CISSP Exam Cram
Logo1
Login & Sign up
AddBanner
Home icon Home
Account Icon Account
Wishlist Icon Wishlist
Cart Icon Cart
humburger icon Categories
Home > Computing and Information Technology > Computer security > CISSP Exam Cram
CISSP Exam Cram

CISSP Exam Cram


     0     
5
4
3
2
1
Write Reviews


Out of Stock


Notify me when this book is in stock
X

CISSP Exam Cram

Format: Digital download

About the Book

This is the eBook version of the print title. Note that the eBook does not provide access to the practice test software that accompanies the print book. Access to the digital edition of the Cram Sheet is available through product registration at Pearson IT Certification; or see instructions in back pages of your eBook.   CISSP Exam Cram, Third Edition, is the perfect study guide to help you pass the tough new electronic version of the CISSP exam. It provides coverage and practice questions for every exam topic, including substantial new coverage of encryption, cloud security, information lifecycles, security management/governance, and more. The book contains an extensive set of preparation tools, such as quizzes, Exam Alerts, and two practice exams. ·          Covers the critical information you’ll need to pass the CISSP exam! ·          Enforce effective physical security throughout your organization ·          Apply reliable authentication, authorization, and accountability ·          Design security architectures that can be verified, certified, and accredited ·          Understand the newest attacks and countermeasures ·          Use encryption to safeguard data, systems, and networks ·          Systematically plan and test business continuity/disaster recovery programs ·          Protect today’s cloud, web, and database applications ·          Address global compliance issues, from privacy to computer forensics ·          Develop software that is secure throughout its entire lifecycle ·          Implement effective security governance and risk management ·          Use best-practice policies, procedures, guidelines, and controls ·          Ensure strong operational controls, from background checks to security audits  

