. Cable Modems
      5. Network Models and Standards
        1. OSI Model
          1. Physical Layer
          2. Data Link Layer
          3. Network Layer
          4. Transport Layer
          5. Session Layer
          6. Presentation Layer
          7. Application Layer
        2. TCP/IP
          1. Network Access Layer
          2. Internet Layer
            1. Internet Control Message Protocol (ICMP)
            2. Address Resolution Protocol (ARP)
          3. Host-to-Host Layer
            1. TCP
            2. UDP
          4. Application Layer
      6. Network Equipment
        1. Hubs
        2. Bridges
        3. Switches
        4. Routers
      7. Access Methods and Remote Connectivity
        1. Point-to-Point Protocol (PPP)
        2. Password Authentication Protocol (PAP)
          1. Challenge Handshake Authentication Protocol (CHAP)
          2. Extensible Authentication Protocol (EAP)
        3. Virtual Private Networks (VPNs)
        4. Remote Authentication Dial-in User Service (RADIUS)
        5. Terminal Access Controller Access Control System (TACACS)
        6. IPSec
      8. Message Privacy
        1. PGP
        2. S/MIME
        3. Privacy Enhanced Mail (PEM)
      9. Network Access Controls
        1. Firewalls
          1. Packet Filters
          2. NAT
          3. Stateful Firewalls
          4. Proxy Servers
        2. Demilitarized Zone (DMZ)
      10. Exam Prep Questions
      11. Answers to Exam Prep Questions
      12. Need to Know More?
    14. 7. Applications and Systems-Development Security
      1. Introduction
      2. Malicious Code
        1. Viruses and Worms
        2. Buffer Overflow
        3. Denial of Service (DoS)
        4. Distributed Denial of Service (DDoS)
        5. Malformed Input (SQL Injection)
        6. Spyware
        7. Back Doors and Trapdoors
        8. Change Detection
      3. Failure States
      4. The System Development Life Cycle
        1. Project Initiation
        2. Development and Acquisition
        3. Acceptance Testing/Implementation
        4. Operations/Maintenance
        5. Disposal
      5. Software-Development Methods
        1. The Waterfall Model
        2. The Spiral Model
        3. Joint Application Development (JAD)
        4. Rapid Application Development (RAD)
        5. Computer-Aided Software Engineering (CASE)
      6. Change Management
      7. Programming Languages
        1. Object-Oriented Programming
          1. Object-Oriented Considerations
        2. CORBA
      8. Database Management
        1. Transaction Processing
        2. Database Terms
        3. Data Warehousing
        4. Data Mining
        5. Knowledge Management
      9. Exam Prep Questions
      10. Answers to Exam Prep Questions
      11. Need to Know More?
    15. 8. Operations Security
      1. Introduction
      2. Hack Attacks
        1. Common Attack Methodologies
        2. Phreakers and Their Targets
      3. Operational Security
        1. New-Hire Orientation
        2. Separation of Duties
        3. Job Rotation
        4. Least Privilege
        5. Mandatory Vacations
        6. Termination
      4. Auditing and Monitoring
        1. Auditing
          1. Auditing Tools
        2. Clipping Levels
        3. Intrusion Detection
        4. Keystroke Monitoring
        5. Facility Access Control
      5. Categories of Control
      6. Fax Control
      7. Ethical Hacking
        1. Penetration Testing
      8. Contingency Planning, Backup, and Recovery
        1. RAID
        2. Backups
          1. Full Backups
          2. Differential Backups
          3. Incremental Backups
          4. Tape-Rotation Schemes
      9. Exam Prep Questions
      10. Answers to Exam Prep Questions
      11. Need to Know More?
    16. 9. Business Continuity Planning
      1. Introduction
      2. The Risks of Poor Business Planning
      3. Business Continuity Management
      4. Business Continuity Plan (BCP)
        1. Project Management and Initiation
        2. Business Impact Analysis (BIA)
        3. Recovery Strategy
        4. Plan Design and Development
        5. Testing, Maintenance, Awareness, and Training
