Home > Store

CISSP Exam Cram, 2nd Edition

Register your product to gain access to bonus material or receive a coupon.

CISSP Exam Cram, 2nd Edition

Book

  • Sorry, this book is no longer in print.
Not for Sale

Description

  • Copyright 2009
  • Edition: 2nd
  • Book
  • ISBN-10: 0-7897-3806-6
  • ISBN-13: 978-0-7897-3806-6

Updated for 2009

Covers the critical information you’ll need to know to score higher on your CISSP exam!

  • Build and manage an effective, integrated security architecture
  • Systematically protect your physical facilities and the IT resources they contain
  • Implement and administer access control
  • Use cryptography to help guarantee data integrity, confidentiality, and authenticity
  • Secure networks, Internet connections, and communications
  • Make effective business continuity and disaster recovery plans, and execute them successfully
  • Address today’s essential legal, regulatory, and compliance issues
  • Master the basics of security forensics
  • Develop more secure applications and systems from the ground up
  • Use security best practices ranging from risk management to operations and auditing
  • Understand and perform the crucial non-technical tasks associated with IT security

CD Features Test Engine Powered by MeasureUp!

  • Detailed explanations of correct and incorrect answers
  • Multiple test modes
  • Random questions and order of answers
  • Coverage of each CISSP exam domain

Sample Content

Online Sample Chapter

CISSP Exam Cram: Business Continuity and Disaster Recovery Planning

Sample Pages

Download the sample pages (includes Chapter 7 and Index)

Table of Contents

Introduction 1

Chapter 1:

The CISSP Certification Exam ............................................................15

Introduction ..............................................................................................16

Assessing Exam Readiness........................................................................16

Taking the Exam.......................................................................................17

Multiple-Choice Question Format ..........................................................19

Exam Strategy...........................................................................................19

Question-Handling Strategies..................................................................21

Mastering the Inner Game.......................................................................21

Need to Know More?...............................................................................22

Chapter 2:

Physical Security ...........................................................................23

Introduction ..............................................................................................24

Physical Security Risks .............................................................................24

Natural Disasters.............................................................................25

Man-Made Threats .........................................................................26

Technical Problems .........................................................................27

Facility Concerns and Requirements.......................................................28

CPTED ...........................................................................................28

Area Concerns .................................................................................29

Location...........................................................................................30

Construction....................................................................................30

Doors, Walls, Windows, and Ceilings............................................31

Asset Placement...............................................................................34

Perimeter Controls...................................................................................34

Fences ..............................................................................................34

Gates ................................................................................................36

Bollards ............................................................................................37

CCTV Cameras ..............................................................................38

Lighting ...........................................................................................39

Guards and Dogs.............................................................................40

Locks................................................................................................41

Employee Access Control ........................................................................44

Badges, Tokens, and Cards..............................................................44

Biometric Access Controls ..............................................................46

Environmental Controls...........................................................................47

Heating, Ventilating, and Air Conditioning...................................48

Electrical Power........................................................................................49

Uninterruptible Power Supply .......................................................50

Equipment Life Cycle ..............................................................................50

Fire Prevention, Detection, and Suppression..........................................51

Fire-Detection Equipment..............................................................52

Fire Suppression ..............................................................................52

Alarm Systems...........................................................................................55

Intrusion Detection Systems...........................................................55

Monitoring and Detection ..............................................................56

Exam Prep Questions ...............................................................................58

Answers to Exam Prep Questions............................................................60

Suggested Reading and Resources ...........................................................61

Chapter 3:

Access Control Systems and Methodology .............................................63

Introduction ..............................................................................................64

Identification, Authentication, and Authorization ..................................65

Authentication .................................................................................65

Single Sign-On .........................................................................................78

Kerberos...........................................................................................78

SESAME..........................................................................................81

Authorization and Access Controls Techniques ......................................81

Discretionary Access Control .........................................................81

Mandatory Access Control..............................................................82

Role-Based Access Control .............................................................84

Other Types of Access Controls .....................................................85

Access Control Methods ..........................................................................86

Centralized Access Control.............................................................86

Decentralized Access Control.........................................................89

Access Control Types ...............................................................................90

Administrative Controls ..................................................................90

Technical Controls ..........................................................................91

Physical Controls.............................................................................91

Access Control Categories ..............................................................92

Audit and Monitoring...............................................................................93

Monitoring Access and Usage ........................................................93

