CISSP Exam Cram
Author:   Michael Gregg
Publisher:   Pearson Education (US)
Edition:   5th edition
ISBN:  

9780137419555


Pages:   800
Publication Date:   17 August 2021
Format:   Mixed media product
Availability:   In Print   Availability explained
This item will be ordered in for you from one of our suppliers. Upon receipt, we will promptly dispatch it out to you. For in store availability, please contact us.

Our Price $68.20 Quantity:  
Add to Cart

Share |

CISSP Exam Cram


Add your own review!

Overview

CISSP Exam Cram, Fifth Edition is the perfect study guide to help you pass the latest update to the eight-domain version of the CISSP exam. It offers knowledge and practice questions for every exam topic, with new coverage of asset retention, secure provisioning, crypto attacks, machine learning tools, threat hunting, risk-based access control, zero trust, SAML, SOAR, CASB, securing microservices, containers, managed services, and more. Covers the critical information you'll need to score higher on your CISSP exam! Understand Security & Risk Management: ethics, security concepts, governance, compliance, law/regulation, policies/procedures, threat models, supply chain risk, awareness training, and more Ensure Secure Assets: identify/classify information and assets; handling requirements, resource provisioning, data lifecycles, retention Review Security Architecture & Engineering: secure processes and principles, security models and controls, system capabilities, vulnerability assessment/mitigation, crypto attacks/solutions, site/facility design and controls Improve Communication & Network Security: secure network architectures, components, and channels Strengthen Identity & Access Management (IAM): physical/logical access control, identification, authentication, federated identity services, authorization, identity/access provisioning Enhance Security Assessment & Testing: design/validate assessment, test, and audit strategies; test controls; collect process data; evaluate and report test results; conduct or support audits Manage Security Operations: investigations, logs, monitoring, resource protection, incident management, detection/prevention; configuration, patches, vulnerabilities, and change management; DR/BC, physical and personnel security, and more

Full Product Details

Author:   Michael Gregg
Publisher:   Pearson Education (US)
Imprint:   Pearson IT Certification
Edition:   5th edition
Dimensions:   Width: 15.20cm , Height: 4.40cm , Length: 22.60cm
Weight:   1.000kg
ISBN:  

9780137419555


ISBN 10:   0137419554
Pages:   800
Publication Date:   17 August 2021
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Mixed media product
Publisher's Status:   Active
Availability:   In Print   Availability explained
This item will be ordered in for you from one of our suppliers. Upon receipt, we will promptly dispatch it out to you. For in store availability, please contact us.