          1. Awareness and Training
      5. Disaster Recovery Planning (DRP)
        1. Alternative Sites and Hardware Backup
          1. Reciprocal Agreement
          2. Hot, Warm, and Cold Sites
          3. Multiple Data Centers
          4. Service Bureaus
          5. Other Alternatives
        2. Software Backups
          1. Backup Types
          2. Tape-Rotation Strategies
      6. Exam Prep Questions
      7. Answers to Exam Prep Questions
      8. Need to Know More?
    17. 10. Law, Investigations, and Ethics
      1. Introduction
      2. Computer Crimes
        1. Software Piracy
        2. Terrorism
        3. Pornography
      3. Common Attacks
        1. Keystroke Logging
        2. Wiretapping
        3. Spoofing Attacks
        4. Manipulation Attacks
        5. Social Engineering
        6. Dumpster Diving
      4. Ethics
        1. ISC2 Code of Ethics
        2. Computer Ethics Institute
        3. Internet Activities Board
      5. International Property Laws
        1. Privacy Laws
      6. Parameters of Investigation
        1. Computer Crime Investigation
        2. Incident-Response Procedures
        3. Incident-Response Team
      7. Forensics
        1. Handling Evidence
          1. Trace Evidence
        2. Drive Wiping
        3. Standardization of Forensic Procedures
      8. Major Legal Systems
        1. Evidence Types
        2. Trial
      9. Exam Prep Questions
      10. Answers to Exam Prep Questions
      11. Need to Know More?
    18. 11. Cryptography
      1. Introduction
      2. Cryptographic Basics
      3. History of Encryption
      4. Symmetric Encryption
        1. Data Encryption Standard (DES)
          1. Electronic Codebook (ECB) Mode
          2. Cipher Block Chaining (CBC) Mode
          3. Cipher Feedback (CFB) Mode
          4. Output Feedback (OFB) Mode
        2. Triple-DES (3DES)
        3. Advanced Encryption Standard (AES)
        4. International Data Encryption Algorithm (IDEA)
        5. Other Symmetric Algorithms
      5. Asymmetric Encryption
        1. RSA
        2. Diffie-Hellman
        3. El Gamal
        4. Elliptical Curve Cryptosystem (ECC)
        5. Merkle-Hellman Knapsack
      6. Integrity and Authentication
        1. Message Digests
        2. MD Series
          1. SHA-1
          2. HAVAL
          3. HMAC
        3. Digital Signatures
          1. Message Authentication Code (MAC)
          2. Digital Signature Algorithm (DSA)
      7. Steganography
      8. Public Key Infrastructure (PKI)
        1. Certificate Authority (CA)
        2. Registration Authority (RA)
        3. Certificate Revocation List (CRL)
        4. Digital Certificates
        5. The Client's Role in PKI
      9. Cryptographic Services
        1. Secure Email
          1. Pretty Good Privacy (PGP)
          2. Other Email Security Applications
        2. Secure TCP/IP Protocols
          1. Application-Layer Cryptographic Solutions
          2. Transport- and Internet-Layer Cryptographic Solutions
            1. IPSec
          3. Lower-Layer Cryptographic Solutions
            1. Moving the Data
      10. Cryptographic Attacks
      11. Exam Prep Questions
      12. Answers to Exam Prep Questions
      13. Need to Know More?
    19. 12. Practice Exam 1
      1. Practice Exam Questions
    20. 13. Answers to Practice Exam 1
      1. Answer Key
      2. Answers to Practice Exam Questions
    21. 14. Practice Exam 2
      1. Practice Exam Questions
    22. 15. Answers to Practice Exam 2
      1. Answer Key
      2. Answers to Practice Exam Questions
    23. A. What's on the CD
      1. Multiple Test Modes
        1. Study Mode
        2. Certification Mode
        3. Custom Mode
        4. Adaptive Mode
        5. Missed Question Mode
        6. Non-Duplicate Mode
      2. Question Types
      3. Random Questions and Order of Answers
      4. Detailed Explanations of Correct and Incorrect Answers
      5. Attention to Exam Objectives
      6. Installing the CD
        1. Creating a Shortcut to the MeasureUp Practice Tests
      7. Technical Support
    24. Glossary
    25. The CISSP Cram Sheet