Table of Contents:
Introduction. . . . 1     How to Prepare for the Exam. . . 1         Practice Tests . . . 2     Taking a Certification Exam . . . 2         Arriving at the Exam Location . . 2         In the Testing Center . . . 3         After the Exam. . . 3         Retaking a Test . . . 3         Tracking Your CISSP Status . . 3     About This Book. . . 4         The Chapter Elements. . . 4         Other Book Elements. . . 7         Chapter Contents . . . 7     Pearson IT Certification Practice Test Engine and Questions on the CD . . . . 9         Install the Software from the CD. . 10         Activate and Download the Practice Exam . . 11         Activating Other Exams . . . 11     Contacting the Author . . . 12     Self-Assessment. . . 12         CISSPs in the Real World . . . 12         The Ideal CISSP Candidate . . 12         Put Yourself to the Test . . . 13         After the Exam . . . 15 Chapter 1: The CISSP Certification Exam . . . 17     Introduction. . . . 18     Assessing Exam Readiness . . . 18     Taking the Exam . . . 19     Multiple-Choice Question Format . . 21     Exam Strategy . . . 21     Question-Handling Strategies . . . 22     Mastering the Inner Game . . . 23     Need to Know More? . . . 24 Chapter 2: Physical Security . . . . 25     Introduction. . . . 26     Physical Security Risks. . . 26         Natural Disasters. . . 27         Man-Made Threats. . . 28         Technical Problems. . . 28     Facility Concerns and Requirements . . 29         CPTED . . . 30         Area Concerns . . . 30         Location . . . 31         Construction . . . 32         Doors, Walls, Windows, and Ceilings . . 32         Asset Placement. . . 35         Physical Port Controls . . . 36     Perimeter Controls. . . 36         Fences . . . . 36         Gates. . . . 38         Bollards. . . . 39         CCTV Cameras . . . 40         Lighting . . . 41         Guards and Dogs . . . 42         Locks. . . . 43     Employee Access Control . . . 46         Badges, Tokens, and Cards . . 47         Biometric Access Controls. . . 48     Environmental Controls . . . 49         Heating, Ventilating, and Air Conditioning . . 50     Electrical Power . . . 51         Uninterruptible Power Supply . . 52     Equipment Life Cycle . . . 53     Fire Prevention, Detection, and Suppression . . 53         Fire-Detection Equipment . . 54         Fire Suppression . . . 54     Alarm Systems . . . 57         Intrusion Detection Systems . . 57         Monitoring and Detection. . . 58     Exam Prep Questions. . . 60     Answers to Exam Prep Questions . . 62     Suggested Reading and Resources . . 64 Chapter 3: Access Control Systems and Methodology. . 65     Introduction. . . . 66     Identification, Authentication, and Authorization . . 67         Authentication . . . 67         Access Management . . . 79     Single Sign-On . . . 80         Kerberos. . . 81         SESAME . . . 83     Authorization and Access Controls Techniques . . 84         Discretionary Access Control . . 84         Mandatory Access Control . . 85         Role-Based Access Control . . 87         Other Types of Access Controls . . 88     Access Control Methods . . . 89         Centralized Access Control . . 89         Decentralized Access Control . . 92     Access Control Types . . . 93         Administrative Controls. . . 93         Technical Controls . . . 94         Physical Controls . . . 94         Access Control Categories. . . 95     Audit and Monitoring . . . 96         Monitoring Access and Usage. . 96         Intrusion Detection Systems . . 97         Intrusion Prevention Systems . . 101         Network Access Control . . . 102         Keystroke Monitoring . . . 102         Emanation Security . . . 103     Access Control Attacks. . . 104         Unauthorized Access . . . 104         Access Aggregation . . . 105         Password Attacks. . . 105         Spoofing . . . 109         Sniffing . . . 109         Eavesdropping and Shoulder Surfing. . 110         Wiretapping. . . 110         Identity Theft . . . 110         Denial of Service Attacks . . . 111         Distributed Denial of Service Attacks . . 113         Botnets . . . 113     Exam Prep Questions. . . 116     Answers to Exam Prep Questions . . 119     Suggesting Reading and Resources . . 121 Chapter 4: Cryptography. . . . 123     Introduction. . . . 124     Cryptographic Basics . . . 124     History of Encryption . . . 127     Steganography. . . 132         Steganography Operation . . 133         Digital Watermark . . . 134     Algorithms . . . . 135     Cipher Types and Methods . . . 137     Symmetric Encryption . . . 137         Data Encryption Standard. . 140         Triple-DES . . . 144         Advanced Encryption Standard. . 145         International Data Encryption Algorithm. . 146         Rivest Cipher Algorithms . . 146     Asymmetric Encryption . . . 147         Diffie-Hellman . . . 149         RSA. . . . 150         El Gamal . . . 151         Elliptical Curve Cryptosystem . . 152         Merkle-Hellman Knapsack . . 152         Review of Symmetric and Asymmetric Cryptographic Systems . . . 153     Hybrid Encryption . . . 153     Integrity and Authentication. . . 154         Hashing and Message Digests. . 155         Digital Signatures . . . 158         Cryptographic System Review . . 159     Public Key Infrastructure . . . 160         Certificate Authority . . . 