Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Issep stands for information systems security experienced professional. _________________________

20/12/2020 Client: saad24vbs Deadline: 3 days

CISSP® Certified Information Systems Security Professional Study Guide Seventh Edition


James Michael Stewart Mike Chapple Darril Gibson


Development Editor: Alexa Murphy Book Designers: Judy Fung and Bill Gibson


Technical Editors: David Seidl, Brian O'Hara, Paul Calatayud Proofreaders: Josh Chase, Sarah Kaikini and Louise Watson, Word One New YorkProduction Editor: Rebecca Anderson


Copy Editors: Elizabeth Welch, Linda Recktenwald Indexer: J & J Indexing


Editorial Manager: Mary Beth Wakefield Project Coordinator, Cover: Brent Savage


Production Manager: Kathleen Wisor Cover Designer: Wiley


Associate Publisher: Jim Minatel Cover Image: ©Getty Images Inc./Jeremy Woodhouse


Media Supervising Producer: Richard Graves


Copyright © 2015 by John Wiley & Sons, Inc., Indianapolis, Indiana


Published simultaneously in Canada


ISBN: 978-1-119-04271-6


ISBN: 978-1-119-04272-3 (ebk.)


ISBN: 978-1-119-04275-4 (ebk.)


No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748- 6008, or online at http://www.wiley.com/go/permissions.


Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.


For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.


Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com For more information about Wiley products, visit www.wiley.com.


Library of Congress Control Number: 2015948797


TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CISSP is a registered certification mark of (ISC)², Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.


Disclaimer: John Wiley and Sons, Inc., in association with (ISC)2, has prepared this study guide for general information


and for use as training for the Official (ISC)2 CISSP® CBK® and not as legal or operational advice. This is a study guide


only, and does not imply that any questions or topics from this study guide will appear on the actual (ISC)2 CISSP®


certification examination. The study guide was not prepared with writers or editors associated with developing the (ISC)2


CISSP certification examination. The study guide may contain errors and omissions. (ISC)2 does not guarantee a passing score on the exam or provide any assurance or guarantee relating to the use of this study guide and preparing for the


http://www.wiley.com/go/permissions

http://booksupport.wiley.com

http://www.wiley.com

(ISC)2 CISSP® certification examination.


The users of the Official CISSP: Certified Information Systems Security Professional Study Guide, Seventh Edition agree


that John Wiley and Sons, Inc.. and (ISC)2 are not liable for any indirect, special, incidental, or consequential damages up to and including negligence that may arise from use of these materials. Under no circumstances, including


negligence, shall John Wiley and Sons, Inc.or (ISC)2, its officers, directors, agents, author or anyone else involved in creating, producing or distributing these materials be liable for any direct, indirect, incidental, special or consequential damages that may result from the use of this study guide.


Whenever we look toward the future, we have to first look back and think about where we came from. Back in 1989, (ISC)2 was established by a handful of passionate volunteers who wanted to create a set of standards for a new concept, not yet a full-fledged career field, called information security. In the minds of those volunteers, having the initial 500 applicants sign up to take the Certified Information Systems Security Professional (CISSP®) exam was considered quite a success. Little did they imagine that 26 years later, not only would those 500 applicants grow to a cadre of 100,000 CISSP credential holders across more than 160 countries, the CISSP would also become recognized as the standard certification for the information security industry.


Advancements in technology bring about the need for updates, and we work tirelessly to ensure that our content is always relevant to the industry. As the information security industry continues to transition, and cybersecurity becomes a global focus, the CISSP Common Body of Knowledge (CBK) is even more relevant to today's challenges.


The new (ISC)² CISSP Study Guide is part of a concerted effort to enhance and increase our education and training offerings. The CISSP Study Guide reflects the most relevant topics in our ever-changing field and is a learning tool for (ISC)² certification exam candidates. It provides a comprehensive study guide to the eight CISSP domains and the most current topics in the industry.


