CISSP Exam Cram

 
 
Pearson It Certification (Verlag)
  • 3. Auflage
  • |
  • erschienen am 29. November 2012
 
E-Book | ePUB mit Adobe-DRM | Systemvoraussetzungen
978-0-13-303414-1 (ISBN)
 

This is the eBook version of the print title. Note that the eBook does not provide access to the practice test software that accompanies the print book. Access to the digital edition of the Cram Sheet is available through product registration at Pearson IT Certification; or see instructions in back pages of your eBook.

CISSP Exam Cram, Third Edition, is the perfect study guide to help you pass the tough new electronic version of the CISSP exam. It provides coverage and practice questions for every exam topic, including substantial new coverage of encryption, cloud security, information lifecycles, security management/governance, and more. The book contains an extensive set of preparation tools, such as quizzes, Exam Alerts, and two practice exams.

· Covers the critical information you'll need to pass the CISSP exam!

· Enforce effective physical security throughout your organization

· Apply reliable authentication, authorization, and accountability

· Design security architectures that can be verified, certified, and accredited

· Understand the newest attacks and countermeasures

· Use encryption to safeguard data, systems, and networks

· Systematically plan and test business continuity/disaster recovery programs

· Protect today's cloud, web, and database applications

· Address global compliance issues, from privacy to computer forensics

· Develop software that is secure throughout its entire lifecycle

· Implement effective security governance and risk management

· Use best-practice policies, procedures, guidelines, and controls

· Ensure strong operational controls, from background checks to security audits

3. Auflage
  • Englisch
  • Upper Saddle River
  • |
  • USA
Pearson Education (US)
  • Für höhere Schule und Studium
  • 27,66 MB
978-0-13-303414-1 (9780133034141)

As the founder and president of Superior Solutions, Inc., a Houston-based IT security consulting and auditing firm, Michael Gregg has more than 20 years of experience in information security and risk management. He holds two associate's degrees, a bachelor's degree, and a master's degree. Some of the certifications he holds include CISA, CISSP, MCSE, CTT+, A+, N+, Security+, CASP, CCNA, GSEC, CEH, CHFI, CEI, CISA, CISM, CGEIT, and SSCP.

In addition to his experience with performing security audits and assessments, Gregg has authored or coauthored more than 15 books, including Certified Ethical Hacker Exam Prep (Que), CISSP Exam Cram 2 (Que), and Security Administrator Street Smarts (Sybex). He is a site expert for TechTarget.com websites, such as SearchNetworking.com. He also serves on their editorial advisory board. His articles have been published on IT websites and he has been quoted on Fox News and the in the New York Times. He has created more than 15 security-related courses and training classes for various companies and universities. Although audits and assessments are where he spends the bulk of his time, teaching and contributing to the written body of IT security knowledge are how Michael believes he can give something back to the community that has given him so much.

He is a board member for Habitat for Humanity and when not working, Michael enjoys traveling and restoring muscle cars.

