CISSP Exam Cram
Logo1
Login & Sign up
AddBanner
Home icon Home
Account Icon Account
Wishlist Icon Wishlist
Cart Icon Cart
humburger icon Categories
Home > Computing and Information Technology > Computer certification > CISSP Exam Cram: (Exam Cram)
CISSP Exam Cram: (Exam Cram)

CISSP Exam Cram: (Exam Cram)

|
     0     
5
4
3
2
1
Write Reviews



Out of Stock


Notify me when this book is in stock
About the Book

CISSP Exam Cram, Fifth Edition is the perfect study guide to help you pass the latest update to the eight-domain version of the CISSP exam. It offers knowledge and practice questions for every exam topic, with new coverage of asset retention, secure provisioning, crypto attacks, machine learning tools, threat hunting, risk-based access control, zero trust, SAML, SOAR, CASB, securing microservices, containers, managed services, and more. Covers the critical information you'll need to score higher on your CISSP exam! Understand Security & Risk Management: ethics, security concepts, governance, compliance, law/regulation, policies/procedures, threat models, supply chain risk, awareness training, and more Ensure Secure Assets: identify/classify information and assets; handling requirements, resource provisioning, data lifecycles, retention Review Security Architecture & Engineering: secure processes and principles, security models and controls, system capabilities, vulnerability assessment/mitigation, crypto attacks/solutions, site/facility design and controls Improve Communication & Network Security: secure network architectures, components, and channels Strengthen Identity & Access Management (IAM): physical/logical access control, identification, authentication, federated identity services, authorization, identity/access provisioning Enhance Security Assessment & Testing: design/validate assessment, test, and audit strategies; test controls; collect process data; evaluate and report test results; conduct or support audits Manage Security Operations: investigations, logs, monitoring, resource protection, incident management, detection/prevention; configuration, patches, vulnerabilities, and change management; DR/BC, physical and personnel security, and more