Intrusion Detection Systems...........................................................94

Intrusion Prevention Systems .........................................................98

Network Access Control .................................................................98

Keystroke Monitoring.....................................................................99

Emanation Security .......................................................................100

Access Control Attacks ...........................................................................101

Password Attacks ...........................................................................101

Spoofing.........................................................................................105

Sniffing...........................................................................................105

Eavesdropping and Shoulder Surfing...........................................105

Wiretapping...................................................................................106

Identity Theft ................................................................................106

Denial of Service Attacks ..............................................................107

Distributed Denial of Service Attacks ..........................................109

Botnets ...........................................................................................109

Exam Prep Questions .............................................................................111

Answers to Exam Prep Questions..........................................................113

Suggesting Reading and Resources........................................................115

Chapter 4:

Cryptography...............................................................................117

Introduction ............................................................................................118

Cryptographic Basics ..............................................................................118

History of Encryption ............................................................................121

Steganography ........................................................................................126

Steganography Operation .............................................................127

Digital Watermark ........................................................................128

Algorithms...............................................................................................128

Cipher Types and Methods ....................................................................130

Symmetric Encryption ...........................................................................131

Data Encryption Standard ............................................................133

Triple-DES ....................................................................................136

Advanced Encryption Standard ....................................................138

International Data Encryption Algorithm....................................138

Rivest Cipher Algorithms .............................................................139

Asymmetric Encryption..........................................................................139

Diffie-Hellman ..............................................................................141

RSA ................................................................................................142

El Gamal........................................................................................143

Elliptical Curve Cryptosystem......................................................144

Merkle-Hellman Knapsack ...........................................................144

Review of Symmetric and Asymmetric Cryptographic Systems .145

Hybrid Encryption .................................................................................145

Integrity and Authentication ..................................................................146

Hashing and Message Digests ......................................................147

Digital Signatures..........................................................................150

Cryptographic System Review......................................................151

Public Key Infrastructure .......................................................................151

Certificate Authority .....................................................................152

Registration Authority...................................................................152

Certificate Revocation List ...........................................................153

Digital Certificates ........................................................................153

The Client’s Role in PKI ..............................................................155

Email Protection Mechanisms ...............................................................156

Pretty Good Privacy......................................................................156

Other Email Security Applications...............................................157

Securing TCP/IP with Cryptographic Solutions..................................157

Application/Process Layer Controls.............................................158

Host to Host Layer Controls........................................................159

Internet Layer Controls ................................................................160

Network Access Layer Controls ...................................................161

Link and End to End Encryption.................................................162

Cryptographic Attacks............................................................................163

Exam Prep Questions .............................................................................166

Answers to Exam Prep Questions..........................................................168

Need to Know More?.............................................................................170

Chapter 5:

Security Architecture and Models ......................................................171

Introduction ............................................................................................172

Computer System Architecture..............................................................172

Central Processing Unit................................................................172

Storage Media................................................................................175

I/O Bus Standards .........................................................................178

Virtual Memory and Virtual Machines.........................................178

Computer Configurations.............................................................179

Security Architecture..............................................................................180

Protection Rings............................................................................180

Trusted Computer Base ................................................................182

Open and Closed Systems.............................................................185

Security Modes of Operation........................................................185

Operating States ............................................................................186

Recovery Procedures.....................................................................187

Process Isolation............................................................................188

Security Models of Control....................................................................188

State Machine Model ....................................................................189

Confidentiality...............................................................................190

Integrity .........................................................................................191

Other Models ................................................................................194

Documents and Guidelines ....................................................................195

The Rainbow Series ......................................................................195

The Red Book: Trusted Network Interpretation.........................197

Information Technology Security Evaluation Criteria ................198

Common Criteria..........................................................................199

British Standard 7799....................................................................200

System Validation ...................................................................................200

Certification and Accreditation.....................................................201

Governance and Enterprise Architecture.....................................202

Security Architecture Threats................................................................204

Buffer Overflow.............................................................................204

Back Doors ....................................................................................205

Asynchronous Attacks ...................................................................205

Covert Channels............................................................................205

Incremental Attacks.......................................................................206

Exam Prep Questions .............................................................................207

Answers to Exam Prep Questions..........................................................209

Need to Know More?.............................................................................211

Chapter 6:

Telecommunications and Network Security...........................................213

Introduction ............................................................................................214

Network Models and Standards.............................................................214

OSI Model.....................................................................................215