Introduction. . . . 1

How to Prepare for the Exam. . . 1

Practice Tests . . . 2

Taking a Certification Exam . . . 2

Arriving at the Exam Location . . 2

In the Testing Center . . . 3

After the Exam. . . 3

Retaking a Test . . . 3

Tracking Your CISSP Status . . 3

About This Book. . . 4

The Chapter Elements. . . 4

Other Book Elements. . . 7

Chapter Contents . . . 7

Pearson IT Certification Practice Test Engine and Questions on the CD . . . . 9

Install the Software from the CD. . 10

Activate and Download the Practice Exam . . 11

Activating Other Exams . . . 11

Contacting the Author . . . 12

Self-Assessment. . . 12

CISSPs in the Real World . . . 12

The Ideal CISSP Candidate . . 12

Put Yourself to the Test . . . 13

After the Exam . . . 15

Chapter 1: The CISSP Certification Exam . . . 17

Introduction. . . . 18

Assessing Exam Readiness . . . 18

Taking the Exam . . . 19

Multiple-Choice Question Format . . 21

Exam Strategy . . . 21

Question-Handling Strategies . . . 22

Mastering the Inner Game . . . 23

Need to Know More? . . . 24

Chapter 2: Physical Security . . . . 25

Introduction. . . . 26

Physical Security Risks. . . 26

Natural Disasters. . . 27

Man-Made Threats. . . 28

Technical Problems. . . 28

Facility Concerns and Requirements . . 29

CPTED . . . 30

Area Concerns . . . 30

Location . . . 31

Construction . . . 32

Doors, Walls, Windows, and Ceilings . . 32

Asset Placement. . . 35

Physical Port Controls . . . 36

Perimeter Controls. . . 36

Fences . . . . 36

Gates. . . . 38

Bollards. . . . 39

CCTV Cameras . . . 40

Lighting . . . 41

Guards and Dogs . . . 42

Locks. . . . 43

Employee Access Control . . . 46

Badges, Tokens, and Cards . . 47

Biometric Access Controls. . . 48

Environmental Controls . . . 49

Heating, Ventilating, and Air Conditioning . . 50

Electrical Power . . . 51

Uninterruptible Power Supply . . 52

Equipment Life Cycle . . . 53

Fire Prevention, Detection, and Suppression . . 53

Fire-Detection Equipment . . 54

Fire Suppression . . . 54

Alarm Systems . . . 57

Intrusion Detection Systems . . 57

Monitoring and Detection. . . 58

Exam Prep Questions. . . 60

Answers to Exam Prep Questions . . 62

Suggested Reading and Resources . . 64

Chapter 3: Access Control Systems and Methodology. . 65

Introduction. . . . 66

Identification, Authentication, and Authorization . . 67

Authentication . . . 67

Access Management . . . 79

Single Sign-On . . . 80

Kerberos. . . 81

SESAME . . . 83

Authorization and Access Controls Techniques . . 84

Discretionary Access Control . . 84

Mandatory Access Control . . 85

Role-Based Access Control . . 87

Other Types of Access Controls . . 88

Access Control Methods . . . 89

Centralized Access Control . . 89

Decentralized Access Control . . 92

Access Control Types . . . 93

Administrative Controls. . . 93

Technical Controls . . . 94

Physical Controls . . . 94

Access Control Categories. . . 95

Audit and Monitoring . . . 96

Monitoring Access and Usage. . 96

Intrusion Detection Systems . . 97

Intrusion Prevention Systems . . 101

Network Access Control . . . 102

Keystroke Monitoring . . . 102

Emanation Security . . . 103

Access Control Attacks. . . 104

Unauthorized Access . . . 104

Access Aggregation . . . 105

Password Attacks. . . 105

Spoofing . . . 109

Sniffing . . . 109

Eavesdropping and Shoulder Surfing. . 110

Wiretapping. . . 110

Identity Theft . . . 110

Denial of Service Attacks . . . 111

Distributed Denial of Service Attacks . . 113

Botnets . . . 113

Exam Prep Questions. . . 116

Answers to Exam Prep Questions . . 119

Suggesting Reading and Resources . . 121

Chapter 4: Cryptography. . . . 123

Introduction. . . . 124

Cryptographic Basics . . . 124

History of Encryption . . . 127

Steganography. . . 132

Steganography Operation . . 133

Digital Watermark . . . 134

Algorithms . . . . 135

Cipher Types and Methods . . . 137

Symmetric Encryption . . . 137

Data Encryption Standard. . 140

Triple-DES . . . 144

Advanced Encryption Standard. . 145

International Data Encryption Algorithm. . 146

Rivest Cipher Algorithms . . 146

Asymmetric Encryption . . . 147

Diffie-Hellman . . . 149

RSA. . . . 150

El Gamal . . . 151

Elliptical Curve Cryptosystem . . 152

Merkle-Hellman Knapsack . . 152

Review of Symmetric and Asymmetric Cryptographic Systems . . . 153

Hybrid Encryption . . . 153

Integrity and Authentication. . . 154

Hashing and Message Digests. . 155

Digital Signatures . . . 158

Cryptographic System Review . . 159

Public Key Infrastructure . . . 160

Certificate Authority . . . 160

Registration Authority . . . 161

Certificate Revocation List . . 161

Digital Certificates . . . 161

The Client's Role in PKI . . . 163

Email Protection Mechanisms . . . 164

Pretty Good Privacy. . . 164

