Cissp 7th edition shon harris pdf

All-In-One / CISSP All-in-One Exam Guide, Seventh Edition / Harris / 184927-0 / Front Matter Blind Folio i

ALL IN ONE

CISSP® E X A M G U I D E

Seventh Edition

Shon Harris Fernando Maymí

New York Chicago San Francisco Athens London Madrid Mexico City

Milan New Delhi Singapore Sydney Toronto

McGraw-Hill Education is an independent entity from (ISC)2® and is not affiliated with (ISC)2 in any manner. This study/ training guide and/or material is not sponsored by, endorsed by, or affiliated with (ISC)2 in any manner. This publication and CD may be used in assisting students to prepare for the CISSP exam. Neither (ISC)2 nor McGraw-Hill Education warrants that use of this publication and CD will ensure passing any exam. (ISC)2®, CISSP®, CAP®, ISSAP®, ISSEP®, ISSMP®, SSCP®, CCSP®, and CBK® are trademarks or registered trademarks of (ISC)2 in the United States and certain other countries. All other trademarks are trademarks of their respective owners.

00-FM.indd 1 14/04/16 10:24 AM

All-In-One / CISSP All-in-One Exam Guide, Seventh Edition / Harris / 184927-0 / Front Matter Blind Folio ii

McGraw-Hill Education books are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a representative, please visit the Contact Us pages at www.mhprofessional.com.

CISSP® All-in-One Exam Guide, Seventh Edition

Copyright © 2016 by McGraw-Hill Education. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

All trademarks or copyrights mentioned herein are the possession of their respective owners and McGraw-Hill Education makes no claim of ownership by the mention of products that contain these marks.

1 2 3 4 5 6 7 8 9 DOC 21 20 19 18 17 16

ISBN: Book p/n 978-0-07-184961-6 and CD p/n 978-0-07-184925-8 of set 978-0-07-184927-2

MHID: Book p/n 0-07-184961-0 and CD p/n 0-07-184925-4 of set 0-07-184927-0

Information has been obtained by McGraw-Hill Education from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill Education, or others, McGraw-Hill Education does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.

Sponsoring Editor Wendy Rinaldi

Editorial Supervisor Janet Walden

Project Manager Yashmita Hota, Cenveo® Publisher Services

Acquisitions Coordinator Amy Stonebraker

Technical Editor Jonathan Ham

Copy Editor William McManus

Proofreader Lisa McCoy

Indexer Karin Arrigoni

Production Supervisor James Kussow

Composition Cenveo Publisher Services

Illustration Cenveo Publisher Services

Art Director, Cover Jeff Weeks

Library of Congress Cataloging-in-Publication Data

Names: Harris, Shon, author. | Maymi, Fernando, author. Title: CISSP exam guide / Shon Harris, Fernando Maymi. Other titles: CISSP all-in-one exam guide Description: Seventh edition. | New York : McGraw-Hill Education, 2016. | Includes index. Identifiers: LCCN 2016017045 (print) | LCCN 2016017235 (ebook) | ISBN 9780071849272 (set : alk. paper) | ISBN 9780071849616 (book : alk. paper) | ISBN 9780071849258 (CD) | ISBN 0071849270 (set : alk. paper) | ISBN 0071849610 (book : alk. paper) | ISBN 0071849254 (CD) | ISBN 9780071849265 () Subjects: LCSH: Computer networks—Examinations—Study guides. | Telecommunications engineers—Certification. Classification: LCC TK5105.5 .H368 2016 (print) | LCC TK5105.5 (ebook) | DDC 005.8—dc23 LC record available at https://lccn.loc.gov/2016017045

00-FM.indd 2 14/04/16 5:04 PM

All-In-One / CISSP All-in-One Exam Guide, Seventh Edition / Harris / 184927-0 / Front Matter Blind Folio iii

We dedicate this book to all those who have served selflessly.

