Atjaunināt sīkdatņu piekrišanu

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle 3rd edition [Mīkstie vāki]

4.69/5 (64 ratings by Goodreads)
, (Lan Wrights, Inc., Austin, Texas), (University of Notre Dame),
  • Formāts: Paperback / softback, height x width x depth: 234x188x71 mm, weight: 2404 g
  • Izdošanas datums: 15-Jul-2021
  • Izdevniecība: Sybex Inc.,U.S.
  • ISBN-10: 1119790026
  • ISBN-13: 9781119790020
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 107,17 €*
  • * Šī grāmata vairs netiek publicēta. Jums tiks paziņota lietotas grāmatas cena
  • Šī grāmata vairs netiek publicēta. Jums tiks paziņota lietotas grāmatas cena.
  • Daudzums:
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle 3rd editionPalielināt
  • Formāts: Paperback / softback, height x width x depth: 234x188x71 mm, weight: 2404 g
  • Izdošanas datums: 15-Jul-2021
  • Izdevniecība: Sybex Inc.,U.S.
  • ISBN-10: 1119790026
  • ISBN-13: 9781119790020
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781119790020.html
Keywords:
Two bestselling CISSP guides in one serious study set

This value-packed packed set for the serious CISSP certification candidate combines the bestselling (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition with an updated and refined collection of Practice Exams to give you the best preparation ever for the high-stakes CISSP Exam.

(ISC)² CISSP Study Guide, 9th Edition has been completely updated for the latest 2021 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes four practice exams each with 125 unique questions to help you identify where you need to study more, more than 1000 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam, a searchable glossary in PDF to give you instant access to the key terms you need to know for the exam. The online features are supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questions.

Add to that the updated (ISC)² CISSP Certified Information Systems Security Professional Official Practice Tests, 3rd edition with 4 more complete 125-question exams and another 100 questions for each of the 8 domains and you'll be as ready as you can be for the CISSP exam.

All of the practice questions from both books have been vetted again for 2021 by multiple CISSPs and instructors, retaining only the best questions from previous editions insuring that the questions you practice with give you the best possible preparation.

Coverage of all of the exam topics in each book means you'll be ready for:





Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management (IAM) Security Assessment and Testing Security Operations Software Development Security
(ISC)2® CISSP® Certified Information Systems Security Professional Official Study Guide
Introduction xxxvii
Assessment Test lix
Chapter 1 Security Governance Through Principles And Policies
1(42)
Security 101
3(1)
Understand and Apply Security Concepts
4(9)
Confidentiality
5(1)
Integrity
6(1)
Availability
7(1)
DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services
7(4)
Protection Mechanisms
11(2)
Security Boundaries
13(1)
Evaluate and Apply Security Governance Principles
14(2)
Third-Party Governance
15(1)
Documentation Review
15(1)
Manage the Security Function
16(7)
Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives
17(2)
Organizational Processes
19(2)
Organizational Roles and Responsibilities
21(1)
Security Control Frameworks
22(1)
Due Diligence and Due Care
23(1)
Security Policy, Standards, Procedures, and Guidelines
23(3)
Security Policies
24(1)
Security Standards, Baselines, and Guidelines
24(1)
Security Procedures
25(1)
Threat Modeling
26(5)
Identifying Threats
26(2)
Determining and Diagramming Potential Attacks
28(1)
Performing Reduction Analysis
28(2)
Prioritization and Response
30(1)
Supply Chain Risk Management
31(2)
Summary
33(1)
Exam Essentials
33(3)
Written Lab
36(1)
Review Questions
37(6)
Chapter 2 Personnel Security And Risk Management Concepts
43(70)
Personnel Security Policies and Procedures
45(10)
Job Descriptions and Responsibilities
45(1)
Candidate Screening and Hiring
46(1)
Onboarding: Employment Agreements and Policies
47(1)
Employee Oversight
48(1)
Offboarding, Transfers, and Termination Processes
49(3)
Vendor, Consultant, and Contractor Agreements and Controls
52(1)
Compliance Policy Requirements
53(1)
Privacy Policy Requirements
54(1)
Understand and Apply Risk Management Concepts
55(26)
Risk Terminology and Concepts
56(2)
Asset Valuation
58(2)
Identify Threats and Vulnerabilities
60(1)
Risk Assessment/Analysis
60(6)
Risk Responses
66(3)
Cost vs. Benefit of Security Controls
69(3)
Countermeasure Selection and Implementation
72(2)
Applicable Types of Controls
74(2)
Security Control Assessment
76(1)
Monitoring and Measurement
76(1)
Risk Reporting and Documentation
77(1)
Continuous Improvement
77(2)
Risk Frameworks
79(2)
Social Engineering
81(15)
Social Engineering Principles
83(2)
Eliciting Information
85(1)
Prepending
85(1)
Phishing
85(2)
Spear Phishing
87(1)
Whaling
87(1)
Smishing
88(1)
Vishing
88(1)
Spam
89(1)
Shoulder Surfing
90(1)
Invoice Scams
90(1)
Hoax
90(1)
Impersonation and Masquerading
91(1)
Tailgating and Piggybacking
91(1)
Dumpster Diving
92(1)
Identity Fraud
93(1)
Typo Squatting
94(1)
Influence Campaigns
94(2)
Establish and Maintain a Security Awareness, Education, and Training Program
96(4)
Awareness
97(1)
Training
97(1)
Education
98(1)
Improvements
98(1)
Effectiveness Evaluation
99(1)
Summary
100(1)
Exam Essentials
101(5)
Written Lab
106(1)
Review Questions
107(6)
Chapter 3 Business Continuity Planning
113(30)
Planning for Business Continuity
114(1)
Project Scope and Planning
115(6)
Organizational Review
116(1)
BCP Team Selection
117(2)
Resource Requirements
119(1)
Legal and Regulatory Requirements
120(1)
Business Impact Analysis
121(7)
Identifying Priorities
122(1)
Risk Identification
123(2)
Likelihood Assessment
125(1)
Impact Analysis
126(2)
Resource Prioritization
128(1)
Continuity Planning
128(3)
Strategy Development
129(1)
Provisions and Processes
129(2)
Plan Approval and Implementation
131(5)
Plan Approval
131(1)
Plan Implementation
132(1)
Training and Education
132(1)
BCP Documentation
132(4)
Summary
136(1)
Exam Essentials
137(1)
Written Lab
138(1)
Review Questions
139(4)
Chapter 4 Laws, Regulations, And Compliance
143(36)
Categories of Laws
144(3)
Criminal Law
144(2)
Civil Law
146(1)
Administrative Law
146(1)
Laws
147(21)
Computer Crime
147(5)
Intellectual Property (IP)
152(6)
Licensing
158(1)
Import/Export
158(2)
Privacy
160(8)
State Privacy Laws
168(1)
Compliance
169(2)
Contracting and Procurement
171(1)
Summary
171(1)
Exam Essentials
172(1)
Written Lab
173(1)
Review Questions
174(5)
Chapter 5 Protecting Security Of Assets
179(40)
Identifying and Classifying Information and Assets
180(8)
Defining Sensitive Data
180(2)
Defining Data Classifications
182(3)
Defining Asset Classifications
185(1)
Understanding Data States
185(1)
Determining Compliance Requirements
186(1)
