CISSP Exam Cram, 5th Edition
- Length: 800 pages
- Edition: 5
- Language: English
- Publisher: Pearson IT Certification
- Publication Date: 2021-08-04
- ISBN-10: 0137419554
- ISBN-13: 9780137419555
- Sales Rank: #943006 (See Top 100 Books)
CISSP Exam Cram, Fifth Edition is the perfect study guide to help you pass the latest update to the eight-domain version of the CISSP exam. It offers knowledge and practice questions for every exam topic, with new coverage of asset retention, secure provisioning, crypto attacks, machine learning tools, threat hunting, risk-based access control, zero trust, SAML, SOAR, CASB, securing microservices, containers, managed services, and more.
Covers the critical information you’ll need to score higher on your CISSP exam!
- Understand Security & Risk Management: ethics, security concepts, governance, compliance, law/regulation, policies/procedures, threat models, supply chain risk, awareness training, and more
- Ensure Secure Assets: identify/classify information and assets; handling requirements, resource provisioning, data lifecycles, retention
- Review Security Architecture & Engineering: secure processes and principles, security models and controls, system capabilities, vulnerability assessment/mitigation, crypto attacks/solutions, site/facility design and controls
- Improve Communication & Network Security: secure network architectures, components, and channels
- Strengthen Identity & Access Management (IAM): physical/logical access control, identification, authentication, federated identity services, authorization, identity/access provisioning
- Enhance Security Assessment & Testing: design/validate assessment, test, and audit strategies; test controls; collect process data; evaluate and report test results; conduct or support audits
- Manage Security Operations: investigations, logs, monitoring, resource protection, incident management, detection/prevention; configuration, patches, vulnerabilities, and change
- management; DR/BC, physical and personnel security, and more
Cover Page About This eBook Title Page Copyright Page Credits Contents at a Glance Table of Contents About the Author About the Technical Reviewer Dedication Acknowledgments We Want to Hear from You! Reader Services Introduction How to Prepare for the Exam Practice Tests Taking a Certification Exam Arriving at the Exam Location In the Testing Center After the Exam Retaking a Test Tracking Your CISSP Status About This Book The Chapter Elements Other Book Elements Chapter Contents Companion Website Accessing the Pearson Test Prep Practice Test Software and Questions Accessing the Pearson Test Prep Software Online Accessing the Pearson Test Prep Software Offline Customizing Your Exams Updating Your Exams Contacting the Author Assessing Your Readiness for the CISSP Exam Security Professionals in the Real World The Ideal CISSP Candidate Put Yourself to the Test Your Educational Background Testing Your Exam Readiness After the Exam Chapter 1 The CISSP Certification Exam Introduction Assessing Exam Readiness Exam Topics Taking the Exam Examples of CISSP Test Questions Answer to Multiple-Choice Question Answer to Drag and Drop Question Answer to Hotspot Question Question-Handling Strategies Mastering the Inner Game Need to Know More? Chapter 2 Understanding Asset Security Introduction Basic Security Principles Data Management: Determining and Maintaining Ownership Data Governance Policies Roles and Responsibilities Data Ownership Data Custodians Data Documentation and Organization Data Warehousing Data Mining Knowledge Management Data Standards Data Lifecycle Control Data Audits Data Storage and Archiving Data Security, Protection, Sharing, and Dissemination Privacy Impact Assessment Information Handling Requirements Record Retention and Destruction Data Remanence and Decommissioning Classifying Information and Supporting Asset Classification Data Classification Military Data Classification Public/Private Data Classification Asset Management and Governance Software Licensing The Equipment Lifecycle Determining Data Security Controls Data at Rest Data in Transit Endpoint Security Baselines Exam Prep Questions Answers to Exam Prep Questions Need to Know More? Chapter 3 Security and Risk