Table of Contents:
   Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 CHAPTER 1: The CISSP Certification Exam. . . . . . . . . . . . . . . . . . . . 19    Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20    Assessing Exam Readiness.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20    Exam Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21    Taking the Exam. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22    Examples of CISSP Test Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . 24    Answer to Multiple-Choice Question.. . . . . . . . . . . . . . . . . . . . . . . . 26    Answer to Drag and Drop Question.. . . . . . . . . . . . . . . . . . . . . . . . . 26    Answer to Hotspot Question.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26    Question-Handling Strategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27    Mastering the Inner Game.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27    Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 CHAPTER 2: Understanding Asset Security . . . . . . . . . . . . . . . . . . . . 29    Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30    Basic Security Principles.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30    Data Management: Determining and Maintaining Ownership.. . . . . . . 32    Data Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38    Data Security, Protection, Sharing, and Dissemination.. . . . . . . . . . . . . 42    Classifying Information and Supporting Asset Classification.. . . . . . . . . 47    Asset Management and Governance.. . . . . . . . . . . . . . . . . . . . . . . . . 51    Determining Data Security Controls.. . . . . . . . . . . . . . . . . . . . . . . . . 55    Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63    Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 66    Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 CHAPTER 3: Security and Risk Management... . . . . . . . . . . . . . . . . . 69    Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70    Security Governance.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70    U.S. Legal System and Laws. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71    International Legal Systems and Laws.. . . . . . . . . . . . . . . . . . . . . . . . 72    Global Legal and Regulatory Issues. . . . . . . . . . . . . . . . . . . . . . . . . . 74    Risk Management Concepts.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86    Selecting Countermeasures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104    Threat Modeling Concepts and Methodologies. . . . . . . . . . . . . . . . . . 107    Managing Risk with the Supply Chain and Third Parties.. . . . . . . . . . . 110    Identifying and Prioritizing Business Continuity    Requirements Based on Risk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113    Developing and Implementing Security Policy.. . . . . . . . . . . . . . . . . . 123    Types of Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127    Implementing Personnel Security.. . . . . . . . . . . . . . . . . . . . . . . . . . . 130    Security Education, Training, and Awareness.. . . . . . . . . . . . . . . . . . . 134    Professional Ethics Training and Awareness.. . . . . . . . . . . . . . . . . . . . 137    Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144    Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 148    Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 CHAPTER 4: Security Architecture and Engineering.. . . . . . . . . . . . . . 151    Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152    Secure Design Guidelines and Governance Principles.. . . . . . . . . . . . . 152    Fundamental Concepts of Security Models. . . . . . . . . . . . . . . . . . . . . 158    Security Architecture.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170    Common Formal Security Models. . . . . . . . . . . . . . . . . . . . . . . . . . . 179    Product Security Evaluation Models.. . . . . . . . . . . . . . . . . . . . . . . . . 189    System Validation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194    Vulnerabilities of Security Architectures. . . . . . . . . . . . . . . . . . . . . . . 195    Cryptography.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203    Algorithms.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206    Cipher Types and Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207    Symmetric Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208    Asymmetric Encryption.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218    Hybrid Encryption.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224    Public Key Infrastructure and Key Management.. . . . . . . . . . . . . . . . . 225    Integrity and Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230    Cryptographic Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237    Site and Facility Security Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . 240    Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242    Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 246    Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 CHAPTER 5: Communications and Network Security . . . . . . . . . . . . . 249    Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250    Secure Network Design.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250    Network Models and Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 250    TCP/IP.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258    LANs and Their Components.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271    Communication Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280    Network Equipment.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281    Routing.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287    WANs and Their Components.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289    Cloud Computing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294    Software-Defined WAN (SD-WAN).. . . . . . . . . . . . . . . . . . . . . . . . . 296    Securing Email Communications.. . . . . . . . . . . . . . . . . . . . . . . . . . . 296    Securing Voice and Wireless Communications.. . . . . . . . . . . . . . . . . . 298    Securing TCP/IP with Cryptographic Solutions.. . . . . . . . . . . . . . . . . 316    Network Access Control Devices.. . . . . . . . . . . . . . . . . . . . . . . . . . . 321    Remote Access.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326    Message Privacy and Multimedia Collaboration.. . . . . . . . . . . . . . . . . 331    Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333    Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 337    Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338 CHAPTER 6: Identity and Access Management. . . . . . . . . . . . . . . . . . 341    Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342    Perimeter Physical Control Systems.. . . . . . . . . . . . . . . . . . . . . . . . . 344    Employee Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355    Identification, Authentication, and Authorization. . . . . . . . . . . . . . . . . 358    Single Sign-On (SSO).. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378    Authorization and Access Control Techniques. . . . . . . . . . . . . . . . . . . 382    Centralized and Decentralized Access Control Models. . . . . . . . . . . . . 390    Audits and Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394    Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404    Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 408    Suggesting Reading and Resources.. . . . . . . . . . . . . . . . . . . . . . . . . . 410 CHAPTER 7: Security Assessment and Testing. . . . . . . . . . . . . . . . . . . 411    Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412    Security Assessments and Penetration Test Strategies. . . . . . . . . . . . . . 412    Test Techniques and Methods.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424    Security Threats and Vulnerabilities.. . . . . . . . . . . . . . . . . . . . . . . . . 427    Network Security Threats and Attack Techniques.. . . . . . . . . . . . . . . . 431    Access Control Threats and Attack Techniques.. . . . . . . . . . . . . . . . . . 438    Social-Based Threats and Attack Techniques. . . . . . . . . . . . . . . . . . . . 443    Malicious Software Threats and Attack Techniques.. . . . . . . . . . . . . . . 444    Investigating Computer Crime.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452    Disaster Recovery and Business Continuity.. . . . . . . . . . . . . . . . . . . . 458    Investigations.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459    Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461    Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 464    Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465 CHAPTER 8: Security Operations... . . . . . . . . . . . . . . . . . . . . . . . . . . 467    Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468    Foundational Security Operations Concepts.. . . . . . . . . . . . . . . . . . . . 468    Resource Protection.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472    Telecommunication Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477    System Resilience, Fault Tolerance, and Recovery Controls.. . . . . . . . . 486    Monitoring and Auditing Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . 487    Perimeter Security Controls and Risks. . . . . . . . . . . . . . . . . . . . . . . . 493    Facility Concerns and Requirements.. . . . . . . . . . . . . . . . . . . . . . . . . 495    Environmental Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502    Electrical Power.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503    Equipment Lifecycle.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505    Fire Prevention, Detection, and Suppression. . . . . . . . . . . . . . . . . . . . 505    Alarm Systems.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509    Intrusion Detection and Prevention Systems. . . . . . . . . . . . . . . . . . . . 512    Investigations and Incidents.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513    Digital Forensics, Tools, Tactics, and Procedures.. . . . . . . . . . . . . . . . . 514    The Disaster Recovery Lifecycle. . . . . . . . . . . . . . . . . . . . . . . . . . . . 521    Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549    Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 555    Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558 CHAPTER 9: Software Development Security... . . . . . . . . . . . . . . . . . . 559    Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560    Integrating Security into the Development Lifecycle.. . . . . . . . . . . . . . 560    Development Methodologies.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573    Change Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580    Database Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582    Programming Languages, Secure Coding Guidelines, and Standards.. . . 588    Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599    Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 603    Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605 Practice Exam I.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607 Practice Exam II. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621 Answers to Practice Exam I.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635 Answers to Practice Exam II. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651 Glossary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667 9780137419555, TOC, 6/7/2021