Determining Data Security Controls
186(2)
Establishing Information and Asset Handling Requirements
188(11)
Data Maintenance
189(1)
Data Loss Prevention
189(1)
Marking Sensitive Data and Assets
190(2)
Handling Sensitive Information and Assets
192(1)
Data Collection Limitation
192(1)
Data Location
193(1)
Storing Sensitive Data
193(1)
Data Destruction
194(3)
Ensuring Appropriate Data and Asset Retention
197(2)
Data Protection Methods
199(5)
Digital Rights Management
199(1)
Cloud Access Security Broker
200(1)
Pseudonymization
200(1)
Tokenization
201(1)
Anonymization
202(2)
Understanding Data Roles
204(4)
Data Owners
204(1)
Asset Owners
205(1)
Business/Mission Owners
206(1)
Data Processors and Data Controllers
206(1)
Data Custodians
207(1)
Administrators
207(1)
Users and Subjects
208(1)
Using Security Baselines
208(3)
Comparing Tailoring and Scoping
209(1)
Standards Selection
210(1)
Summary
211(1)
Exam Essentials
211(2)
Written Lab
213(1)
Review Questions
214(5)
Chapter 6 Cryptography And Symmetric Key Algorithms
219(44)
Cryptographic Foundations
220(18)
Goals of Cryptography
220(3)
Cryptography Concepts
223(1)
Cryptographic Mathematics
224(6)
Ciphers
230(8)
Modern Cryptography
238(6)
Cryptographic Keys
238(1)
Symmetric Key Algorithms
239(2)
Asymmetric Key Algorithms
241(3)
Hashing Algorithms
244(1)
Symmetric Cryptography
244(11)
Cryptographic Modes of Operation
245(2)
Data Encryption Standard
247(1)
Triple DES
247(1)
International Data Encryption Algorithm
248(1)
Blowfish
249(1)
Skipjack
249(1)
Rivest Ciphers
249(1)
Advanced Encryption Standard
250(1)
CAST
250(1)
Comparison of Symmetric Encryption Algorithms
251(1)
Symmetric Key Management
252(3)
Cryptographic Lifecycle
255(1)
Summary
255(1)
Exam Essentials
256(1)
Written Lab
257(1)
Review Questions
258(5)
Chapter 7 Pki And Cryptographic Applications
263(46)
Asymmetric Cryptography
264(7)
Public and Private Keys
264(1)
RSA
265(2)
ElGamal
267(1)
Elliptic Curve
268(1)
Diffie-Hellman Key Exchange
269(1)
Quantum Cryptography
270(1)
Hash Functions
271(4)
SHA
272(1)
MD5
273(1)
RIPEMD
273(1)
Comparison of Hash Algorithm Value Lengths
274(1)
Digital Signatures
275(2)
HMAC
276(1)
Digital Signature Standard
277(1)
Public Key Infrastructure
277(7)
Certificates
278(1)
Certificate Authorities
279(1)
Certificate Lifecycle
280(3)
Certificate Formats
283(1)
Asymmetric Key Management
284(1)
Hybrid Cryptography
285(1)
Applied Cryptography
285(12)
Portable Devices
285(1)
Email
286(4)
Web Applications
290(2)
Steganography and Watermarking
292(2)
Networking
294(1)
Emerging Applications
295(2)
Cryptographic Attacks
297(4)
Summary
301(1)
Exam Essentials
302(1)
Written Lab
303(1)
Review Questions
304(5)
Chapter 8 Principles Of Security Models, Design, And Capabilities
309(44)
Secure Design Principles
310(10)
Objects and Subjects
311(1)
Closed and Open Systems
312(2)
Secure Defaults
314(1)
Fail Securely
314(2)
Keep It Simple
316(1)
Zero Trust
317(2)
Privacy by Design
319(1)
Trust but Verify
319(1)
Techniques for Ensuring CIA
320(2)
Confinement
320(1)
Bounds
320(1)
Isolation
321(1)
Access Controls
321(1)
Trust and Assurance
321(1)
Understand the Fundamental Concepts of Security Models
322(15)
Trusted Computing Base
323(2)
State Machine Model
325(1)
Information Flow Model
325(1)
Noninterference Model
326(1)
Take-Grant Model
326(1)
Access Control Matrix
327(1)
Bell-LaPadula Model
328(2)
Biba Model
330(3)
Clark-Wilson Model
333(1)
Brewer and Nash Model
334(1)
Goguen-Meseguer Model
335(1)
Sutherland Model
335(1)
Graham-Denning Model
335(1)
Harrison-Ruzzo-Ullman Model
336(1)
Select Controls Based on Systems Security Requirements
337(4)
Common Criteria
337(3)
Authorization to Operate
340(1)
Understand Security Capabilities of Information Systems
341(2)
Memory Protection
341(1)
Virtualization
342(1)
Trusted Platform Module
342(1)
Interfaces
343(1)
Fault Tolerance
343(1)
Encryption/Decryption
343(1)
Summary
343(1)
Exam Essentials
344(3)
Written Lab
347(1)
Review Questions
348(5)
Chapter 9 Security Vulnerabilities, Threats, And Countermeasures
353(94)
Shared Responsibility
354(1)
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
355(17)
Hardware
356(14)
Firmware
370(2)
Client-Based Systems
372(3)
Mobile Code
372(3)
Local Caches
375(1)
Server-Based Systems
375(3)
Large-Scale Parallel Data Systems
376(1)
Grid Computing
377(1)
Peer to Peer
378(1)
Industrial Control Systems
378(2)
Distributed Systems
380(2)
High-Performance Computing (HPC) Systems
382(1)
Internet of Things
383(2)