If you are on the path to getting certified, you have no doubt heard of the (ISC)2 Official Guides to the CBK. While our Official Guides to the CBK are the authoritative references to the Common Body of Knowledge, the new study guides are learning tools focused on educating the reader in preparation for exams. As an ANSI accredited certification body under the ISO/IEC 17024 standard, (ISC)² does not teach the CISSP exam. Rather, we strive to generate or endorse content that teaches the CISSP's CBK. Candidates who have a strong understanding of the CBK are best prepared for success with the exam and within the profession.


(ISC)2 is also breaking new ground by partnering with Wiley, a recognized industry leading brand. Developing a partnership with renowned content provider Wiley allows (ISC)2 to grow its offerings on the scale required to keep our content fresh and aligned with the constantly changing environment. The power of combining the expertise of our two organizations benefits certification candidates and the industry alike.


I look forward to your feedback on the (ISC)2 CISSP Study Guide. Congratulations on


taking the first step toward earning the certification that SC Magazine named “Best Professional Certification Program.” Good luck with your studies!


Best Regards,


David P. Shearer, CISSP, PMP


CEO


(ISC)2


To Cathy, your perspective on the world and life often surprises me, challenges me, and makes me love you even more.


—James Michael Stewart


To Dewitt Latimer, my mentor, friend, and colleague. I miss you dearly.


—Mike Chapple


To Nimfa: Thanks for sharing your life with me for the past 23 years and letting me share mine with you.


—Darril Gibson


Acknowledgments I’d like to express my thanks to Sybex for continuing to support this project. Thanks to Mike Chapple and Darril Gibson for continuing to contribute to this project. Thanks also to all my CISSP course students who have provided their insight and input to improve my training courseware and ultimately this tome. Extra thanks to the seventh edition developmental editor, Alexa Murphy, and technical editor, David Seidl, who performed amazing feats in guiding us to improve this book. Thanks as well to my agent, Carole Jelen, for continuing to assist in nailing down these projects.


To my adoring wife, Cathy: Building a life and a family together has been more wonderful than I could have ever imagined. To Slayde and Remi: You are growing up so fast and learning at an outstanding pace, and you continue to delight and impress me daily. You are both growing into amazing individuals. To my mom, Johnnie: It is wonderful to have you close by. To Mark: No matter how much time has passed or how little we see each other, I have been and always will be your friend. And finally, as always, to Elvis: You were way ahead of the current bacon obsession, with your peanut butter-banana-bacon sandwich; I think that’s proof you traveled through time!


—James Michael Stewart


Special thanks go to the information security team at the University of Notre Dame, who provided hours of interesting conversation and debate on security issues that inspired and informed much of the material in this book.


I would like to thank the team at Wiley who provided invaluable assistance throughout the book development process. I also owe a debt of gratitude to my literary agent, Carole Jelen of Waterside Productions. My coauthors, James Michael Stewart and Darril Gibson, were great collaborators. David Seidl, our diligent and knowledgeable technical editor, provided valuable insight as we brought this edition to press.


I’d also like to thank the many people who participated in the production of this book but whom I never had the chance to meet: the graphics team, the production staff, and all of those involved in bringing this book to press.


—Mike Chapple


Thanks to Carol Long and Carole Jelen for helping get this update in place before (ISC)2 released the objectives. This helped us get a head start on this new edition and we appreciate your efforts. It’s been a pleasure working with talented people like James Michael Stewart and Mike Chapple. Thanks to both of you for all your work and collaborative efforts on this project. The technical editor, Dave Seidl, provided us with some outstanding feedback and this book is better because of his efforts. Thanks again, David. Last, thanks to the team at Sybex (including project managers, editors, and


graphics artists) for all the work you did helping us get this book to print.


—Darril Gibson


About the Authors James Michael Stewart, CISSP, has been writing and training for more than 20 years, with a current focus on security. He has been teaching CISSP training courses since 2002, not to mention other courses on Internet security and ethical hacking/penetration testing. He is the author of and contributor to more than 75 books and numerous courseware sets on security certification, Microsoft topics, and network administration. More information about Michael can be found at his website:www.impactonline.com.