160         Registration Authority . . . 161         Certificate Revocation List . . 161         Digital Certificates . . . 161         The Client’s Role in PKI . . . 163     Email Protection Mechanisms . . . 164         Pretty Good Privacy. . . 164         Other Email Security Applications. . 165     Securing TCP/IP with Cryptographic Solutions. . 165         Application/Process Layer Controls . . 166         Host to Host Layer Controls . . 167         Internet Layer Controls. . . 168         Network Access Layer Controls . . 170         Link and End-to-End Encryption . . 170     Cryptographic Attacks . . . 171     Exam Prep Questions. . . 175     Answers to Exam Prep Questions . . 178     Need to Know More? . . . 180 Chapter 5: Security Architecture and Models . . . 181     Introduction. . . . 182     Computer System Architecture . . 182         Central Processing Unit . . . 182         Storage Media . . . 186         I/O Bus Standards. . . 189         Hardware Cryptographic Components . . 190         Virtual Memory and Virtual Machines . . 190         Computer Configurations . . 191     Security Architecture . . . 192         Protection Rings . . . 192         Trusted Computer Base . . . 194         Open and Closed Systems . . 197         Security Modes of Operation . . 197         Operating States . . . 199         Recovery Procedures . . . 199         Process Isolation . . . 200     Security Models . . . 201         State Machine Model . . . 202         Information Flow Model . . . 203         Noninterference Model . . . 203         Confidentiality. . . 203         Integrity . . . 204         Other Models . . . 208     Documents and Guidelines . . . 208         The Rainbow Series . . . 209         The Red Book: Trusted Network Interpretation . 211         Information Technology Security Evaluation Criteria . 212         Common Criteria . . . 212     System Validation . . . 214         Certification and Accreditation. . 215         Governance and Enterprise Architecture . . 216     Security Architecture Threats. . . 219         Buffer Overflow . . . 219         Back Doors . . . 220         Asynchronous Attacks . . . 220         Covert Channels . . . 221         Incremental Attacks . . . 221     Exam Prep Questions. . . 223     Answers to Exam Prep Questions . . 226     Need to Know More? . . . 228 Chapter 6: Telecommunications and Network Security . . 229     Introduction. . . . 230     Network Models and Standards . . 230         OSI Model . . . 231         Encapsulation/De-Encapsulation . . 237     TCP/IP . . . . 238         Network Access Layer . . . 238         Internet Layer . . . 239         Host-to-Host (Transport) Layer. . 243         Application Layer . . . 245     LANs and Their Components . . . 249         LAN Communication Protocols . . 250         Network Topologies . . . 251         LAN Cabling. . . 253         Network Types . . . 255     Communication Standards . . . 256     Network Equipment. . . 257         Repeaters . . . 257         Hubs . . . . 257         Bridges . . . 257         Switches . . . 258         VLANs . . . 259     Routers . . . 260         Brouters . . . 261         Gateways . . . 261     Routing. . . . 262     WANs and Their Components . . 264         Packet Switching. . . 264         Circuit Switching . . . 266     Cloud Computing. . . 270     Voice Communications and Wireless Communications . 271         Voice over IP . . . 271         Cell Phones . . . 272         802.11 Wireless Networks and Standards . . 274     Network Security . . . 281         Firewalls . . . 282         Demilitarized Zone. . . 283         Firewall Design . . . 285     Remote Access. . . 285         Point-to-Point Protocol. . . 286         Virtual Private Networks . . . 287         Remote Authentication Dial-in User Service . 288         Terminal Access Controller Access Control System . 288         IPSec. . . . 288     Message Privacy . . . 289     Threats to Network Security . . . 290         DoS Attacks . . . 290         Distributed Denial of Service . . 291         Disclosure Attacks. . . 291         Destruction, Alteration, or Theft . . 292     Exam Prep Questions. . . 295     Answers to Exam Prep Questions . . 298     Need to Know More? . . . 299 Chapter 7: Business Continuity and Disaster Recovery Planning. . 301     Introduction. . . . 302     Threats to Business Operations . . 302     Disaster Recovery and Business Continuity Management . 303         Project Management and Initiation . . 305         Business Impact Analysis . . . 307         Recovery Strategy . . . 313         Plan Design and Development . . 327         Implementation. . . 330         Testing . . . 331         Monitoring and Maintenance . . 333     Disaster Life Cycle . . . 334         Teams and Responsibilities . . 336     Exam Prep Questions. . . 338     Answers to Exam Prep Questions . . 341     Need to Know More? . . . 343 Chapter 8: Legal, Regulations, Investigations, and Compliance . . 345     Introduction. . . . 346     United States Legal System and Laws. . 346     International Legal Systems and Laws . . 347     International Property Laws . . . 349         Piracy and Issues with Copyrights . . 350     Privacy Laws and Protection of Personal Information . 351         Privacy Impact Assessment . . 353     Computer Crime Laws . . . 354     Regulatory Compliance and Process Control. . 