SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Third Edition
1st Edition
Published on 26. October 2018
640 pages
978-1-260-12871-0 (ISBN)
Available for download
Description
This fully updated study guide offers complete coverage of every topic on the latest version of the SSCP examTake the 2018 edition of the challenging Systems Security Certified Practitioner (SSCP) exam with confidence using the detailed information contained in this highly effective self-study guide. The book provides 100% coverage of the revised SSCP Common Body of Knowledge (CBK) as developed by the International Information Systems Security Certification Consortium (ISC)2.Written by bestselling IT security certification author and trainer Darril Gibson, SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Third Edition clearly explains all exam domains. You will get lists of topics covered at the beginning of each chapter, exam tips, practice exam questions, and in-depth answer explanations. Designed to help you pass the exam with ease, SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Third Edition also serves as an essential on-the-job reference.*Features 100% coverage of every objective on the SSCP exam*Electronic content includes 250+ practice questions and a secured book PDF*Written by an industry-recognized expert and experienced trainer
More details
Other editions
Additional editions
Book
12/2018
3rd Edition
McGraw-Hill Education
€66.20
Shipment within 10-20 days
Content
- Cover
- Title Page
- Copyright Page
- Dedication
- Contents at a Glance
- Contents
- Acknowledgments
- Introduction
- Exam Objective Map
- Chapter 1 Security Fundamentals
- Reviewing the Requirements for SSCP
- Have One Year of Experience
- Registering for the Exam
- Passing the Exam
- Subscribing to the (ISC)2 Code of Ethics and Getting Endorsed
- Maintaining Your SSCP Certification
- Understanding Basic Security Concepts
- Confidentiality
- Integrity
- Availability
- Exploring Fundamentals of Security
- Least Privilege
- Separation of Duties
- Privacy and Data Sensitivity
- Defense in Depth
- Nonrepudiation
- AAAs of Security
- Accountability
- Due Diligence
- Due Care
- Chapter Review
- Questions
- Answers
- Chapter 2 Access Controls
- Comparing Identification, Authentication, and Authorization
- Exploring Authentication
- Three Factors of Authentication
- Multifactor Authentication
- Two-Step Verification
- Reviewing Identification
- Single Sign-on Authentication
- Centralized vs. Decentralized Authentication
- Offline Authentication
- Device Authentication
- Implementing Access Controls
- Comparing Subjects and Objects
- Logical Access Controls
- Comparing Access Control Models
- Discretionary Access Control
- Non-Discretionary Access Control
- Access Control Matrix vs. Capability Table
- Participating in the Identity and Access Management Lifecycle
- Identity Proofing
- Provisioning and Authorization
- Maintenance and Entitlement
- De-provisioning
- Participating in Physical Security Operations
- Badging
- Data Center Assessment
- Chapter Review
- Questions
- Answers
- Chapter 3 Basic Networking and Communications
- Understanding Use Cases
- Reviewing the OSI Model
- The Physical Layer (Layer 1)
- The Data Link Layer (Layer 2)
- The Network Layer (Layer 3)
- The Transport Layer (Layer 4)
- The Session Layer (Layer 5)
- The Presentation Layer (Layer 6)
- The Application Layer (Layer 7)
- Comparing the OSI and TCP/IP Models
- Understanding Network Topologies and Relationships
- Ethernet
- Bus Topology
- Star Topology
- Tree Topology
- Token Ring Topology
- Mesh Topology
- Network Relationships
- Reviewing Basic Protocols and Ports
- Comparing IPv4 and IPv6
- Dynamic Host Configuration Protocol
- Address Resolution Protocol
- Network Discovery Protocol
- Domain Name System
- Internet Control Message Protocol
- Internet Group Message Protocol
- Simple Network Management Protocol
- File Transfer Protocol
- Telnet
- Secure Shell
- Hypertext Transfer Protocol and Hypertext Transfer Protocol Secure
- Transport Layer Security and Secure Sockets Layer
- Network File System
- Routing Protocols
- E-mail Protocols
- Internet Protocol Security
- Tunneling Protocols
- Mapping Well-Known Ports to Protocols
- Comparing Ports and Protocol Numbers
- Comparing Internetwork Trust Architectures
- Comparing Public and Private IP Addresses
- Using NAT
- Comparing Trust Relationships
- Exploring Wireless Technologies
- Securing Data Transmissions
- Wireless Device Administrator Password
- Wireless Service Set Identifier
- MAC Address Filtering
- Bluetooth
- NFC
- GSM
- 3G, LTE, and 4G
- WiMAX
- Radio Frequency Identification
- Protecting Mobile Devices
- Chapter Review
- Questions
- Answers
- Chapter 4 Advanced Networking and Communications
- Managing LAN-based Security
