CISSP® Exam Cram

CISSP® Exam Cram

CISSP® Exam Cram Fourth Edition Michael Gregg CISSP® Exam Cram, Fourth Edition Editor-in-Chief Copyright © 2017 by Pearson Education, Inc. Mark Taub All rights reserved. No part of this book shall be reproduced, stored in Product Line a retrieval system, or transmitted by any means, electronic, mechanical, Manager photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the Brett Bartow information contained herein. Although every precaution has been taken Acquisitions in the preparation of this book, the publisher and author assume no Editor responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. Michelle Newcomb ISBN-13: 978-0-7897-5553-7 Development Editor ISBN-10: 0-7897-5553-X Ellie C. Bru Library of Congress Control Number: 2016940474 Managing Editor Printed in the United States of America Sandra Schroeder First Printing: August 2016 Project Editor Trademarks Mandie Frank All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson cannot attest Copy Editor to the accuracy of this information. Use of a term in this book should not Larry Sulky be regarded as affecting the validity of any trademark or service mark. Indexer Warning and Disclaimer Every effort has been made to make this book as complete and as Lisa Stumpf accurate as possible, but no warranty or fitness is implied. The information Proofreader provided is on an “as is” basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to H.S. Rupa any loss or damages arising from the information contained in this book. Technical Editors Special Sales Chris Crayton For information about buying this title in bulk quantities, or for special sales Michael Angelo opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, Publishing or branding interests), please contact our corporate sales department at Coordinator [email protected] or (800) 382-3419. Vanessa Evans For government sales inquiries, please contact Page Layout [email protected]. codeMantra For questions about sales outside the U.S., please contact [email protected]. Contents at a Glance Introduction 1 CHAPTER 1 The CISSP Certification Exam 17 CHAPTER 2 Logical Asset Security 27 CHAPTER 3 Physical Asset Security 71 CHAPTER 4 Security and Risk Management 115 CHAPTER 5 Security Engineering 175 CHAPTER 6 The Application and Use of Cryptography 233 CHAPTER 7 Communications and Network Security 295 CHAPTER 8 Identity and Access Management 373 CHAPTER 9 Security Assessment and Testing 425 CHAPTER 10 Security Operations 491 CHAPTER 11 Software Development Security 541 CHAPTER 12 Business Continuity Planning 587 Practice Exam I 631 Answers to Practice Exam I 645 Practice Exam II 661 Answers to Practice Exam II 675 Glossary 691 Index 729 Table of Contents Introduction .............................................. 1 CHAPTER 1: The CISSP Certification Exam ................................ 17 Introduction ......................................... 18 Assessing Exam Readiness ................................ 18 Taking the Exam ...................................... 19 Examples of CISSP Test Questions .......................... 21 Answer to Multiple-Choice Question ........................ 23 Answer to Drag and Drop Question ......................... 23 Answer to Hotspot Question .............................. 23 Exam Strategy ........................................ 24 Question-Handling Strategies ............................. 25 Mastering the Inner Game ................................ 26 Need to Know More? ................................... 26 CHAPTER 2: Logical Asset Security ..................................... 27 Introduction ......................................... 28 Basic Security Principles ................................. 28 Data Management: Determine and Maintain Ownership ........... 30 Data Governance Policy ............................. 30 Roles and Responsibility ............................. 32 Data Ownership ................................... 33 Data Custodians ................................... 34 Data Documentation and Organization .................. 35 Data Warehousing ................................. 35 Data Mining ..................................... 35 Knowledge Management ............................. 36 Data Standards ........................................ 37 Data Lifecycle Control .............................. 37 Data Audit ....................................... 37 Data Storage and Archiving ........................... 38 Data Security, Protection, Sharing, and Dissemination ............. 41 Privacy Impact Assessment ........................... 42 Information Handling Requirements .................... 43 v Contents Data Retention and Destruction ........................ 44 Data Remanence and Decommissioning .................. 45 Classifying Information and Supporting Assets ................. 46 Data Classification ................................. 46 Asset Management and Governance ......................... 49 Software Licensing ................................ 50 Equipment Lifecycle ................................ 51 Determine Data Security Controls .......................... 52 Data at Rest ...................................... 52 Data in Transit .................................... 54 Endpoint Security ................................. 56 Baselines ........................................ 57 Laws, Standards, Mandates and Resources ..................... 58 United States Resources ............................. 60 International Resources .............................. 61 Exam Prep Questions ................................... 64 Answers to Exam Prep Questions ........................... 67 Need to Know More? ................................... 68 CHAPTER 3: Physical Asset Security ..................................... 71 Introduction ......................................... 72 Physical Security Risks .................................. 72 Natural Disasters .................................. 73 Man-Made Threats................................. 74 Technical Problems ................................ 75 Facility Concerns and Requirements ......................... 76 CPTED ........................................ 76 Area Concerns .................................... 77 Location ........................................ 78 Construction ..................................... 78 Doors, Walls, Windows, and Ceilings .................... 79 Asset Placement ................................... 82 Physical Port Controls .............................. 82 Perimeter Controls ..................................... 83 Fences ......................................... 83 Gates .......................................... 84 Bollards ........................................ 85 vi CISSP Exam Cram CCTV Cameras ................................... 87 Lighting ........................................ 88 Guards and Dogs .................................. 89 Locks .......................................... 89 Employee Access Control ................................ 94 Badges, Tokens, and Cards ............................ 94 Biometric Access Controls ............................ 96 Environmental Controls ................................. 98 Heating, Ventilating, and Air Conditioning ................ 98 Electrical Power ....................................... 99 Uninterruptible Power Supply .........................100 Equipment Life Cycle ...................................101 Fire Prevention, Detection, and Suppression ...................101 Fire-Detection Equipment ...........................102 Fire Suppression ..................................103 Alarm Systems ........................................106 Intrusion Detection Systems ..........................106 Monitoring and Detection ............................107 Exam Prep Questions ...................................109 Answers to Exam Prep Questions ...........................112 Suggested Reading and Resources ...........................113 CHAPTER 4: Security and Risk Management ...............................115 Introduction .........................................116 Security Governance ....................................116 Third-Party Governance .............................118 Organization Processes ..............................119 Protection of Intellectual Properly ..........................121 Privacy Laws and Protection of Personal Information .............121 Relevant Laws and Regulations ............................123 United States Legal System and Laws ........................123 International Legal Systems and Laws ........................124 Computer Crime and Hackers .............................125 Sexual Harassment .................................128 Risk Management Concepts ...............................128 Risk Management Frameworks ........................129 Risk Assessment ...................................130 vii Contents Countermeasure Selection ................................146 Develop and Implement Security Policy ......................149 Security Policy ....................................150 Standards .......................................152 Baselines ........................................152 Guidelines

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    138 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us