Encapsulation/De-encapsulation ..................................................221

TCP/IP ...................................................................................................222

Network Access Layer...................................................................222

Internet Layer................................................................................223

Host-to-Host (Transport) Layer...................................................226

Application Layer ..........................................................................229

LANs and Their Components...............................................................232

LAN Communication Protocols ..................................................233

Network Topologies......................................................................233

LAN Cabling.................................................................................236

Network Types ..............................................................................238

Communication Standards.....................................................................239

Network Equipment...............................................................................240

Repeaters........................................................................................240

Hubs...............................................................................................240

Bridges ...........................................................................................240

Switches .........................................................................................241

Routers...........................................................................................242

Brouters .........................................................................................243

Gateways........................................................................................243

Routing....................................................................................................244

WANs and Their Components..............................................................246

Packet Switching ...........................................................................246

Circuit Switching...........................................................................248

Voice Communications and Wireless Communications.......................251

Voice over IP .................................................................................251

Cell Phones....................................................................................252

802.11 Wireless Networks and Standards....................................253

Network Security....................................................................................261

Firewalls.........................................................................................261

Demilitarized Zone .......................................................................263

Firewall Design..............................................................................264

Remote Access ........................................................................................265

Point-to-Point Protocol................................................................265

Virtual Private Networks ..............................................................266

Remote Authentication Dial-in User Service ..............................267

Terminal Access Controller Access Control System....................267

IPSec ..............................................................................................268

Message Privacy......................................................................................268

Threats to Network Security .................................................................269

DoS Attacks ...................................................................................269

Disclosure Attacks .........................................................................270

Destruction, Alteration, or Theft .................................................271

Exam Prep Questions .............................................................................274

Answers to Exam Prep Questions..........................................................277

Need to Know More?.............................................................................278

Chapter 7:

Business Continuity and Disaster Recovery Planning...............................279

Introduction ............................................................................................280

Threats to Business Operations .............................................................280

Disaster Recovery and Business Continuity Management ...................281

Project Management and Initiation..............................................283

Business Impact Analysis...............................................................285

Recovery Strategy..........................................................................290

Plan Design and Development .....................................................303

Implementation .............................................................................306

Testing............................................................................................307

Monitoring and Maintenance .......................................................309

Disaster Life Cycle .................................................................................310

Teams and Responsibilities ...........................................................312

Exam Prep Questions .............................................................................314

Answers to Exam Prep Questions..........................................................316

Need to Know More?.............................................................................318

Chapter 8:

Legal, Regulations, Compliance, and Investigations ...............................319

Introduction ............................................................................................320

United States Legal System and Laws...................................................320

International Legal Systems and Laws ..................................................321

International Property Laws ..................................................................323

Piracy and Issues with Copyrights................................................323

Privacy Laws and Protection of Personal Information .........................325

Privacy Impact Assessment ...........................................................327

Computer Crime Laws...........................................................................328

Ethics.......................................................................................................328

ISC2 Code of Ethics ......................................................................329

Computer Ethics Institute ............................................................330

Internet Architecture Board..........................................................331

NIST 800-14 .................................................................................332

Computer Crime and Criminals ............................................................332

Pornography ..................................................................................335

Well-Known Computer Crimes ............................................................335

How Computer Crime Has Changed....................................................336

Attack Vectors .........................................................................................338

Keystroke Logging........................................................................338

Wiretapping...................................................................................339

Spoofing Attacks............................................................................339

Manipulation Attacks ....................................................................340

Social Engineering ........................................................................341

Dumpster Diving...........................................................................341

Investigating Computer Crime ..............................................................342

Computer Crime Jurisdiction .......................................................343

Incident Response .........................................................................343

Forensics .................................................................................................347

Standardization of Forensic Procedures.......................................349

Computer Forensics ......................................................................349

Investigations ..........................................................................................354

Search, Seizure, and Surveillance .................................................354

Interviews and Interrogations .......................................................355

Honeypots and Honeynets ...........................................................355

Evidence Types..............................................................................356

Trial .........................................................................................................357

The Evidence Life Cycle ..............................................................358

Exam Prep Questions .............................................................................359

Answers to Exam Prep Questions..........................................................362

Need to Know More?.............................................................................364

Chapter 9:

Applications and Systems-Development Security ...................................365

Introduction ............................................................................................366

System Development..............................................................................366

Avoiding System Failure ...............................................................367