Table of Contents

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 CHAPTER 1: The CISSP Certification Exam. . . . . . . . . . . . . . . . . . . . 19 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Assessing Exam Readiness.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Exam Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Taking the Exam. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Examples of CISSP Test Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . 24 Answer to Multiple-Choice Question.. . . . . . . . . . . . . . . . . . . . . . . . 26 Answer to Drag and Drop Question.. . . . . . . . . . . . . . . . . . . . . . . . . 26 Answer to Hotspot Question.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Question-Handling Strategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Mastering the Inner Game.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 CHAPTER 2: Understanding Asset Security . . . . . . . . . . . . . . . . . . . . 29 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Basic Security Principles.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Data Management: Determining and Maintaining Ownership.. . . . . . . 32 Data Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Data Security, Protection, Sharing, and Dissemination.. . . . . . . . . . . . . 42 Classifying Information and Supporting Asset Classification.. . . . . . . . . 47 Asset Management and Governance.. . . . . . . . . . . . . . . . . . . . . . . . . 51 Determining Data Security Controls.. . . . . . . . . . . . . . . . . . . . . . . . . 55 Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 CHAPTER 3: Security and Risk Management... . . . . . . . . . . . . . . . . . 69 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Security Governance.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 U.S. Legal System and Laws. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 International Legal Systems and Laws.. . . . . . . . . . . . . . . . . . . . . . . . 72 Global Legal and Regulatory Issues. . . . . . . . . . . . . . . . . . . . . . . . . . 74 Risk Management Concepts.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Selecting Countermeasures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Threat Modeling Concepts and Methodologies. . . . . . . . . . . . . . . . . . 107 Managing Risk with the Supply Chain and Third Parties.. . . . . . . . . . . 110 Identifying and Prioritizing Business Continuity Requirements Based on Risk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Developing and Implementing Security Policy.. . . . . . . . . . . . . . . . . . 123 Types of Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Implementing Personnel Security.. . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Security Education, Training, and Awareness.. . . . . . . . . . . . . . . . . . . 134 Professional Ethics Training and Awareness.. . . . . . . . . . . . . . . . . . . . 137 Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 CHAPTER 4: Security Architecture and Engineering.. . . . . . . . . . . . . . 151 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Secure Design Guidelines and Governance Principles.. . . . . . . . . . . . . 152 Fundamental Concepts of Security Models. . . . . . . . . . . . . . . . . . . . . 158 Security Architecture.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Common Formal Security Models. . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Product Security Evaluation Models.. . . . . . . . . . . . . . . . . . . . . . . . . 189 System Validation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Vulnerabilities of Security Architectures. . . . . . . . . . . . . . . . . . . . . . . 195 Cryptography.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Algorithms.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Cipher Types and Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Symmetric Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 Asymmetric Encryption.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 Hybrid Encryption.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 Public Key Infrastructure and Key Management.. . . . . . . . . . . . . . . . . 225 Integrity and Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 Cryptographic Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Site and Facility Security Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . 240 Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 CHAPTER 5: Communications and Network Security . . . . . . . . . . . . . 249 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Secure Network Design.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Network Models and Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 TCP/IP.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 LANs and Their Components.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Communication Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 Network Equipment.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 Routing.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 WANs and Their Components.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 Cloud Computing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 Software-Defined WAN (SD-WAN).. . . . . . . . . . . . . . . . . . . . . . . . . 296 Securing Email Communications.. . . . . . . . . . . . . . . . . . . . . . . . . . . 296 Securing Voice and Wireless Communications.. . . . . . . . . . . . . . . . . . 298 Securing TCP/IP with Cryptographic Solutions.. . . . . . . . . . . . . . . . . 316 Network Access Control Devices.. . . . . . . . . . . . . . . . . . . . . . . . . . . 321 Remote Access.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326 Message Privacy and Multimedia Collaboration.. . . . . . . . . . . . . . . . . 331 Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 337 Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338 CHAPTER 6: Identity and Access Management. . . . . . . . . . . . . . . . . . 341 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342 Perimeter Physical Control Systems.. . . . . . . . . . . . . . . . . . . . . . . . . 344 Employee Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 Identification, Authentication, and Authorization. . . . . . . . . . . . . . . . . 358 Single Sign-On (SSO).. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 Authorization and Access Control Techniques. . . . . . . . . . . . . . . . . . . 382 Centralized and Decentralized Access Control Models. . . . . . . . . . . . . 390 Audits and Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394 Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 408 Suggesting Reading and Resources.. . . . . . . . . . . . . . . . . . . . . . . . . . 410 CHAPTER 7: Security Assessment and Testing. . . . . . . . . . . . . . . . . . . 411 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 Security Assessments and Penetration Test Strategies. . . . . . . . . . . . . . 412 Test Techniques and Methods.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424 Security Threats and Vulnerabilities.. . . . . . . . . . . . . . . . . . . . . . . . . 427 Network Security Threats and Attack Techniques.. . . . . . . . . . . . . . . . 431 Access Control Threats and Attack Techniques.. . . . . . . . . . . . . . . . . . 438 Social-Based Threats and Attack Techniques. . . . . . . . . . . . . . . . . . . . 443 Malicious Software Threats and Attack Techniques.. . . . . . . . . . . . . . . 444 Investigating Computer Crime.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452 Disaster Recovery and Business Continuity.. . . . . . . . . . . . . . . . . . . . 458 Investigations.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459 Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461 Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 464 Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465 CHAPTER 8: Security Operations... . . . . . . . . . . . . . . . . . . . . . . . . . . 467 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468 Foundational Security Operations Concepts.. . . . . . . . . . . . . . . . . . . . 468 Resource Protection.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472 Telecommunication Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 System Resilience, Fault Tolerance, and Recovery Controls.. . . . . . . . . 486 Monitoring and Auditing Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . 487 Perimeter Security Controls and Risks. . . . . . . . . . . . . . . . . . . . . . . . 493 Facility Concerns and Requirements.. . . . . . . . . . . . . . . . . . . . . . . . . 495 Environmental Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502 Electrical Power.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503 Equipment Lifecycle.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 Fire Prevention, Detection, and Suppression. . . . . . . . . . . . . . . . . . . . 505 Alarm Systems.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509 Intrusion Detection and Prevention Systems. . . . . . . . . . . . . . . . . . . . 512 Investigations and Incidents.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513 Digital Forensics, Tools, Tactics, and Procedures.. . . . . . . . . . . . . . . . . 514 The Disaster Recovery Lifecycle. . . . . . . . . . . . . . . . . . . . . . . . . . . . 521 Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549 Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 555 Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558 CHAPTER 9: Software Development Security... . . . . . . . . . . . . . . . . . . 559 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560 Integrating Security into the Development Lifecycle.. . . . . . . . . . . . . . 560 Development Methodologies.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573 Change Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580 Database Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582 Programming Languages, Secure Coding Guidelines, and Standards.. . . 588 Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599 Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 603 Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605 Practice Exam I.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607 Practice Exam II. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621 Answers to Practice Exam I.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635 Answers to Practice Exam II. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651 Glossary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667 9780137419555, TOC, 6/7/2021

Reviews

Author Information

Michael Gregg has more than 20 years of experience in information security and risk management. He holds two associate's degrees, a bachelor's degree, and a master's degree. Some of the certifications he holds include CISSP, SSCP, MCSE, CTT+, A+, N+, Security+, CASP, CCNA, GSEC, CEH, CHFI, CEI, CISA, CISM, and CGEIT. In addition to his experience performing security management, audits, and assessments, Gregg has authored or coauthored more than 25 books, including Certified Ethical Hacker Exam Prep (Que), CISSP Exam Cram 2 (Que), and Security Administrator Street Smarts (Sybex). He has testified before the U.S. Congress, his articles have been published on IT websites, and he has been sourced as an industry expert for CBS, ABC, CNN, Fox News, and the New York Times. He has created more than 15 security-related courses and training classes for various companies and universities. Although leading, building, and managing security programs is where he spends the bulk of his time, contributing to the written body of IT security knowledge is how Michael believes he can give something back to the community that has given him so much.

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions
Latest Reading Guide

MRG2025CC

 

Shopping Cart
Your cart is empty
 Shopping cart
Mailing List

 

Sign up now