Management Introduction Security Governance U.S. Legal System and Laws Relevant U.S. Laws and Regulations International Legal Systems and Laws International Laws to Protect Intellectual Property Global Legal and Regulatory Issues Computer Crime and Hackers Sexual Harassment U.S. Governance Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act (GLBA) Federal Information Security Management Act (FISMA) Sarbanes-Oxley Act (SOX) National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) International Governance Risk Management Concepts Risk Management Frameworks Risk Assessment Risk Management Team Asset Identification and Valuation Threats Analysis Quantitative Assessments Qualitative Assessments Selecting Countermeasures Threat Modeling Concepts and Methodologies Threat Modeling Steps Threat Modeling Tools and Methodologies Managing Risk with the Supply Chain and Third Parties Reducing Risk in Organization Processes Identifying and Prioritizing Business Continuity Requirements Based on Risk Project Management and Initiation Business Impact Analysis Assessing Potential Loss Developing and Implementing Security Policy Security Policy Advisory Policy Informative Policy Regulatory Policy Standards Baselines Guidelines Procedures Types of Controls Administrative Controls Technical Controls Physical Controls Access Control Categories Implementing Personnel Security New-Hire Agreements and Policies Separation of Duties Job Rotation Least Privilege Mandatory Vacations Termination Security Education, Training, and Awareness Security Awareness Social Engineering Professional Ethics Training and Awareness (ISC)2 Code of Ethics Computer Ethics Institute Internet Architecture Board NIST SP 800-14 Common Computer Ethics Fallacies Regulatory Requirements for Ethics Programs Exam Prep Questions Answers to Exam Prep Questions Need to Know More? Chapter 4 Security Architecture and Engineering Introduction Secure Design Guidelines and Governance Principles Enterprise Architecture Regulatory Compliance and Process Control Fundamental Concepts of Security Models Central Processing Unit Storage Media RAM ROM Secondary Storage I/O Bus Standards Virtual Memory and Virtual Machines Computer Configurations Security Architecture Protection Rings Trusted Computing Base Open and Closed Systems Security Modes of Operation Operating States Recovery Procedures Process Isolation Common Formal Security Models State Machine Model Information Flow Model Noninterference Model Confidentiality Bell-LaPadula Model Integrity Biba Model Clark-Wilson Model Take-Grant Model Brewer and Nash Model Other Models Product Security Evaluation Models The Rainbow Series The Orange Book: Trusted Computer System Evaluation Criteria The Red Book: Trusted Network Interpretation Information Technology Security Evaluation Criteria (ITSEC) Common Criteria System Validation Certification and Accreditation Vulnerabilities of Security Architectures Buffer Overflows Backdoors State Attacks Covert Channels Incremental Attacks Emanations Web-Based Vulnerabilities Mobile System Vulnerabilities Cryptography Algorithms Cipher Types and Methods Symmetric Encryption Data Encryption Standard (DES) Electronic Codebook (ECB) Mode Cipher Block Chaining (CBC) Mode Cipher Feedback (CFB) Mode Output Feedback (OFB) Mode Counter (CTR) Mode Triple DES (3DES) Advanced Encryption Standard (AES) International Data Encryption Algorithm (IDEA) Rivest Cipher Algorithms Asymmetric Encryption Diffie-Hellman RSA El Gamal Elliptical Curve Cryptosystem (ECC) Merkle-Hellman Knapsack Review of Symmetric and Asymmetric Cryptographic Systems Hybrid Encryption Public Key Infrastructure and Key Management Certificate Authorities Registration Authorities Certificate Revocation Lists Digital Certificates The Client’s Role in PKI Integrity and Authentication Hashing and Message Digests MD Series SHA-1/2 SHA-3 HAVAL Message Authentication Code (MAC) HMAC CBC-MAC CMAC Digital Signatures DSA Cryptographic System Review Cryptographic Attacks Site and Facility Security Controls Exam Prep Questions Answers to Exam Prep Questions Need to Know More? Chapter 5 Communications and Network Security Introduction Secure Network Design Network Models and Standards OSI