Mike Chapple, CISSP, Ph.D., is Senior Director for IT Service Delivery at the University of Notre Dame. In the past, he was chief information officer of Brand Institute and an information security researcher with the National Security Agency and the U.S. Air Force. His primary areas of expertise include network intrusion detection and access controls. Mike is a frequent contributor to TechTarget’s SearchSecurity site and the author of more than 25 books including CompTIA Security+ Training Kit and Information Security Illuminated. Mike can be found on Twitter @mchapple.


Darril Gibson, CISSP, is the CEO of YCDA, LLC (short for You Can Do Anything) and he has authored or coauthored more than 35 books. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications. He regularly posts blog articles at http://blogs.getcertifiedgetahead.com/ about certification topics and uses that site to help people stay abreast of changes in certification exams. He loves hearing from readers, especially when they pass an exam after using one of his books, and you can contact him through the blogging site.


http:// www.impactonline.com

http://blogs.getcertifiedgetahead.com/

Contents Introduction Assessment Test Chapter 1 Security Governance Through Principles and Policies


Understand and Apply Concepts of Confidentiality, Integrity, and Availability Apply Security Governance Principles Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines Understand and Apply Threat Modeling Integrate Security Risk Considerations into Acquisition Strategy and Practice Summary Exam Essentials Written Lab Review Questions


Chapter 2 Personnel Security and Risk Management Concepts Contribute to Personnel Security Policies Security Governance Understand and Apply Risk Management Concepts Establish and Manage Information Security Education, Training, and Awareness Manage the Security Function Summary Exam Essentials Written Lab Review Questions


Chapter 3 Business Continuity Planning Planning for Business Continuity Project Scope and Planning Business Impact Assessment Continuity Planning BCP Documentation Summary Exam Essentials Written Lab Review Questions


kindle:embed:0007?mime=image/jpg

Chapter 4 Laws, Regulations, and Compliance Categories of Laws Laws Compliance Contracting and Procurement Summary Exam Essentials Written Lab Review Questions


Chapter 5 Protecting Security of Assets Classifying and Labeling Assets Identifying Data Roles Protecting Privacy Summary Exam Essentials Written Lab Review Questions


Chapter 6 Cryptography and Symmetric Key Algorithms Historical Milestones in Cryptography Cryptographic Basics Modern Cryptography Symmetric Cryptography Cryptographic Life Cycle Summary Exam Essentials Written Lab Review Questions


Chapter 7 PKI and Cryptographic Applications Asymmetric Cryptography Hash Functions Digital Signatures Public Key Infrastructure Asymmetric Key Management Applied Cryptography Cryptographic Attacks


Summary Exam Essentials Written Lab Review Questions


Chapter 8 Principles of Security Models, Design, and Capabilities Implement and Manage Engineering Processes Using Secure Design Principles Understand the Fundamental Concepts of Security Models Select Controls and Countermeasures Based on Systems Security Evaluation Models Understand Security Capabilities of Information Systems Summary Exam Essentials Written Lab Review Questions


Chapter 9 Security Vulnerabilities, Threats, and Countermeasures Assess and Mitigate Security Vulnerabilities Client-Based Server-Based Database Security Distributed Systems Industrial Control Systems Assess and Mitigate Vulnerabilities in Web-Based Systems Assess and Mitigate Vulnerabilities in Mobile Systems Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems Essential Security Protection Mechanisms Common Architecture Flaws and Security Issues Summary Exam Essentials Written Lab Review Questions


Chapter 10 Physical Security Requirements Apply Secure Principles to Site and Facility Design Design and Implement Physical Security Implement and Manage Physical Security


Summary Exam Essentials Written Lab Review Questions


Chapter 11 Secure Network Architecture and Securing Network Components OSI Model TCP/IP Model Converged Protocols Wireless Networks General Wi-Fi Security Procedure Cabling, Wireless, Topology, and Communications Technology Summary Exam Essentials Written Lab Review Questions


Chapter 12 Secure Communications and Network Attacks Network and Protocol Security Mechanisms Secure Voice Communications Multimedia Collaboration Manage Email Security Remote Access Security Management Virtual Private Network Virtualization Network Address Translation Switching Technologies WAN Technologies Miscellaneous Security Control Characteristics Security Boundaries Prevent or Mitigate Network Attacks Summary Exam Essentials Written Lab Review Questions