Best Sellers

See All
Too Good To Be True
Quick View

Too Good To Be True Prajakta Koli

No Review Yet

AED72

Thank You for Leaving
Quick View

Thank You for Leaving Rithvik Singh

No Review Yet

AED65

Atomic Habits (EXP)
Quick View

Atomic Habits (EXP) James Clear

No Review Yet

AED159

My First Library
Quick View

My First Library

No Review Yet

AED105

Money Myths and Mantras
Quick View

Money Myths and Mantras Devina Mehra

No Review Yet

AED75

White Nights
Quick View

White Nights Ronald Meyer

No Review Yet

AED58

Meditations
Quick View

Meditations Marcus Aurelius

No Review Yet

AED61

Harry Potter Box Set: The Complete Collection (Children’s Paperback)
Quick View

Harry Potter Box Set: The Complete Collection (Children’s Paperback) J.K. Rowling

No Review Yet

AED730

Atomic Habits
Quick View

Atomic Habits James Clear

No Review Yet

AED103

Animals Tales From Panchtantra
Quick View

Animals Tales From Panchtantra

No Review Yet

AED82

Ikigai
Quick View

Ikigai Francesc Miralles

No Review Yet

AED84

Atomic Habits
Quick View

Atomic Habits James Clear

No Review Yet

AED194

Product Details
  • ISBN-13: 9780137419555
  • Publisher: Pearson Education (US)
  • Publisher Imprint: Pearson IT Certification
  • Height: 226 mm
  • No of Pages: 800
  • Series Title: Exam Cram
  • Weight: 1000 gr
  • ISBN-10: 0137419554
  • Publisher Date: 17 Aug 2021
  • Binding: SA
  • Language: English
  • Returnable: Y
  • Spine Width: 44 mm
  • Width: 152 mm

Similar Products

Add Photo
Add Photo

Customer Reviews

REVIEWS      0     
Click Here To Be The First to Review this Product
CISSP Exam Cram: (Exam Cram)
Pearson Education (US) -
CISSP Exam Cram: (Exam Cram)
Writing guidlines
We want to publish your review, so please:
  • keep your review on the product. Review's that defame author's character will be rejected.
  • Keep your review focused on the product.
  • Avoid writing about customer service. contact us instead if you have issue requiring immediate attention.
  • Refrain from mentioning competitors or the specific price you paid for the product.
  • Do not include any personally identifiable information, such as full names.

CISSP Exam Cram: (Exam Cram)

Required fields are marked with *

Review Title*
Review
    Add Photo Add up to 6 photos
    Would you recommend this product to a friend?
    Tag this Book Read more
    Does your review contain spoilers?
    What type of reader best describes you?
    I agree to the terms & conditions
    You may receive emails regarding this submission. Any emails will include the ability to opt-out of future communications.

    CUSTOMER RATINGS AND REVIEWS AND QUESTIONS AND ANSWERS TERMS OF USE

    These Terms of Use govern your conduct associated with the Customer Ratings and Reviews and/or Questions and Answers service offered by Bookswagon (the "CRR Service").


