rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9780137419555

CISSP Exam Cram

by
  • ISBN13:

    9780137419555

  • ISBN10:

    0137419554

  • Format: Paperback
  • Copyright: 2021-07-05
  • Publisher: Pearson Technology Group

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
  • Complimentary 7-Day eTextbook Access - Read more
    When you rent or buy this book, you will receive complimentary 7-day online access to the eTextbook version from your PC, Mac, tablet, or smartphone. Feature not included on Marketplace Items.
List Price: $49.99 Save up to $12.50
  • Buy Used
    $37.49
    Add to Cart Free Shipping Icon Free Shipping

    USUALLY SHIPS IN 2-4 BUSINESS DAYS

    7-Day eTextbook Access 7-Day eTextbook Access

Summary

CISSP Exam Cram, Fifth Edition is the perfect study guide to help you pass the latest update to the eight-domain version of the CISSP exam. It offers knowledge and practice questions for every exam topic, with new coverage of asset retention, secure provisioning, crypto attacks, machine learning tools, threat hunting, risk-based access control, zero trust, SAML, SOAR, CASB, securing microservices, containers, managed services, and more.


Covers the critical information you’ll need to score higher on your CISSP exam!


  • Understand Security & Risk Management: ethics, security concepts, governance, compliance, law/regulation, policies/procedures, threat models, supply chain risk, awareness training, and more
  • Ensure Secure Assets: identify/classify information and assets; handling requirements, resource provisioning, data lifecycles, retention
  • Review Security Architecture & Engineering: secure processes and principles, security models and controls, system capabilities, vulnerability assessment/mitigation, crypto attacks/solutions, site/facility design and controls
  • Improve Communication & Network Security: secure network architectures, components, and channels
  • Strengthen Identity & Access Management (IAM): physical/logical access control, identification, authentication, federated identity services, authorization, identity/access provisioning
  • Enhance Security Assessment & Testing: design/validate assessment, test, and audit strategies; test controls; collect process data; evaluate and report test results; conduct or support audits
  • Manage Security Operations: investigations, logs, monitoring, resource protection, incident management, detection/prevention; configuration, patches, vulnerabilities, and change
  • management; DR/BC, physical and personnel security, and more

Author Biography

Michael Gregg has more than 20 years of experience in information security and risk management. He holds two associate’s degrees, a bachelor’s degree, and a master’s degree. Some of the certifications he holds include CISSP, SSCP, MCSE, CTT+, A+, N+, Security+, CASP, CCNA, GSEC, CEH, CHFI, CEI, CISA, CISM, and CGEIT.


In addition to his experience performing security management, audits, and assessments, Gregg has authored or coauthored more than 25 books, including Certified Ethical Hacker Exam Prep (Que), CISSP Exam Cram 2 (Que), and Security Administrator Street Smarts (Sybex). He has testified before the U.S. Congress, his articles have been published on IT websites, and he has been sourced as an industry expert for CBS, ABC, CNN, Fox News, and the New York Times. He has created more than 15 security-related courses and training classes for various companies and universities. Although leading, building, and managing security programs is where he spends the bulk of his time, contributing to the written body of IT security knowledge is how Michael believes he can give something back to the community that has given him so much.

Table of Contents

   Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

CHAPTER 1: The CISSP Certification Exam. . . . . . . . . . . . . . . . . . . . 19

   Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

   Assessing Exam Readiness.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

   Exam Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

   Taking the Exam. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

   Examples of CISSP Test Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . 24

   Answer to Multiple-Choice Question.. . . . . . . . . . . . . . . . . . . . . . . . 26

   Answer to Drag and Drop Question.. . . . . . . . . . . . . . . . . . . . . . . . . 26

   Answer to Hotspot Question.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

   Question-Handling Strategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

   Mastering the Inner Game.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

   Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

CHAPTER 2: Understanding Asset Security . . . . . . . . . . . . . . . . . . . . 29

   Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

   Basic Security Principles.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

   Data Management: Determining and Maintaining Ownership.. . . . . . . 32

   Data Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

   Data Security, Protection, Sharing, and Dissemination.. . . . . . . . . . . . . 42

   Classifying Information and Supporting Asset Classification.. . . . . . . . . 47

   Asset Management and Governance.. . . . . . . . . . . . . . . . . . . . . . . . . 51

   Determining Data Security Controls.. . . . . . . . . . . . . . . . . . . . . . . . . 55

   Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

   Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 66

   Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

CHAPTER 3: Security and Risk Management... . . . . . . . . . . . . . . . . . 69

   Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

   Security Governance.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

   U.S. Legal System and Laws. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

   International Legal Systems and Laws.. . . . . . . . . . . . . . . . . . . . . . . . 72

   Global Legal and Regulatory Issues. . . . . . . . . . . . . . . . . . . . . . . . . . 74

   Risk Management Concepts.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

   Selecting Countermeasures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

   Threat Modeling Concepts and Methodologies. . . . . . . . . . . . . . . . . . 107

   Managing Risk with the Supply Chain and Third Parties.. . . . . . . . . . . 110

   Identifying and Prioritizing Business Continuity

   Requirements Based on Risk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

   Developing and Implementing Security Policy.. . . . . . . . . . . . . . . . . . 123

   Types of Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

   Implementing Personnel Security.. . . . . . . . . . . . . . . . . . . . . . . . . . . 130

   Security Education, Training, and Awareness.. . . . . . . . . . . . . . . . . . . 134

   Professional Ethics Training and Awareness.. . . . . . . . . . . . . . . . . . . . 137

   Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

   Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 148

   Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

CHAPTER 4: Security Architecture and Engineering.. . . . . . . . . . . . . . 151

   Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

   Secure Design Guidelines and Governance Principles.. . . . . . . . . . . . . 152

   Fundamental Concepts of Security Models. . . . . . . . . . . . . . . . . . . . . 158

   Security Architecture.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

   Common Formal Security Models. . . . . . . . . . . . . . . . . . . . . . . . . . . 179

   Product Security Evaluation Models.. . . . . . . . . . . . . . . . . . . . . . . . . 189

   System Validation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

   Vulnerabilities of Security Architectures. . . . . . . . . . . . . . . . . . . . . . . 195

   Cryptography.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

   Algorithms.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

   Cipher Types and Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

   Symmetric Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

   Asymmetric Encryption.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

   Hybrid Encryption.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

   Public Key Infrastructure and Key Management.. . . . . . . . . . . . . . . . . 225

   Integrity and Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

   Cryptographic Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

   Site and Facility Security Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . 240

   Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

   Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 246

   Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

CHAPTER 5: Communications and Network Security . . . . . . . . . . . . . 249

   Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

   Secure Network Design.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

   Network Models and Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

   TCP/IP.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

   LANs and Their Components.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

   Communication Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

   Network Equipment.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

   Routing.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

   WANs and Their Components.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

   Cloud Computing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

   Software-Defined WAN (SD-WAN).. . . . . . . . . . . . . . . . . . . . . . . . . 296

   Securing Email Communications.. . . . . . . . . . . . . . . . . . . . . . . . . . . 296

   Securing Voice and Wireless Communications.. . . . . . . . . . . . . . . . . . 298

   Securing TCP/IP with Cryptographic Solutions.. . . . . . . . . . . . . . . . . 316

   Network Access Control Devices.. . . . . . . . . . . . . . . . . . . . . . . . . . . 321

   Remote Access.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326

   Message Privacy and Multimedia Collaboration.. . . . . . . . . . . . . . . . . 331

   Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

   Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 337

   Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

CHAPTER 6: Identity and Access Management. . . . . . . . . . . . . . . . . . 341

   Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

   Perimeter Physical Control Systems.. . . . . . . . . . . . . . . . . . . . . . . . . 344

   Employee Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

   Identification, Authentication, and Authorization. . . . . . . . . . . . . . . . . 358

   Single Sign-On (SSO).. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

   Authorization and Access Control Techniques. . . . . . . . . . . . . . . . . . . 382

   Centralized and Decentralized Access Control Models. . . . . . . . . . . . . 390

   Audits and Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394

   Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404

   Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 408

   Suggesting Reading and Resources.. . . . . . . . . . . . . . . . . . . . . . . . . . 410

CHAPTER 7: Security Assessment and Testing. . . . . . . . . . . . . . . . . . . 411

   Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412

   Security Assessments and Penetration Test Strategies. . . . . . . . . . . . . . 412

   Test Techniques and Methods.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424

   Security Threats and Vulnerabilities.. . . . . . . . . . . . . . . . . . . . . . . . . 427

   Network Security Threats and Attack Techniques.. . . . . . . . . . . . . . . . 431

   Access Control Threats and Attack Techniques.. . . . . . . . . . . . . . . . . . 438

   Social-Based Threats and Attack Techniques. . . . . . . . . . . . . . . . . . . . 443

   Malicious Software Threats and Attack Techniques.. . . . . . . . . . . . . . . 444

   Investigating Computer Crime.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

   Disaster Recovery and Business Continuity.. . . . . . . . . . . . . . . . . . . . 458

   Investigations.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

   Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461

   Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 464

   Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465

CHAPTER 8: Security Operations... . . . . . . . . . . . . . . . . . . . . . . . . . . 467

   Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468

   Foundational Security Operations Concepts.. . . . . . . . . . . . . . . . . . . . 468

   Resource Protection.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472

   Telecommunication Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477

   System Resilience, Fault Tolerance, and Recovery Controls.. . . . . . . . . 486

   Monitoring and Auditing Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . 487

   Perimeter Security Controls and Risks. . . . . . . . . . . . . . . . . . . . . . . . 493

   Facility Concerns and Requirements.. . . . . . . . . . . . . . . . . . . . . . . . . 495

   Environmental Controls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502

   Electrical Power.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503

   Equipment Lifecycle.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505

   Fire Prevention, Detection, and Suppression. . . . . . . . . . . . . . . . . . . . 505

   Alarm Systems.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509

   Intrusion Detection and Prevention Systems. . . . . . . . . . . . . . . . . . . . 512

   Investigations and Incidents.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513

   Digital Forensics, Tools, Tactics, and Procedures.. . . . . . . . . . . . . . . . . 514

   The Disaster Recovery Lifecycle. . . . . . . . . . . . . . . . . . . . . . . . . . . . 521

   Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549

   Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 555

   Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558

CHAPTER 9: Software Development Security... . . . . . . . . . . . . . . . . . . 559

   Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560

   Integrating Security into the Development Lifecycle.. . . . . . . . . . . . . . 560

   Development Methodologies.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573

   Change Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580

   Database Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582

   Programming Languages, Secure Coding Guidelines, and Standards.. . . 588

   Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599

   Answers to Exam Prep Questions.. . . . . . . . . . . . . . . . . . . . . . . . . . . 603

   Need to Know More?.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605

Practice Exam I.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607

Practice Exam II. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621

Answers to Practice Exam I.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635

Answers to Practice Exam II. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651

Glossary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667



9780137419555, TOC, 6/7/2021


Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program