Chapter 13 Managing Identity and Authentication Controlling Access to Assets


Comparing Identification and Authentication Implementing Identity Management Managing the Identity and Access Provisioning Life Cycle Summary Exam Essentials Written Lab Review Questions


Chapter 14 Controlling and Monitoring Access Comparing Access Control Models Understanding Access Control Attacks Summary Exam Essentials Written Lab Review Questions


Chapter 15 Security Assessment and Testing Building a Security Assessment and Testing Program Performing Vulnerability Assessments Testing Your Software Implementing Security Management Processes Summary Exam Essentials Written Lab Review Questions


Chapter 16 Managing Security Operations Applying Security Operations Concepts Provisioning and Managing Resources Managing Configuration Managing Change Managing Patches and Reducing Vulnerabilities Summary Exam Essentials Written Lab Review Questions


Chapter 17 Preventing and Responding to Incidents Managing Incident Response


Implementing Preventive Measures Logging, Monitoring, and Auditing Summary Exam Essentials Written Lab Review Questions


Chapter 18 Disaster Recovery Planning The Nature of Disaster Understand System Resilience and Fault Tolerance Recovery Strategy Recovery Plan Development Training, Awareness, and Documentation Testing and Maintenance Summary Exam Essentials Written Lab Review Questions


Chapter 19 Incidents and Ethics Investigations Major Categories of Computer Crime Incident Handling Ethics Summary Exam Essentials Written Lab Review Questions


Chapter 20 Software Development Security Introducing Systems Development Controls Establishing Databases and Data Warehousing Storing Data and Information Understanding Knowledge-Based Systems Summary Exam Essentials Written Lab Review Questions


Chapter 21 Malicious Code and Application Attacks Malicious Code Password Attacks Application Attacks Web Application Security Reconnaissance Attacks Masquerading Attacks Summary Exam Essentials Written Lab Review Questions


Appendix A Answers to Review Questions Chapter 1: Security Governance Through Principles and Policies Chapter 2: Personnel Security and Risk Management Concepts Chapter 3: Business Continuity Planning Chapter 4: Laws, Regulations, and Compliance Chapter 5: Protecting Security of Assets Chapter 6: Cryptography and Symmetric Key Algorithms Chapter 7: PKI and Cryptographic Applications Chapter 8: Principles of Security Models, Design, and Capabilities Chapter 9: Security Vulnerabilities, Threats, and Countermeasures Chapter 10: Physical Security Requirements Chapter 11: Secure Network Architecture and Securing Network Components Chapter 12: Secure Communications and Network Attacks Chapter 13: Managing Identity and Authentication Chapter 14: Controlling and Monitoring Access Chapter 15: Security Assessment and Testing Chapter 16: Managing Security Operations Chapter 17: Preventing and Responding to Incidents Chapter 18: Disaster Recovery Planning Chapter 19: Incidents and Ethics Chapter 20: Software Development Security Chapter 21: Malicious Code and Application Attacks


Appendix B Answers to Written Labs Chapter 1: Security Governance Through Principles and Policies


Chapter 2: Personnel Security and Risk Management Concepts Chapter 3: Business Continuity Planning Chapter 4: Laws, Regulations, and Compliance Chapter 5: Protecting Security of Assets Chapter 6: Cryptography and Symmetric Key Algorithms Chapter 7: PKI and Cryptographic Applications Chapter 8: Principles of Security Models, Design, and Capabilities Chapter 9: Security Vulnerabilities, Threats, and Countermeasures Chapter 10: Physical Security Requirements Chapter 11: Secure Network Architecture and Securing Network Components Chapter 12: Secure Communications and Network Attacks Chapter 13: Managing Identity and Authentication Chapter 14: Controlling and Monitoring Access Chapter 15: Security Assessment and Testing Chapter 16: Managing Security Operations Chapter 17: Preventing and Responding to Incidents Chapter 18: Disaster Recovery Planning Chapter 19: Incidents and Ethics Chapter 20: Software Development Security Chapter 21: Malicious Code and Application Attacks