Other Email Security Applications. . 165

Securing TCP/IP with Cryptographic Solutions. . 165

Application/Process Layer Controls . . 166

Host to Host Layer Controls . . 167

Internet Layer Controls. . . 168

Network Access Layer Controls . . 170

Link and End-to-End Encryption . . 170

Cryptographic Attacks . . . 171

Exam Prep Questions. . . 175

Answers to Exam Prep Questions . . 178

Need to Know More? . . . 180

Chapter 5: Security Architecture and Models . . . 181

Introduction. . . . 182

Computer System Architecture . . 182

Central Processing Unit . . . 182

Storage Media . . . 186

I/O Bus Standards. . . 189

Hardware Cryptographic Components . . 190

Virtual Memory and Virtual Machines . . 190

Computer Configurations . . 191

Security Architecture . . . 192

Protection Rings . . . 192

Trusted Computer Base . . . 194

Open and Closed Systems . . 197

Security Modes of Operation . . 197

Operating States . . . 199

Recovery Procedures . . . 199

Process Isolation . . . 200

Security Models . . . 201

State Machine Model . . . 202

Information Flow Model . . . 203

Noninterference Model . . . 203

Confidentiality. . . 203

Integrity . . . 204

Other Models . . . 208

Documents and Guidelines . . . 208

The Rainbow Series . . . 209

The Red Book: Trusted Network Interpretation . 211

Information Technology Security Evaluation Criteria . 212

Common Criteria . . . 212

System Validation . . . 214

Certification and Accreditation. . 215

Governance and Enterprise Architecture . . 216

Security Architecture Threats. . . 219

Buffer Overflow . . . 219

Back Doors . . . 220

Asynchronous Attacks . . . 220

Covert Channels . . . 221

Incremental Attacks . . . 221

Exam Prep Questions. . . 223

Answers to Exam Prep Questions . . 226

Need to Know More? . . . 228

Chapter 6: Telecommunications and Network Security . . 229

Introduction. . . . 230

Network Models and Standards . . 230

OSI Model . . . 231

Encapsulation/De-Encapsulation . . 237

TCP/IP . . . . 238

Network Access Layer . . . 238

Internet Layer . . . 239

Host-to-Host (Transport) Layer. . 243

Application Layer . . . 245

LANs and Their Components . . . 249

LAN Communication Protocols . . 250

Network Topologies . . . 251

LAN Cabling. . . 253

Network Types . . . 255

Communication Standards . . . 256

Network Equipment. . . 257

Repeaters . . . 257

Hubs . . . . 257

Bridges . . . 257

Switches . . . 258

VLANs . . . 259

Routers . . . 260

Brouters . . . 261

Gateways . . . 261

Routing. . . . 262

WANs and Their Components . . 264

Packet Switching. . . 264

Circuit Switching . . . 266

Cloud Computing. . . 270

Voice Communications and Wireless Communications . 271

Voice over IP . . . 271

Cell Phones . . . 272

802.11 Wireless Networks and Standards . . 274

Network Security . . . 281

Firewalls . . . 282

Demilitarized Zone. . . 283

Firewall Design . . . 285

Remote Access. . . 285

Point-to-Point Protocol. . . 286

Virtual Private Networks . . . 287

Remote Authentication Dial-in User Service . 288

Terminal Access Controller Access Control System . 288

IPSec. . . . 288

Message Privacy . . . 289

Threats to Network Security . . . 290

DoS Attacks . . . 290

Distributed Denial of Service . . 291

Disclosure Attacks. . . 291

Destruction, Alteration, or Theft . . 292

Exam Prep Questions. . . 295

Answers to Exam Prep Questions . . 298

Need to Know More? . . . 299

Chapter 7: Business Continuity and Disaster Recovery Planning. . 301

Introduction. . . . 302

Threats to Business Operations . . 302

Disaster Recovery and Business Continuity Management . 303

Project Management and Initiation . . 305

Business Impact Analysis . . . 307

Recovery Strategy . . . 313

Plan Design and Development . . 327

Implementation. . . 330

Testing . . . 331

Monitoring and Maintenance . . 333

Disaster Life Cycle . . . 334

Teams and Responsibilities . . 336

Exam Prep Questions. . . 338

Answers to Exam Prep Questions . . 341

Need to Know More? . . . 343

Chapter 8: Legal, Regulations, Investigations, and Compliance . . 345

Introduction. . . . 346

United States Legal System and Laws. . 346

International Legal Systems and Laws . . 347

International Property Laws . . . 349

Piracy and Issues with Copyrights . . 350

Privacy Laws and Protection of Personal Information . 351

Privacy Impact Assessment . . 353

Computer Crime Laws . . . 354

Regulatory Compliance and Process Control. . 354

Ethics . . . . 355

ISC2 Code of Ethics. . . 356

Computer Ethics Institute . . 357

Internet Architecture Board . . 357

NIST 800-14. . . 358

Computer Crime and Criminals. . 359

Pornography . . . 361

Well-Known Computer Crimes . . 362

How Computer Crime Has Changed . . 363

Attack Vectors . . . 364

Keystroke Logging . . . 365

Wiretapping. . . 365

Spoofing Attacks . . . 366