354     Ethics . . . . 355         ISC2 Code of Ethics. . . 356         Computer Ethics Institute . . 357         Internet Architecture Board . . 357         NIST 800-14. . . 358     Computer Crime and Criminals. . 359         Pornography . . . 361     Well-Known Computer Crimes . . 362     How Computer Crime Has Changed . . 363     Attack Vectors . . . 364         Keystroke Logging . . . 365         Wiretapping. . . 365         Spoofing Attacks . . . 366         Manipulation Attacks . . . 367         Social Engineering . . . 367         Dumpster Diving . . . 368     Investigating Computer Crime. . . 368         Computer Crime Jurisdiction . . 369         Incident Response. . . 369     Forensics . . . . 374         Standardization of Forensic Procedures . . 375         Computer Forensics . . . 376     Investigations. . . 381         Search, Seizure, and Surveillance . . 381         Interviews and Interrogations . . 381         Honeypots and Honeynets . . 381         Evidence Types . . . 383     Trial . . . . 384         The Evidence Life Cycle . . . 384     Exam Prep Questions. . . 385     Answers to Exam Prep Questions . . 388     Need to Know More? . . . 390 Chapter 9: Software Development Security . . . 391     Introduction. . . . 392     Software Development. . . 392         Avoiding System Failure . . . 393         The System Development Life Cycle . . 394     System Development Methods. . . 402         The Waterfall Model . . . 402         The Spiral Model . . . 402         Joint Application Development . . 403         Rapid Application Development. . 404         Incremental Development . . 404         Prototyping . . . 404         Computer-Aided Software Engineering . . 405         Agile Development Methods. . 405         Capability Maturity Model . . 406         Scheduling . . . 407     Change Management . . . 408     Programming Languages. . . 409         Object-Oriented Programming . . 412         CORBA . . . 413     Database Management. . . 413         Database Terms. . . 414         Integrity . . . 416         Transaction Processing. . . 416         Data Warehousing . . . 416         Data Mining . . . 417         Knowledge Management . . . 418         Artificial Intelligence and Expert Systems. . 418     Malicious Code . . . 419         Viruses . . . 420         Worms . . . 421         Spyware . . . 422         Back Doors and Trapdoors . . 423         Change Detection. . . 423         Mobile Code . . . 424         Financial Attacks . . . 424         Buffer Overflow . . . 424         Input Validation and Injection Attacks . . 426     Exam Prep Questions. . . 429     Answers to Exam Prep Questions . . 432     Need to Know More? . . . 434 Chapter 10: Information Security Governance and Risk Management . . 435     Introduction. . . . 436     Basic Security Principles . . . 436     Security Management and Governance. . 438     Asset Identification . . . 440     Risk Assessment . . . 441         Risk Management . . . 442     Policies Development. . . 458         Security Policy. . . 459         Standards . . . 461         Baselines . . . 461         Guidelines . . . 461         Procedures . . . 462         Data Classification . . . 462     Implementation. . . 465         Roles and Responsibility . . . 465         Security Controls . . . 467     Training and Education . . . 469         Security Awareness . . . 470         Social Engineering . . . 471     Auditing Your Security Infrastructure . . 472     The Risk of Poor Security Management. . 474     Exam Prep Questions. . . 475     Answers to Exam Prep Questions . . 478     Need to Know More? . . . 480 Chapter 11: Security Operations . . . 481     Introduction. . . . 482     Security Operations . . . 482         Employee Recruitment . . . 483         New-Hire Orientation . . . 484         Separation of Duties. . . 484         Job Rotation. . . 485         Least Privilege. . . 485         Mandatory Vacations . . . 486         Termination . . . 486     Accountability . . . 486     Controls . . . . 488         Security Controls . . . 489         Operational Controls . . . 490     Auditing and Monitoring. . . 498         Auditing . . . 498         Security Information and Event Management (SIEM) . 499         Monitoring Controls . . . 499         Clipping Levels . . . 501         Intrusion Detection . . . 501         Keystroke Monitoring . . . 502         Antivirus . . . 503         Facility Access Control . . . 504     Telecommunication Controls . . . 504         Fax. . . . 505         PBX. . . . 506         Email. . . . 507     Backup, Fault Tolerance, and Recovery Controls . . 509         Backups. . . 509         Fault Tolerance . . . 511         RAID . . . . 513         Recovery Controls . . . 515     Security Assessments . . . 516         Policy Reviews. . . 516         Vulnerability Scanning . . . 517         Penetration Testing. . . 518     Operational Security Threats and Vulnerabilities . . 521         Common Attack Methodologies. . 522         Attack Terms and Techniques . . 524     Exam Prep Questions. . . 526     Answers to Exam Prep Questions . . 529     Need to Know More? . . . 531 Practice Exam I. . . . 533     Practice Exam Questions. . . 533 Answers to Practice Exam I . . . 547 Practice Exam II . . . . 563     Practice Exam Questions. . . 563 Answers to Practice Exam II . . . 577 TOC, 9780789749574, 11/2/2012  