Model Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer OSI Summary Encapsulation/De-encapsulation TCP/IP Network Access Layer Internet Layer Internet Protocol (IP) Internet Control Message Protocol (ICMP) Address Resolution Protocol (ARP) Internet Group Management Protocol (IGMP) Host-to-Host (Transport) Layer Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Comparing and Contrasting UDP and TCP Application Layer LANs and Their Components LAN Communication Protocols Network Topologies Bus Topology Mesh Topology Fully Connected Topology LAN Cabling Network Types Network Storage Communication Standards Network Equipment Repeaters Hubs Bridges Switches Mirrored Ports and Network Taps VLANs Routers Gateways Routing WANs and Their Components Packet Switching Synchronous Optical Network (SONET) X.25 Frame Relay Asynchronous Transfer Mode (ATM) Circuit Switching Plain Old Telephone Service (POTS) Integrated Services Digital Network (ISDN) T-Carrier Digital Subscriber Line (DSL) Cable Internet Access Other WAN Technologies Cloud Computing Software-Defined WAN (SD-WAN) Securing Email Communications Pretty Good Privacy (PGP) Other Email Security Applications Securing Voice and Wireless Communications Secure Communications History Voice over IP (VoIP) VoIP Vulnerabilities Cell Phones 802.11 Wireless Networks and Standards Wireless Topologies Wireless Standards Bluetooth Wireless LAN Components Wireless Protection Mechanisms Other Wireless Technologies Securing TCP/IP with Cryptographic Solutions Application/Process Layer Controls Host-to-Host Layer Controls Internet Layer Controls Network Access Layer Controls Link and End-to-End Encryption Network Access Control Devices Firewalls Packet Filters Stateful Firewalls Proxy Servers Demilitarized Zone (DMZ) Network Address Translation (NAT) Remote Access Point-to-Point Protocol (PPP) Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Extensible Authentication Protocol (EAP) Remote Authentication Dial-in User Service (RADIUS) Terminal Access Controller Access Control System (TACACS) Internet Protocol Security (IPsec) Message Privacy and Multimedia Collaboration Exam Prep Questions Answers to Exam Prep Questions Need to Know More? Chapter 6 Identity and Access Management Introduction Perimeter Physical Control Systems Fences Gates Bollards Additional Physical Security Controls CCTV Cameras Lighting Guards and Dogs Locks Lock Picking Employee Access Control Badges, Tokens, and Cards RFID Tags Biometric Access Controls Identification, Authentication, and Authorization Authentication Techniques Something You Know (Type 1): Passwords and PINs Something You Have (Type 2): Tokens, Cards, and Certificates Something You Are (Type 3): Biometrics Strong Authentication Identity Management Implementation Single Sign-On (SSO) Kerberos SESAME Authorization and Access Control Techniques Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC) Attribute-Based Access Control Rule-Based Access Control Other Types of Access Control Centralized and Decentralized Access Control Models Centralized Access Control RADIUS TACACS Diameter Decentralized Access Control Audits and Monitoring Monitoring Access and Usage Intrusion Detection Systems (IDSs) Network-Based Intrusion Detection Systems (NIDSs) Host-Based Intrusion Detection Systems (HIDSs) Signature-Based, Anomaly-Based, and Rule-Based IDS Engines Sensor Placement Intrusion Prevention Systems (IPSs) Network Access Control (NAC) Keystroke Monitoring Exam Prep Questions Answers to Exam Prep Questions Suggesting Reading and Resources Chapter 7 Security Assessment and Testing Introduction Security Assessments and Penetration Test Strategies Audits Root Cause Analyses Log Reviews Network Scanning Vulnerability Scans and Assessments Penetration Testing Test Techniques and Methods Security Threats and Vulnerabilities Threat Actors Attack Methodologies Network Security Threats and Attack Techniques Session Hijacking Sniffing Wiretapping DoS and DDoS Attacks Botnets Other Network Attack Techniques Access Control Threats and Attack Techniques Unauthorized Access Access Aggregation Password Attacks Dictionary Cracking Brute-Force Cracking Rainbow Tables Spoofing Eavesdropping and Shoulder Surfing Identity Theft Social-Based Threats and Attack