Appendix C About the Additional Study Tools Additional Study Tools System Requirements Using the Study Tools Troubleshooting


Comprehensive Online Learning Environment EULA


List of Tables Chapter 2


Table 2.1


Table 2.2


Chapter 5


Table 5.1


Table 5.2


Chapter 6


Table 6.1


Table 6.2


Chapter 7


Table 7.1


Chapter 8


Table 8.1


Table 8.2


Table 8.3


Table 8.4


Chapter 9


Table 9.1


Chapter 10


Table 10.1


Table 10.2


Chapter 11


Table 11.1


Table 11.2


Table 11.3


Table 11.4


Table 11.5


Table 11.6


Table 11.7


Table 11.8


Table 11.9


Chapter 12


Table 12.1


Table 12.2


Table 12.3


Chapter 18


Table 18.1


List of Illustrations Chapter 1


Figure 1.1 The CIA Triad


Figure 1.2 The five elements of AAA services


Figure 1.3 Strategic, tactical, and operational plan timeline comparison


Figure 1.4 Levels of government/military classification


Figure 1.5 Commercial business/private sector classification levels


Figure 1.6 The comparative relationships of security policy components


Figure 1.7 An example of diagramming to reveal threat concerns


Chapter 2


Figure 2.1 An example of separation of duties related to five admin tasks and seven administrators


Figure 2.2 An example of job rotation among management positions


Figure 2.3 Ex-employees must return all company property.


Figure 2.4 The elements of risk


Figure 2.5 The six major elements of quantitative risk analysis


Figure 2.6 The categories of security controls in a defense-in-depth implementation


Figure 2.7 The six steps of the risk management framework


Chapter 3


Figure 3.1 Earthquake hazard map of the United States


Chapter 5


Figure 5.1 Data classifications


Figure 5.2 Clearing a hard drive


Chapter 6


Figure 6.1 Challenge-response authentication protocol


Figure 6.2 The magic door


Figure 6.3 Symmetric key cryptography


Figure 6.4 Asymmetric key cryptography


Chapter 7


Figure 7.1 Asymmetric key cryptography


Figure 7.2 Steganography tool


Figure 7.3 Image with embedded message


Chapter 8


Figure 8.1 The TCB, security perimeter, and reference monitor


Figure 8.2 The Take Grant model’s directed graph


Figure 8.3 The Bell-LaPadula model


Figure 8.4 The Biba model


Figure 8.5 The Clark-Wilson model


Figure 8.6 The levels of TCSEC


Chapter 9


Figure 9.1 In the commonly used four-ring model, protection rings segregate the operating system into kernel, components, and drivers in rings 0 through 2 and applications and programs run at ring 3.


Figure 9.2 The process scheduler


Chapter 10


Figure 10.1 A typical wiring closet


Figure 10.2 The fire triangle


Figure 10.3 The four primary stages of fire


Figure 10.4 A secure physical boundary with a mantrap and a turnstile


Chapter 11


Figure 11.1 Representation of the OSI model


Figure 11.2 Representation of OSI model encapsulation


Figure 11.3 Representation of the OSI model peer layer logical channels


Figure 11.4 OSI model data names


Figure 11.5 Comparing the OSI model with the TCP/IP model


Figure 11.6 The four layers of TCP/IP and its component protocols


Figure 11.7 The TCP three-way handshake


Figure 11.8 Single-, two-, and three-tier firewall deployment architectures


Figure 11.9 A ring topology


Figure 11.10 A linear bus topology and a tree bus topology


Figure 11.11 A star topology


Figure 11.12 A mesh topology


Chapter 13


Figure 13.1 Graph of FRR and FAR errors indicating the CER point


Chapter 14


Figure 14.1 Defense in depth with layered security


Figure 14.2 Role-based access controls


Figure 14.3 A representation of the boundaries provided by lattice-based access controls


Figure 14.4 Wireshark capture


Chapter 15


Figure 15.1 Nmap scan of a web server run from a Linux system


Figure 15.2 Default Apache server page running on the server scanned in Figure 15.1


Figure 15.3 Nmap scan of a large network run from a Mac system using the Terminal utility


Figure 15.4 Network vulnerability scan of the same web server that was port scanned in Figure 15.1


Figure 15.5 Web application vulnerability scan of the same web server that was port scanned in Figure 15.1 and network vulnerability scanned in Figure 15.4


Figure 15.6 The Metasploit automated system exploitation tool allows attackers to quickly execute common attacks against target systems.