    By submitting any content to Bookswagon, you guarantee that:
    • You are the sole author and owner of the intellectual property rights in the content;
    • All "moral rights" that you may have in such content have been voluntarily waived by you;
    • All content that you post is accurate;
    • You are at least 13 years old;
    • Use of the content you supply does not violate these Terms of Use and will not cause injury to any person or entity.
    You further agree that you may not submit any content:
    • That is known by you to be false, inaccurate or misleading;
    • That infringes any third party's copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy;
    • That violates any law, statute, ordinance or regulation (including, but not limited to, those governing, consumer protection, unfair competition, anti-discrimination or false advertising);
    • That is, or may reasonably be considered to be, defamatory, libelous, hateful, racially or religiously biased or offensive, unlawfully threatening or unlawfully harassing to any individual, partnership or corporation;
    • For which you were compensated or granted any consideration by any unapproved third party;
    • That includes any information that references other websites, addresses, email addresses, contact information or phone numbers;
    • That contains any computer viruses, worms or other potentially damaging computer programs or files.
    You agree to indemnify and hold Bookswagon (and its officers, directors, agents, subsidiaries, joint ventures, employees and third-party service providers, including but not limited to Bazaarvoice, Inc.), harmless from all claims, demands, and damages (actual and consequential) of every kind and nature, known and unknown including reasonable attorneys' fees, arising out of a breach of your representations and warranties set forth above, or your violation of any law or the rights of a third party.


    For any content that you submit, you grant Bookswagon a perpetual, irrevocable, royalty-free, transferable right and license to use, copy, modify, delete in its entirety, adapt, publish, translate, create derivative works from and/or sell, transfer, and/or distribute such content and/or incorporate such content into any form, medium or technology throughout the world without compensation to you. Additionally,  Bookswagon may transfer or share any personal information that you submit with its third-party service providers, including but not limited to Bazaarvoice, Inc. in accordance with  Privacy Policy


    All content that you submit may be used at Bookswagon's sole discretion. Bookswagon reserves the right to change, condense, withhold publication, remove or delete any content on Bookswagon's website that Bookswagon deems, in its sole discretion, to violate the content guidelines or any other provision of these Terms of Use.  Bookswagon does not guarantee that you will have any recourse through Bookswagon to edit or delete any content you have submitted. Ratings and written comments are generally posted within two to four business days. However, Bookswagon reserves the right to remove or to refuse to post any submission to the extent authorized by law. You acknowledge that you, not Bookswagon, are responsible for the contents of your submission. None of the content that you submit shall be subject to any obligation of confidence on the part of Bookswagon, its agents, subsidiaries, affiliates, partners or third party service providers (including but not limited to Bazaarvoice, Inc.)and their respective directors, officers and employees.

    Accept

    New Arrivals

    See All
    Too Good To Be True
    Quick View

    Too Good To Be True Prajakta Koli

    No Review Yet

    AED72

    Thank You for Leaving
    Quick View

    Thank You for Leaving Rithvik Singh

    No Review Yet

    AED65

    Money Myths and Mantras
    Quick View

    Money Myths and Mantras Devina Mehra

    No Review Yet

    AED75

    Can We be Strangers Again?
    Quick View

    Can We be Strangers Again? Shrijeet Shandilya

    No Review Yet

    AED65

    The New Icon
    Quick View

    The New Icon Arun Shourie

    No Review Yet

    AED119

    Confessions of Stock Market Wizards
    Quick View

    Confessions of Stock Market Wizards Safir Anand

    No Review Yet

    AED100

    The Circle of Life
    Quick View

    The Circle of Life Sudha Murty

    No Review Yet

    AED82

    Voice for the Voiceless
    Quick View

    Voice for the Voiceless His Holiness the Dalai Lama

    No Review Yet

    AED100

    Lords of Earth and Sea
    Quick View

    Lords of Earth and Sea Anirudh Kanisetti

    No Review Yet

    AED119

    Onyx Storm
    Quick View

    Onyx Storm Rebecca Yarros

    No Review Yet

    AED163

    The Cantonment Conspiracy
    Quick View

    The Cantonment Conspiracy Manoj Mukund Naravane

    No Review Yet

    AED84

    Inspired by your browsing history


    Your review has been submitted!

    You've already reviewed this product!