The System Development Life Cycle ..........................................369

System Development Methods ..............................................................376

The Waterfall Model ....................................................................376

The Spiral Model ..........................................................................376

Joint Application Development ....................................................377

Rapid Application Development...................................................377

Incremental Development ............................................................377

Prototyping....................................................................................378

Computer-Aided Software Engineering.......................................378

Agile Development Methods ........................................................378

Capability Maturity Model ...........................................................379

Scheduling .....................................................................................380

Change Management..............................................................................380

Programming Languages .......................................................................382

Object-Oriented Programming ....................................................384

CORBA..........................................................................................385

Database Management ...........................................................................385

Database Terms .............................................................................386

Integrity .........................................................................................388

Transaction Processing..................................................................388

Data Warehousing.........................................................................388

Data Mining ..................................................................................389

Knowledge Management ..............................................................390

Artificial Intelligence and Expert Systems ...................................390

Malicious Code .......................................................................................391

Viruses............................................................................................391

Worms............................................................................................393

Spyware..........................................................................................394

Back Doors and Trapdoors ...........................................................394

Change Detection .........................................................................395

Malformed Input (SQL Injection)................................................395

Mobile Code..................................................................................396

Financial Attacks............................................................................396

Buffer Overflow.............................................................................397

Denial of Service ...........................................................................398

Distributed Denial of Service .......................................................399

Exam Prep Questions .............................................................................400

Answers to Exam Prep Questions..........................................................402

Need to Know More?.............................................................................404

Chapter 10:

Information Security and Risk Management Practices..............................405

Introduction ............................................................................................406

Basic Security Principles ........................................................................406

Security Management and Governance.................................................408

Asset Identification .................................................................................410

Risk Assessment ......................................................................................411

Risk Management..........................................................................412

Policies Development.............................................................................427

Security Policy...............................................................................428

Standards........................................................................................430

Baselines.........................................................................................430

Guidelines......................................................................................431

Procedures .....................................................................................431

Data Classification.........................................................................431

Implementation.......................................................................................434

Roles and Responsibility ...............................................................434

Security Controls...........................................................................436

Training and Education..........................................................................438

Security Awareness ........................................................................439

Social Engineering ........................................................................440

Auditing Your Security Infrastructure ...................................................441

The Risk of Poor Security Management...............................................442

Exam Prep Questions .............................................................................443

Answers to Exam Prep Questions..........................................................445

Need to Know More?.............................................................................447

Chapter 11:

Operations Security .......................................................................449

Introduction ............................................................................................450

Operational Security...............................................................................450

Employee Recruitment .................................................................451

New-Hire Orientation ..................................................................452

Separation of Duties......................................................................452

Job Rotation...................................................................................452

Least Privilege ...............................................................................453

Mandatory Vacations.....................................................................453

Termination ...................................................................................454

Accountability .........................................................................................454

Controls ..................................................................................................456

Security Controls...........................................................................456

Operational Controls ....................................................................458

Auditing and Monitoring .......................................................................465

Auditing .........................................................................................466

Monitoring Controls.....................................................................467

Clipping Levels..............................................................................468

Intrusion Detection .......................................................................469

Keystroke Monitoring...................................................................470

Antivirus.........................................................................................470

Facility Access Control..................................................................471

Telecommunication Controls.................................................................472

Fax..................................................................................................472

PBX................................................................................................473

Email..............................................................................................474

Backup, Fault Tolerance, and Recovery Controls .................................476

Backups ..........................................................................................477

Fault Tolerance..............................................................................478

RAID..............................................................................................480

Recovery Controls.........................................................................482

Security Assessments ..............................................................................483

Policy Reviews ...............................................................................484

Vulnerability Scanning ..................................................................484

Penetration Testing .......................................................................485

Operational Security Threats and Vulnerabilities.................................489

Common Attack Methodologies...................................................490

Attack Terms and Techniques .......................................................492

Exam Prep Questions .............................................................................494

Answers to Exam Prep Questions..........................................................497

Need to Know More?.............................................................................499

Chapter 12:

Practice Exam I ............................................................................501

Chapter 13:

Answers to Practice Exam I..............................................................515

Chapter 14:

Practice Exam II ...........................................................................531

Chapter 15:

Answers to Practice Exam II.............................................................545

Appendix A:

What’s on the CD ..........................................................................559

Index ........................................................................................563

More Information

Unlimited one-month access with your purchase
Free Safari Membership