Figure 15.7 Fagan inspections follow a rigid formal process, with defined entry and exit criteria that must be met before transitioning between stages.


Figure 15.8 Prefuzzing input file containing a series of 1s


Figure 15.9 :The input file from Figure 15.8 after being run through the zzuf mutation fuzzing tool


Chapter 16


Figure 16.1 A segregation of duties control matrix


Figure 16.2 Creating and deploying images


Figure 16.3 Web server and database server


Chapter 17


Figure 17.1 Incident response


Figure 17.2 SYN flood attack


Figure 17.3 A man-in-the-middle attack


Figure 17.4 Intrusion prevention system


Figure 17.5 Viewing a log entry


Chapter 18


Figure 18.1 Flood hazard map for Miami–Dade County, Florida


Figure 18.2 Failover cluster with network load balancing


Chapter 20


Figure 20.1 Security vs. user-friendliness vs. functionality


Figure 20.2 The waterfall life cycle model


Figure 20.3 The spiral life cycle model


Figure 20.4 The IDEAL model


Figure 20.5 Gantt chart


Figure 20.6 The DevOps model


Figure 20.7 Hierarchical data model


Figure 20.8 Customers table from a relational database


Figure 20.9 ODBC as the interface between applications and a backend database system


Chapter 21


Figure 21.1 Typical database-driven website architecture


Introduction The CISSP: Certified Information Systems Security Professional Study Guide, Seventh Edition, offers you a solid foundation for the Certified Information Systems Security Professional (CISSP) exam. By purchasing this book, you’ve shown a willingness to learn and a desire to develop the skills you need to achieve this certification. This introduction provides you with a basic overview of this book and the CISSP exam.


This book is designed for readers and students who want to study for the CISSP certification exam. If your goal is to become a certified security professional, then the CISSP certification and this study guide are for you. The purpose of this book is to adequately prepare you to take the CISSP exam.


Before you dive into this book, you need to have accomplished a few tasks on your own. You need to have a general understanding of IT and of security. You should have the necessary five years of full-time paid work experience (or four years if you have a college degree) in two or more of the eight domains covered by the CISSP exam. If you are qualified to take the CISSP exam according to (ISC)2, then you are sufficiently prepared to use this book to study for it. For more information on (ISC)2, see the next section.


(ISC)2


The CISSP exam is governed by the International Information Systems Security Certification Consortium (ISC)2. (ISC)2 is a global not-for-profit organization. It has four primary mission goals:


Maintain the Common Body of Knowledge (CBK) for the field of information systems security.


Provide certification for information systems security professionals and practitioners.


Conduct certification training and administer the certification exams.


Oversee the ongoing accreditation of qualified certification candidates through continued education.


The (ISC)2 is operated by a board of directors elected from the ranks of its certified practitioners.


(ISC)2 supports and provides a wide variety of certifications, including CISSP, SSCP, CAP, CSSLP, CCFP, HCISPP, and CCSP. These certifications are designed to verify the knowledge and skills of IT security professionals across all industries. You can obtain more information about (ISC)2 and its other certifications from its website at www.isc2.org.


The Certified Information Systems Security Professional (CISSP) credential is for security professionals responsible for designing and maintaining security infrastructure within an


http://www.isc2.org

organization.


Topical Domains The CISSP certification covers material from the eight topical domains. These eight domains are as follows:


Security and Risk Management


Asset Security


Security Engineering


Communication and Network Security


Identity and Access Management


Security Assessment and Testing


Security Operations


Software Development Security


These eight domains provide a vendor-independent overview of a common security framework. This framework is the basis for a discussion on security practices that can be supported in all type of organizations worldwide.