- Comparing Switches and Routers
- Physical and Logical Segmentation
- Secure Device Management
- VoIP
- Using Proxy Servers
- Understanding Firewalls
- Packet-Filtering Firewall
- Stateful Inspection Firewall
- Application Firewall
- Next-Generation Firewall
- Defense Diversity
- Comparing Network-based and Host-based Firewalls
- Exploring Remote Access Solutions
- Risks and Vulnerabilities
- Tunneling Protocols
- Authentication
- Traffic Shaping and WAN Optimization
- Managing Network Access Control
- Exploring Virtual Environments
- Virtualization Terminology
- Shared Storage
- Virtual Appliances
- Virtual Desktop Infrastructure
- Continuity and Resilience
- Separation of Data Plane and Control Plane
- Software-defined Networking
- Protecting Virtualization Systems
- Understanding Cloud Computing
- Shared Responsibility Models
- Cloud Operation Models
- Storage
- Privacy
- Data Control and Third-party Outsourcing
- Compliance
- Chapter Review
- Questions
- Answers
- Chapter 5 Attacks
- Comparing Attackers
- Hackers and Crackers
- White Hats, Black Hats, and Gray Hats
- Advanced Persistent Threats
- Insider Threats
- Script Kiddies
- Exploring Attack Types and Countermeasures
- Basic Countermeasures
- Spoofing
- Data Theft
- DoS
- DDoS
- Botnets and Zombies
- Sniffing Attack
- Reconnaissance and Fingerprinting Attacks
- Salami Attack
- Man-in-the-Middle
- Replay
- Session Hijacking
- DNS Cache Poisoning
- Smurf and Fraggle Attacks
- Software Security as a Countermeasure
- Buffer Overflow Attacks
- Injection Attacks
- Cross-Site Scripting
- Cross-Site Request Forgery
- Password Attacks
- Spam
- Phishing Attacks
- Phishing and Drive-by Downloads
- Spear Phishing and Whaling
- Vishing
- Smishing
- Zero Day Exploits
- Covert Channel
- Wireless Attacks and Countermeasures
- Understanding Social Engineering
- Tailgating
- Impersonation
- Skimming
- Dumpster Diving
- Shoulder Surfing
- Social Networking Attacks
- User Awareness as a Countermeasure
- Chapter Review
- Questions
- Answers
- Chapter 6 Malicious Code and Activity
- Identifying Malicious Code
- Virus
- Worm
- Trojan Horse
- RATs
- Scareware
- Ransomware
- Keylogger
- Logic Bomb
- Rootkits
- Mobile Code
- Backdoors and Trapdoors
- Spyware
- Malware Hoaxes
- Analyzing the Stages of an Attack
- Understanding Malware Delivery Methods
- Delivering Malware via Drive-by Downloads
- Delivering Malware via Malvertising
- Delivering Malware via E-mail
- Delivering Malware via USB Drives
- Implementing Malicious Code Countermeasures
- Antivirus Software
- Keeping AV Signatures Up to Date
- Spam Filters
- Content-filtering Appliances
- Keeping Operating Systems Up to Date
- Scanners
- Beware of Shortened Links
- Sandboxing
- Least Privilege
- Software Security
- Application Whitelisting and Blacklisting
- Participating in Security Awareness and Training
- Common Vulnerabilities and Exposures
- Chapter Review
- Questions
- Answers
- Chapter 7 Risk, Response, and Recovery
- Defining Risk
- Identifying Threat Sources
- Identifying Threat Events
- Understanding Vulnerabilities
- Understanding Impact Assessments
- Sharing Threat Intelligence
- Managing Risk
- Risk Treatment
- Residual Risk
- Identifying Assets
- Risk Visibility and Reporting
- Risk Register
- Common Vulnerability Scoring System
- Risk Management Frameworks
- Performing Risk Assessments
- Threat Modeling
- Quantitative Analysis
- Qualitative Analysis
- Risk Assessment Steps
- Address Findings
- Supporting the Incident Lifecycle
- Preparation
- Detection, Analysis, and Escalation
- Containment
- Eradication
- Recovery
- Lessons Learned/Implementation of New Countermeasure
- Chapter Review
- Questions
- Answers
- Chapter 8 Monitoring and Analysis
- Operating and Maintaining Monitoring Systems
- Events of Interest
- Intrusion Detection Systems
- IDS Alerts
- Network-based Intrusion Detection Systems
- Host-based Intrusion Detection Systems
- Intrusion Prevention Systems
- Detection Methods
- Wireless Intrusion Detection and Prevention Systems
- Analyze Monitoring Results
- Detection Systems and Logs
- Detecting Unauthorized Changes
- Using Security Information and Event Management Tools
- Continuous Monitoring
- Document and Communicate Findings
- Performing Security Tests and Assessments
- Vulnerability Assessments
- Penetration Tests
- Chapter Review
- Questions
- Answers
- Chapter 9 Controls and Countermeasures
- Using Security Controls, Safeguards, and Countermeasures
- Performing a Cost-Benefit Analysis
- Security Controls Lifecycle
- Understanding Control Goals
- Preventive
- Detective
- Corrective
- Other Controls
- Comparing Security Control Implementation Methods
- Administrative Security Controls
- Technical Security Controls
- Physical Security Controls
- Combining Control Goals and Classes
- Exploring Some Basic Controls
