Home > Articles

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Exam Preparation Tasks

As mentioned in the section “About the CISSP Cert Guide, Third Edition” in the Introduction, you have a couple of choices for exam preparation: the exercises here, Chapter 9, “Final Preparation,” and the exam simulation questions in the Pearson Test Prep Software Online.

Review All Key Topics

Review the most important topics in this chapter, noted with the Key Topics icon in the outer margin of the page. Table 6-6 lists a reference of these key topics and the page numbers on which each is found.

key.jpg

Table 6-6 Key Topics for Chapter 6

Key Topic Element

Description

Page Number

List

Three categories of vulnerability assessments

536

Table 6-1

Server-Based vs. Agent-Based Scanning

539

List

Steps in a penetration test

539

List

Strategies for penetration testing

540

List

Penetration testing categories

540

Table 6-2

Comparison of Vulnerability Assessments and Penetration Tests

541

List

NIST SP 800-92 recommendations for log management

542

Table 6-3

Examples of Logging Configuration Settings

545

Table 6-4

Black-Box, Gray-Box, and White-Box Testing

547

List

Steps to establish, implement, and maintain ISCM

550

List

Types of SOC 1 reports

555

Table 6-5

SOC Reports Comparison

555

Define Key Terms

Define the following key terms from this chapter and check your answers in the glossary:

  • account management

  • active vulnerability scanner (AVS)

  • black-box testing

  • blind test

  • code review and testing

  • double-blind test

  • dynamic testing

  • full-knowledge test

  • fuzz testing

  • gray-box testing

  • information security continuous monitoring (ISCM)

  • interface testing

  • log

  • log review

  • misuse case testing

  • negative testing

  • network discovery scan

  • network vulnerability scan

  • NIST SP 800-137

  • NIST SP 800-92

  • operating system fingerprinting

  • partial-knowledge test

  • passive vulnerability scanner (PVS)

  • penetration test

  • real user monitoring (RUM)

  • static testing

  • synthetic transaction monitoring

  • target test

  • test coverage analysis

  • topology discovery

  • vulnerability

  • vulnerability assessment

  • white-box testing

  • zero-knowledge test

  • + Share This
  • 🔖 Save To Your Account