00-FM.indd 3 14/04/16 10:24 AM

All-In-One / CISSP All-in-One Exam Guide, Seventh Edition / Harris / 184927-0 / Front Matter Blind Folio iv

ABOUT THE AUTHORS Shon Harris, CISSP, was the founder and CEO of Shon Harris Security LLC and Logi- cal Security LLC, a security consultant, a former engineer in the Air Force’s Informa- tion Warfare unit, an instructor, and an author. Shon owned and ran her own training and consulting companies for 13 years prior to her death in 2014. She consulted with Fortune 100 corporations and government agencies on extensive security issues. She authored three best-selling CISSP books, was a contributing author to Gray Hat Hacking: The Ethical Hacker’s Handbook and Security Information and Event Management (SIEM) Implementation, and a technical editor for Information Security Magazine.

Fernando Maymí, Ph.D., CISSP, is a security practitioner with over 25 years’ experience in the field. He currently leads a multidisciplinary team charged with developing disruptive innovations for cyberspace operations as well as impactful pub- lic-private partnerships aimed at better securing cyberspace. Fernando has served as a consultant for both government and private-sector organizations in the United States and abroad. He has authored and taught dozens of courses and workshops in cyber security for academic, government, and professional audiences in the United States and Latin America. Fernando is the author of over a dozen publications and holds three

patents. His awards include the U.S. Department of the Army Research and Development Achievement Award and he was recognized as a HENAAC Luminary. He worked closely with Shon Harris, advising her on a multitude of projects, including the sixth edition of the CISSP All-in-One Exam Guide. Fernando is also a volunteer puppy raiser for Guiding Eyes for the Blind and has raised two guide dogs, Trinket and Virgo.

About the Contributor Bobby E. Rogers is an information security engineer working as a contractor for Depart- ment of Defense agencies, helping to secure, certify, and accredit their information sys- tems. His duties include information system security engineering, risk management, and certification and accreditation efforts. He retired after 21 years in the U.S. Air Force, serving as a network security engineer and instructor, and has secured networks all over the world. Bobby has a master’s degree in information assurance (IA) and is pursuing a doctoral degree in cybersecurity from Capitol Technology University in Maryland. His many certifications include CISSP-ISSEP, CEH, and MCSE: Security, as well as the CompTIA A+, Network+, Security+, and Mobility+ certifications.

00-FM.indd 4 14/04/16 10:24 AM

All-In-One / CISSP All-in-One Exam Guide, Seventh Edition / Harris / 184927-0 / Front Matter Blind Folio v

About the Technical Editor Jonathan Ham, CISSP, GSEC, GCIA, GCIH, is an independent consultant who specializes in large-scale enterprise security issues, from policy and procedure, through staffing and training, to scalable prevention, detection, and response technology and techniques. With a keen understanding of ROI and TCO, he has helped his clients achieve greater success for more than 12 years, advising in both the public and private sectors, from small upstarts to the Fortune 500. Jonathan has been commissioned to teach NCIS investigators how to use Snort, has performed packet analysis from a facil- ity more than 2,000 feet underground, and has chartered and trained the CIRT for one of the largest U.S. civilian federal agencies. He is a member of the GIAC Advisory Board and is a SANS instructor teaching their MGT414: SANS Training Program for CISSP Certification course. He is also co-author of Network Forensics: Tracking Hackers Through Cyberspace, a textbook published by Prentice-Hall.

00-FM.indd 5 14/04/16 10:24 AM

All-In-One / CISSP All-in-One Exam Guide, Seventh Edition / Harris / 184927-0 / Front Matter

vi

CONTENTS AT A GLANCE

Chapter 1 Security and Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Chapter 2 Asset Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Chapter 3 Security Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Chapter 4 Communication and Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477

Chapter 5 Identity and Access Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721

Chapter 6 Security Assessment and Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 859

Chapter 7 Security Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923

Chapter 8 Software Development Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1077

Appendix A Comprehensive Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1213

Appendix B About the CD-ROM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1269

Glossary ................................................................................................................ 1273