- Hardening Systems
- Policies, Standards, Procedures, and Guidelines
- Response Plans
- Change Control and Configuration Management
- Testing and Implementing Patches, Fixes, and Updates
- Endpoint Device Security
- User Awareness and Training Programs
- Understanding Fault Tolerance
- Fault Tolerance for Disks
- Failover Clusters
- Load Balancing
- Redundant Connections
- Understanding Backups
- Full Backups
- Full/Incremental Backup Strategy
- Full/Differential Backup Strategy
- Image-based Backups
- Chapter Review
- Questions
- Answers
- Chapter 10 Auditing and Management Processes
- Understanding Auditing and Accountability
- Holding Users Accountable with Audit Logs
- Auditing with Logs
- Clipping Levels
- Understanding Audit Trails
- Exploring Audit Logs
- Operating System Logs
- Storing Logs on Remote Systems
- *Nix Logs
- Proxy Server Logs
- Firewall Logs
- Reviewing Logs
- Managing Audit Logs
- Performing Security Audits
- Periodic Audit and Review
- Auditing Passwords
- Auditing Security Policies
- ISACA
- Exploring PCI DSS Requirements
- Auditing Physical Access Controls
- Understanding Configuration Management
- Using Imaging for Configuration Management
- Using Group Policy for Configuration Management
- Using Other Tools for Configuration Management
- Understanding Change Management
- Change Management Process
- Identifying Security Impact
- Chapter Review
- Questions
- Answers
- Chapter 11 Security Operations
- Handling Data
- Classifying Data
- Marking and Labeling Data
- Roles and Responsibilities
- Protecting Data from Cradle to Grave
- Data at Rest and Data in Motion
- Data Management Policies
- Understanding Databases
- Data Inference
- Data Diddling
- Regulatory Requirements
- Training
- Managing Assets Through the Lifecycle
- Hardware Inventory
- Software Inventory and Licenses
- Data Storage
- Certification and Accreditation
- Certification, Accreditation, and Security Assessments
- Common Criteria
- Using a Risk Management Framework
- Understanding Security Within the System Development Lifecycle
- Chapter Review
- Questions
- Answers
- Chapter 12 Security Administration and Planning
- Understanding Security Policies
- Security Policy Characteristics
- Enforcing Security Policies
- Value of a Security Policy
- Security Policies Becoming More Common
- Complying with Codes of Ethics
- Policy Awareness
- Updating Security Policies
- Understanding BCP and DRP Activities
- Business Impact Analysis
- Disaster Recovery Plan
- Emergency Response Plans and Procedures
- Comparing a BCP and a DRP
- Restoration Planning
- Testing and Drills
- Alternative Locations
- Identifying Security Organizations
- NIST
- US-CERT
- SANS Institute
- CERT Division
- Chapter Review
- Questions
- Answers
- Chapter 13 Legal Issues
- Exploring Computer Forensics
- Supporting the Incident Lifecycle
- Handling Evidence
- Three Phases of a Computer Forensics Investigation
- Legal and Ethical Principles
- Comparing Computer Abuse and Computer Crime
- Understanding Fraud and Embezzlement Crime
- Mandatory Vacations
- Job Rotation
- Understanding Privacy Issues
- General Data Protection Regulation
- California Supreme Court Rules That ZIP Codes Are PII
- Connecticut's Public Act No. 08-167
- Children's Online Privacy Protection Act
- California Online Privacy Protection Act of 2003
- Legal and Regulatory Concerns
- Chapter Review
- Questions
- Answers
- Chapter 14 Cryptography
- Understanding Basic Cryptography Concepts
- Cryptography Terminology
- Data Sensitivity
- Regulatory Requirements
- Participating in Security Awareness and Training
- Enforcing Integrity with Hashing
- Hashing Algorithms Provide One-Way Encryption
- Hashing Algorithms
- Verifying Integrity with a Hash
- Salting Passwords
- Exploring Symmetric Encryption
- ROT13
- Creating Strong Keys
- Comparing Block and Stream Ciphers
- Advanced Encryption Standard
- Other Symmetric Encryption Algorithms
- Exploring Asymmetric Encryption
- RSA
- Secure Sockets Layer
- Transport Layer Security
- SSL Decryptors
- Diffie-Hellman
- Elliptic Curve Cryptography
- Secure Shell
- Protecting E-mail with S/MIME
- Protecting E-mail with DKIM
- PGP and GPG
- Other Encryption Schemes
- Steganography
- IPsec
- Understanding Public Key Infrastructure Systems
- Certificates
- Certificate Authority
- Key Escrow
- Alternative Certificate Trusts
- Comparing Cryptanalysis Attacks
- Fundamental Key Management Concepts
- Known-Plaintext Attack
- Ciphertext-Only Attack
- Hashing and Collisions
- Countermeasures Against Cryptanalysis Attacks
- Chapter Review
- Questions
- Answers
- Appendix About the Online Content
- System Requirements
- Your Total Seminars Training Hub Account
- Privacy Notice
- Single User License Terms and Conditions
- TotalTester Online
- Technical Support
- Glossary
- Index