Manipulation Attacks . . . 367

Social Engineering . . . 367

Dumpster Diving . . . 368

Investigating Computer Crime. . . 368

Computer Crime Jurisdiction . . 369

Incident Response. . . 369

Forensics . . . . 374

Standardization of Forensic Procedures . . 375

Computer Forensics . . . 376

Investigations. . . 381

Search, Seizure, and Surveillance . . 381

Interviews and Interrogations . . 381

Honeypots and Honeynets . . 381

Evidence Types . . . 383

Trial . . . . 384

The Evidence Life Cycle . . . 384

Exam Prep Questions. . . 385

Answers to Exam Prep Questions . . 388

Need to Know More? . . . 390

Chapter 9: Software Development Security . . . 391

Introduction. . . . 392

Software Development. . . 392

Avoiding System Failure . . . 393

The System Development Life Cycle . . 394

System Development Methods. . . 402

The Waterfall Model . . . 402

The Spiral Model . . . 402

Joint Application Development . . 403

Rapid Application Development. . 404

Incremental Development . . 404

Prototyping . . . 404

Computer-Aided Software Engineering . . 405

Agile Development Methods. . 405

Capability Maturity Model . . 406

Scheduling . . . 407

Change Management . . . 408

Programming Languages. . . 409

Object-Oriented Programming . . 412

CORBA . . . 413

Database Management. . . 413

Database Terms. . . 414

Integrity . . . 416

Transaction Processing. . . 416

Data Warehousing . . . 416

Data Mining . . . 417

Knowledge Management . . . 418

Artificial Intelligence and Expert Systems. . 418

Malicious Code . . . 419

Viruses . . . 420

Worms . . . 421

Spyware . . . 422

Back Doors and Trapdoors . . 423

Change Detection. . . 423

Mobile Code . . . 424

Financial Attacks . . . 424

Buffer Overflow . . . 424

Input Validation and Injection Attacks . . 426

Exam Prep Questions. . . 429

Answers to Exam Prep Questions . . 432

Need to Know More? . . . 434

Chapter 10: Information Security Governance and Risk Management . . 435

Introduction. . . . 436

Basic Security Principles . . . 436

Security Management and Governance. . 438

Asset Identification . . . 440

Risk Assessment . . . 441

Risk Management . . . 442

Policies Development. . . 458

Security Policy. . . 459

Standards . . . 461

Baselines . . . 461

Guidelines . . . 461

Procedures . . . 462

Data Classification . . . 462

Implementation. . . 465

Roles and Responsibility . . . 465

Security Controls . . . 467

Training and Education . . . 469

Security Awareness . . . 470

Social Engineering . . . 471

Auditing Your Security Infrastructure . . 472

The Risk of Poor Security Management. . 474

Exam Prep Questions. . . 475

Answers to Exam Prep Questions . . 478

Need to Know More? . . . 480

Chapter 11: Security Operations . . . 481

Introduction. . . . 482

Security Operations . . . 482

Employee Recruitment . . . 483

New-Hire Orientation . . . 484

Separation of Duties. . . 484

Job Rotation. . . 485

Least Privilege. . . 485

Mandatory Vacations . . . 486

Termination . . . 486

Accountability . . . 486

Controls . . . . 488

Security Controls . . . 489

Operational Controls . . . 490

Auditing and Monitoring. . . 498

Auditing . . . 498

Security Information and Event Management (SIEM) . 499

Monitoring Controls . . . 499

Clipping Levels . . . 501

Intrusion Detection . . . 501

Keystroke Monitoring . . . 502

Antivirus . . . 503

Facility Access Control . . . 504

Telecommunication Controls . . . 504

Fax. . . . 505

PBX. . . . 506

Email. . . . 507

Backup, Fault Tolerance, and Recovery Controls . . 509

Backups. . . 509

Fault Tolerance . . . 511

RAID . . . . 513

Recovery Controls . . . 515

Security Assessments . . . 516

Policy Reviews. . . 516

Vulnerability Scanning . . . 517

Penetration Testing. . . 518

Operational Security Threats and Vulnerabilities . . 521

Common Attack Methodologies. . 522

Attack Terms and Techniques . . 524

Exam Prep Questions. . . 526

Answers to Exam Prep Questions . . 529

Need to Know More? . . . 531

Practice Exam I. . . . 533

Practice Exam Questions. . . 533

Answers to Practice Exam I . . . 547

Practice Exam II . . . . 563

Practice Exam Questions. . . 563

Answers to Practice Exam II . . . 577

TOC, 9780789749574, 11/2/2012

Dateiformat: ePUB
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat ePUB ist sehr gut für Romane und Sachbücher geeignet - also für "fließenden" Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Bitte beachten Sie bei der Verwendung der Lese-Software Adobe Digital Editions: wir empfehlen Ihnen unbedingt nach Installation der Lese-Software diese mit Ihrer persönlichen Adobe-ID zu autorisieren!

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Download (sofort verfügbar)

22,99 €
inkl. 7% MwSt.
Download / Einzel-Lizenz
ePUB mit Adobe-DRM
siehe Systemvoraussetzungen
E-Book bestellen