About the Author :
As the founder and president of Superior Solutions, Inc., a Houston-based IT security consulting and auditing firm, Michael Gregg has more than 20 years of experience in information security and risk management. He holds two associate’s degrees, a bachelor’s degree, and a master’s degree. Some of the certifications he holds include CISA, CISSP, MCSE, CTT+, A+, N+, Security+, CASP, CCNA, GSEC, CEH, CHFI, CEI, CISA, CISM, CGEIT, and SSCP.   In addition to his experience with performing security audits and assessments, Gregg has authored or coauthored more than 15 books, including Certified Ethical Hacker Exam Prep (Que), CISSP Exam Cram 2 (Que), and Security Administrator Street Smarts (Sybex). He is a site expert for TechTarget.com websites, such as SearchNetworking.com. He also serves on their editorial advisory board. His articles have been published on IT websites and he has been quoted on Fox News and the in the New York Times. He has created more than 15 security-related courses and training classes for various companies and universities. Although audits and assessments are where he spends the bulk of his time, teaching and contributing to the written body of IT security knowledge are how Michael believes he can give something back to the community that has given him so much.   He is a board member for Habitat for Humanity and when not working, Michael enjoys traveling and restoring muscle cars.

Best Sellers

See All
Too Good To Be True
Quick View

Too Good To Be True Prajakta Koli

No Review Yet

AED30

Thank You for Leaving
Quick View

Thank You for Leaving Rithvik Singh

No Review Yet

AED28

Atomic Habits (EXP)
Quick View

Atomic Habits (EXP) James Clear

No Review Yet

AED68

My First Library
Quick View

My First Library

No Review Yet

AED45

Money Myths and Mantras
Quick View

Money Myths and Mantras Devina Mehra

No Review Yet

AED32

White Nights
Quick View

White Nights Ronald Meyer

No Review Yet

AED25

Meditations
Quick View

Meditations Marcus Aurelius

No Review Yet

AED26

Harry Potter Box Set: The Complete Collection (Children’s Paperback)
Quick View

Harry Potter Box Set: The Complete Collection (Children’s Paperback) J.K. Rowling

No Review Yet

AED313

Atomic Habits
Quick View

Atomic Habits James Clear

No Review Yet

AED47

Animals Tales From Panchtantra
Quick View

Animals Tales From Panchtantra

No Review Yet

AED35

Ikigai
Quick View

Ikigai Francesc Miralles

No Review Yet

AED36

Atomic Habits
Quick View

Atomic Habits James Clear

No Review Yet

AED83

Product Details
  • ISBN-13: 9780133034141
  • Publisher: Pearson Education (US)
  • Publisher Imprint: Pearson IT Certification
  • Language: English
  • Weight: 1 gr
  • ISBN-10: 0133034143
  • Publisher Date: 29 Nov 2012
  • Binding: Digital download
  • No of Pages: 680

Similar Products

Add Photo
Add Photo

Customer Reviews

REVIEWS      0     
Click Here To Be The First to Review this Product
CISSP Exam Cram
Pearson Education (US) -
CISSP Exam Cram
Writing guidlines
We want to publish your review, so please:
  • keep your review on the product. Review's that defame author's character will be rejected.
  • Keep your review focused on the product.
  • Avoid writing about customer service. contact us instead if you have issue requiring immediate attention.
  • Refrain from mentioning competitors or the specific price you paid for the product.
  • Do not include any personally identifiable information, such as full names.

CISSP Exam Cram

Required fields are marked with *

Review Title*
Review
    Add Photo Add up to 6 photos
    Would you recommend this product to a friend?
    Tag this Book Read more
    Does your review contain spoilers?
    What type of reader best describes you?
    I agree to the terms & conditions
    You may receive emails regarding this submission. Any emails will include the ability to opt-out of future communications.

    CUSTOMER RATINGS AND REVIEWS AND QUESTIONS AND ANSWERS TERMS OF USE

    These Terms of Use govern your conduct associated with the Customer Ratings and Reviews and/or Questions and Answers service offered by Bookswagon (the "CRR Service").