The topical domains underwent a major revision as of April 2015. The domains were reduced from ten to eight, and many topics and concepts were re-organized. For a complete view of the breadth of topics covered on the CISSP exam from these eight new domain groupings, visit the (ISC)2 website at www.isc2.org to request a copy of the Candidate Information Bulletin. This document includes a complete exam outline as well as other relevant facts about the certification.


Prequalifications (ISC)2 has defined the qualification requirements you must meet to become a CISSP. First, you must be a practicing security professional with at least five years’ full-time paid work experience or with four years’ experience and a recent IT or IS degree. Professional experience is defined as security work performed for salary or commission within two or more of the eight CBK domains.


Second, you must agree to adhere to a formal code of ethics. The CISSP Code of Ethics is a set of guidelines the (ISC)2 wants all CISSP candidates to follow to maintain professionalism in the field of information systems security. You can find it in the Information section on the (ISC)2 website at www.isc2.org.


(ISC)2 also offers an entry program known as an Associate of (ISC)2. This program allows someone without any or enough experience to qualify as a CISSP to take the CISSP exam anyway and then obtain experience afterward. Associates are granted six years to obtain


http://www.isc2.org

http://www.isc2.org

five years’ of security experience. Only after providing proof of such experience, usually by means of endorsement and a resume, can the individual be awarded CISSP certification.


Overview of the CISSP Exam The CISSP exam focuses on security from a 30,000-foot view; it deals more with theory and concept than implementation and procedure. It is very broad but not very deep. To successfully complete this exam, you’ll need to be familiar with every domain but not necessarily be a master of each domain.


The CISSP exam consists of 250 questions, and you have six hours to complete it. The exam can be taken in PBT (paper-based test) form or in CBT (computer-based test) form. You’ll need to register for the exam through the (ISC)2 website at www.isc2.org for the PBT form or at www.pearsonvue.com/isc2 for the CBT form. The CBT form of the exam is administered at a Pearson Vue testing facility (www.pearsonvue.com/isc2).


The PBT form of the exam is administered using a paper booklet and answer sheet. This means you’ll be using a pencil to fill in answer bubbles. If you take a PBT exam, be sure to arrive at the testing center around 8 a.m., and keep in mind that absolutely no one will be admitted into the exam after 8:30 a.m. Once all test takers are signed in and seated, the exam proctors will pass out the testing materials and read a few pages of instructions. This may take 30 minutes or more. Once that process is finished, the six-hour window for taking the test will begin.


CISSP Exam Question Types Most of the questions on the CISSP exam are four-option, multiple-choice questions with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response. Here’s an example:


1. What is the most important goal and top priority of a security solution?


A. Preventing disclosure


B. Maintaining integrity


C. Maintaining human safety


D. Sustaining availability


You must select the one correct or best answer and mark it on your answer sheet. In some cases, the correct answer will be very obvious to you. In other cases, several answers may seem correct. In these instances, you must choose the best answer for the question asked. Watch for general, specific, universal, superset, and subset answer selections. In other cases, none of the answers will seem correct. In these instances, you’ll need to select the


http://www.isc2.org

http://www.pearsonvue.com/isc2

http://www.pearsonvue.com/isc2

least incorrect answer.


By the way, the correct answer for this sample question is C. Maintaining human safety is always your first priority.


In addition to the standard multiple-choice question format, ISC2 has added in a few new question formats. These include drag-and-drop and hotspot questions. The drag-and-drop questions require the test taker to move labels or icons to mark items on an image. The hotspot questions require the test taker to pinpoint a location on an image with a cross- hair marker. Both of these question concepts are easy to work with and understand, but be careful about your accuracy of dropping or marking.


To see live examples of these new question types, access the Exam Outline: Candidate Information Bulletin. In a later section titled “Sample Exam Questions,” a URL is provided that leads to a tutorial of these question formats.


Advice on Taking the Exam The CISSP exam consists of two key elements. First, you need to know the material from the eight domains. Second, you must have good test-taking skills. With six hours to complete a 250-question exam, you have just less than 90 seconds for each question. Thus, it is important to work quickly, without rushing but also without wasting time.