Techniques Malicious Software Threats and Attack Techniques Viruses Worms Logic Bombs Backdoors and Trojans Wrappers, Packers, and Crypters Rootkits Exploit Kits Advanced Persistent Threats (APTs) Ransomware Investigating Computer Crime Computer Crime Jurisdiction Incident Response The Incident Response Team The Incident Response Process Incident Response and Results Disaster Recovery and Business Continuity Investigations Search, Seizure, and Surveillance Interviews and Interrogations Exam Prep Questions Answers to Exam Prep Questions Need to Know More? Chapter 8 Security Operations Introduction Foundational Security Operations Concepts Managing Users and Accounts Privileged Entities Controlling Access Clipping Levels Resource Protection Due Care and Due Diligence Asset Management System Hardening Change and Configuration Management Trusted Recovery Remote Access Media Management, Retention, and Destruction Telecommunication Controls Cloud Computing Email Whitelisting, Blacklisting, and Graylisting Firewalls Phone, Fax, and PBX Anti-malware Honeypots and Honeynets Patch Management System Resilience, Fault Tolerance, and Recovery Controls Recovery Controls Monitoring and Auditing Controls Auditing User Activity Monitoring Application Transactions Security Information and Event Management (SIEM) Network Access Control Keystroke Monitoring Emanation Security Perimeter Security Controls and Risks Natural Disasters Human-Caused Threats Technical Problems Facility Concerns and Requirements CPTED Area Concerns Location Construction Doors, Walls, Windows, and Ceilings Asset Placement Environmental Controls Heating, Ventilating, and Air Conditioning Electrical Power Uninterruptible Power Supplies (UPSs) Equipment Lifecycle Fire Prevention, Detection, and Suppression Fire-Detection Equipment Fire Suppression Water Sprinklers Halon Alarm Systems Intrusion Detection Systems (IDSs) Monitoring and Detection Intrusion Detection and Prevention Systems Investigations and Incidents Incident Response Digital Forensics, Tools, Tactics, and Procedures Standardization of Forensic Procedures Digital Forensics Acquisition Authentication Analysis The Disaster Recovery Lifecycle Teams and Responsibilities Recovery Strategy Business Process Recovery Facility and Supply Recovery User Recovery Operations Recovery Fault Tolerance Data and Information Recovery Backups Full Backups Differential Backups Incremental Backups Tape Rotation Schemes Other Data Backup Methods Plan Design and Development Personnel Mobilization Interface with External Groups Employee Services Insurance Implementation Awareness and Training Testing Monitoring and Maintenance Exam Prep Questions Answers to Exam Prep Questions Need to Know More? Chapter 9 Software Development Security Introduction Integrating Security into the Development Lifecycle Avoiding System Failure Checks and Application Controls Failure States The Software Development Lifecycle Project Initiation Functional Requirements and Planning Software Design Specifications Software Development and Build Acceptance Testing and Implementation Operations/Maintenance Disposal Development Methodologies The Waterfall Model The Spiral Model Joint Application Development (JAD) Rapid Application Development (RAD) Incremental Development Prototyping Modified Prototype Model (MPM) Computer-Aided Software Engineering (CASE) Agile Development Methods Maturity Models Scheduling Change Management Database Management Database Terms Integrity Transaction Processing Database Vulnerabilities and Threats Artificial Intelligence and Expert Systems Programming Languages, Secure Coding Guidelines, and Standards Object-Oriented Programming CORBA Security of the Software Environment Mobile Code Buffer Overflow Financial Attacks Change Detection Viruses and Worms Exam Prep Questions Answers to Exam Prep Questions Need to Know More? Practice Exam I Practice Exam Questions Practice Exam II Practice Exam Questions Answers to Practice Exam I Answers to Practice Exam II Glossary Index Where are the companion content files? - Register Inside Front Cover Inside Back Cover Code Snippets
Donate to keep this site alive
To access the Link, solve the captcha.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.