    By submitting any content to Bookswagon, you guarantee that:
    • You are the sole author and owner of the intellectual property rights in the content;
    • All "moral rights" that you may have in such content have been voluntarily waived by you;
    • All content that you post is accurate;
    • You are at least 13 years old;
    • Use of the content you supply does not violate these Terms of Use and will not cause injury to any person or entity.
    You further agree that you may not submit any content:
    • That is known by you to be false, inaccurate or misleading;
    • That infringes any third party's copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy;
    • That violates any law, statute, ordinance or regulation (including, but not limited to, those governing, consumer protection, unfair competition, anti-discrimination or false advertising);
    • That is, or may reasonably be considered to be, defamatory, libelous, hateful, racially or religiously biased or offensive, unlawfully threatening or unlawfully harassing to any individual, partnership or corporation;
    • For which you were compensated or granted any consideration by any unapproved third party;
    • That includes any information that references other websites, addresses, email addresses, contact information or phone numbers;
    • That contains any computer viruses, worms or other potentially damaging computer programs or files.
    You agree to indemnify and hold Bookswagon (and its officers, directors, agents, subsidiaries, joint ventures, employees and third-party service providers, including but not limited to Bazaarvoice, Inc.), harmless from all claims, demands, and damages (actual and consequential) of every kind and nature, known and unknown including reasonable attorneys' fees, arising out of a breach of your representations and warranties set forth above, or your violation of any law or the rights of a third party.


    For any content that you submit, you grant Bookswagon a perpetual, irrevocable, royalty-free, transferable right and license to use, copy, modify, delete in its entirety, adapt, publish, translate, create derivative works from and/or sell, transfer, and/or distribute such content and/or incorporate such content into any form, medium or technology throughout the world without compensation to you. Additionally,  Bookswagon may transfer or share any personal information that you submit with its third-party service providers, including but not limited to Bazaarvoice, Inc. in accordance with  Privacy Policy


    All content that you submit may be used at Bookswagon's sole discretion. Bookswagon reserves the right to change, condense, withhold publication, remove or delete any content on Bookswagon's website that Bookswagon deems, in its sole discretion, to violate the content guidelines or any other provision of these Terms of Use.  Bookswagon does not guarantee that you will have any recourse through Bookswagon to edit or delete any content you have submitted. Ratings and written comments are generally posted within two to four business days. However, Bookswagon reserves the right to remove or to refuse to post any submission to the extent authorized by law. You acknowledge that you, not Bookswagon, are responsible for the contents of your submission. None of the content that you submit shall be subject to any obligation of confidence on the part of Bookswagon, its agents, subsidiaries, affiliates, partners or third party service providers (including but not limited to Bazaarvoice, Inc.)and their respective directors, officers and employees.

    Accept

    New Arrivals

    See All
    Too Good To Be True
    Quick View

    Too Good To Be True Prajakta Koli

    No Review Yet

    AED30

    Thank You for Leaving
    Quick View

    Thank You for Leaving Rithvik Singh

    No Review Yet

    AED28

    Money Myths and Mantras
    Quick View

    Money Myths and Mantras Devina Mehra

    No Review Yet

    AED32

    Can We be Strangers Again?
    Quick View

    Can We be Strangers Again? Shrijeet Shandilya

    No Review Yet

    AED28

    The New Icon
    Quick View

    The New Icon Arun Shourie

    No Review Yet

    AED54

    Confessions of Stock Market Wizards
    Quick View

    Confessions of Stock Market Wizards Safir Anand

    No Review Yet

    AED43

    The Circle of Life
    Quick View

    The Circle of Life Sudha Murty

    No Review Yet

    AED36

    Voice for the Voiceless
    Quick View

    Voice for the Voiceless His Holiness the Dalai Lama

    No Review Yet

    AED43

    Lords of Earth and Sea
    Quick View

    Lords of Earth and Sea Anirudh Kanisetti

    No Review Yet

    AED51

    Onyx Storm
    Quick View

    Onyx Storm Rebecca Yarros

    No Review Yet

    AED70

    The Cantonment Conspiracy
    Quick View

    The Cantonment Conspiracy Manoj Mukund Naravane

    No Review Yet

    AED36

    Inspired by your browsing history


    Your review has been submitted!

    You've already reviewed this product!