One key factor to remember is that guessing is better than not answering a question. If you don’t answer a question, you will not get any credit. But if you guess, you have at least a chance of improving your score. Wrong answers are not counted against you. So, near the end of the sixth hour, be sure you’ve selected an answer for every question.

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

University Coursework Help
Helping Hand
Top Essay Tutor
Writer Writer Name Offer Chat
University Coursework Help

ONLINE

University Coursework Help

Hi dear, I am ready to do your homework in a reasonable price.

$62 Chat With Writer
Helping Hand

ONLINE

Helping Hand

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$60 Chat With Writer
Top Essay Tutor

ONLINE

Top Essay Tutor

I have more than 12 years of experience in managing online classes, exams, and quizzes on different websites like; Connect, McGraw-Hill, and Blackboard. I always provide a guarantee to my clients for their grades.

$65 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Nurs495prompt - 1119 ashford ln mansfield tx 76063 - Industrial revolution and romanticism - Staff code of conduct policy child care - Wendy Lewis 1 - 9781133943556 - Pearson mastering health and nutrition - Internation 5 ok - Budget pro forma excel - How to write up descriptive statistics - Stewart fleming primary school - Five characteristics of human service professionals - Sarbance - Exam questions - 2 parts - Risk assessment on Acme Enterprise - When did the first african american attend the citadel - Art Creation & Reflection – Photography/Cinema - FIN/571: Corporate Finance - Blake ward wythenshawe hospital - Middle road media case study - What is the difference between xml and html - Community bursing - Chapter 18 section 2 reteaching activity the spanish american war - Heinz case study solution wacc - Anaerobic catabolism of glucose - Final wk 6 - Herofication - Final Project - Hale and pace proclaimers - Peter drucker 5 questions - What is training ppt - Est quickstart qs1 data sheet - The tale of chunhyang moral lesson - Typical cross section of flexible pavement - 4 month old well child soap note - Lumo energy my account - Oxford brookes induction week - Grand corporation reported pretax book income of - Total rewards communication plan template - Vibrational rotational spectra of hcl and dcl lab report - Health promotion model manual - Bordin bros hatton vale - Ethics policies typically cover all of the following issues except - Are police officers public servants - Screened bottom board plans - Vertical translation of a parabola - Dennis rader paula dietz - Educational experience pty ltd - How to make stethoscope with paper cup and plastic tube - The inside story of how the iphone crippled blackberry - Valspar primer and sealer - Report SEC 10-K - Module 04 Discussion - The Employer's View - Nursing reasrch-article crtique -article on attachment file - Product life cycle assignment - An Organization’s Story and Change Lessons week 2 mgmt - Programming language design principles - Endothermic and exothermic reactions lab worksheet - Learning intention success criteria - Standards and testing agency - Essay - Effect of acid rain on seed germination lab report - Re k factors family law - Line of best fit algebra 1 - Monash exam period semester 2 - Perioki - Financial management theory and practice 16th edition - Basswood Furniture Project: - Borneol nmr - Insights Into Criminal Behavior - Structural Analysis - Gbp usd forward rates bloomberg - Statistics assignment examples - Habits of mind of academic writers - HEALTHCARE- ASSOCIATED INFECTIONS - Griffith university health clinic - Pgem t vector sequence - 17 25 in 12 hour clock - SOCW 6361 - Facts about great ocean road - The literary analysis - Chestnut hill hospital volunteer - Knowledge function of attitude examples - Aqa physics formula sheet - Artificial Intelligence and morals - 8 pages in Counseling - Calcium content in milk experiment - Lehman brothers case study answers - Marketing mix of louis vuitton - When the tulip bubble burst ielts - Epass nt schools net - Silicon labs cp210x driver - Data nugget gene expression in stem cells quizlet - Technical Writing in Criminal Justice - Chapter 2.2 - PSY 361 - 4 - Casa domani chantilly lace - Industrial adhesives pvt ltd - Ccna 4 chapter 6 - Constant growth dividend valuation model calculator