Edge and Fog Computing
385(1)
Embedded Devices and Cyber-Physical Systems
386(7)
Static Systems
387(1)
Network-Enabled Devices
388(1)
Cyber-Physical Systems
389(1)
Elements Related to Embedded and Static Systems
389(1)
Security Concerns of Embedded and Static Systems
390(3)
Specialized Devices
393(1)
Microservices
394(1)
Infrastructure as Code
395(2)
Virtualized Systems
397(8)
Virtual Software
399(1)
Virtualized Networking
400(1)
Software-Defined Everything
400(3)
Virtualization Security Management
403(2)
Containerization
405(1)
Serverless Architecture
406(1)
Mobile Devices
406(20)
Mobile Device Security Features
408(12)
Mobile Device Deployment Policies
420(6)
Essential Security Protection Mechanisms
426(2)
Process Isolation
426(1)
Hardware Segmentation
427(1)
System Security Policy
427(1)
Common Security Architecture Flaws and Issues
428(4)
Covert Channels
428(2)
Attacks Based on Design or Coding Flaws
430(1)
Rootkits
431(1)
Incremental Attacks
431(1)
Summary
432(1)
Exam Essentials
433(7)
Written Lab
440(1)
Review Questions
441(6)
Chapter 10 Physical Security Requirements
447(48)
Apply Security Principles to Site and Facility Design
448(4)
Secure Facility Plan
448(1)
Site Selection
449(1)
Facility Design
450(2)
Implement Site and Facility Security Controls
452(24)
Equipment Failure
453(1)
Wiring Closets
454(1)
Server Rooms/Data Centers
455(3)
Intrusion Detection Systems
458(2)
Cameras
460(2)
Access Abuses
462(1)
Media Storage Facilities
462(1)
Evidence Storage
463(1)
Restricted and Work Area Security
464(1)
Utility Considerations
465(5)
Fire Prevention, Detection, and Suppression
470(6)
Implement and Manage Physical Security
476(8)
Perimeter Security Controls
477(4)
Internal Security Controls
481(2)
Key Performance Indicators of Physical Security
483(1)
Summary
484(1)
Exam Essentials
485(3)
Written Lab
488(1)
Review Questions
489(6)
Chapter 11 Secure Network Architecture And Components
495(86)
OSI Model
497(7)
History of the OSI Model
497(1)
OSI Functionality
498(1)
Encapsulation/Deencapsulation
498(2)
OSI Layers
500(4)
TCP/IP Model
504(1)
Analyzing Network Traffic
505(1)
Common Application Layer Protocols
506(2)
Transport Layer Protocols
508(1)
Domain Name System
509(7)
DNS Poisoning
511(3)
Domain Hijacking
514(2)
Internet Protocol (IP) Networking
516(3)
IPv4 vs. IPv6
516(1)
IP Classes
517(2)
ICMP
519(1)
IGMP
519(1)
ARP Concerns
519(2)
Secure Communication Protocols
521(1)
Implications of Multilayer Protocols
522(4)
Converged Protocols
523(1)
Voice over Internet Protocol (VoIP)
524(1)
Software-Defined Networking
525(1)
Microsegmentation
526(1)
Wireless Networks
527(16)
Securing the SSID
529(1)
Wireless Channels
529(1)
Conducting a Site Survey
530(1)
Wireless Security
531(2)
Wi-Fi Protected Setup (WPS)
533(1)
Wireless MAC Filter
534(1)
Wireless Antenna Management
534(1)
Using Captive Portals
535(1)
General Wi-Fi Security Procedure
535(1)
Wireless Communications
536(3)
Wireless Attacks
539(4)
Other Communication Protocols
543(1)
Cellular Networks
544(1)
Content Distribution Networks (CDNs)
545(1)
Secure Network Components
545(24)
Secure Operation of Hardware
546(1)
Common Network Equipment
547(2)
Network Access Control
549(1)
Firewalls
550(6)
Endpoint Security
556(3)
Cabling, Topology, and Transmission Media Technology
559(1)
Transmission Media
559(4)
Network Topologies
563(2)
Ethernet
565(1)
Sub-Technologies
566(3)
Summary
569(1)
Exam Essentials
570(4)
Written Lab
574(1)
Review Questions
575(6)
Chapter 12 Secure Communications And Network Attacks
581(56)
Protocol Security Mechanisms
582(4)
Authentication Protocols
582(3)
Port Security
585(1)
Quality of Service (QoS)
585(1)
Secure Voice Communications
586(4)
Public Switched Telephone Network
586(1)
Voice over Internet Protocol (VoIP)
586(2)
Vishing and Phreaking
588(1)
PBX Fraud and Abuse
589(1)
Remote Access Security Management
590(3)
Remote Access and Telecommuting Techniques
591(1)
Remote Connection Security
591(1)
Plan a Remote Access Security Policy
592(1)
Multimedia Collaboration
593(2)
Remote Meeting
593(1)
Instant Messaging and Chat
594(1)
Load Balancing
595(1)
Virtual IPs and Load Persistence
596(1)
Active-Active vs. Active-Passive
596(1)
Manage Email Security
596(6)
Email Security Goals
597(2)
Understand Email Security Issues
599(1)
Email Security Solutions
599(3)
Virtual Private Network
602(8)
Tunneling
603(1)
How VPNs Work
604(2)
Always-On
606(1)
Split Tunnel vs. Full Tunnel
607(1)
Common VPN Protocols
607(3)
Switching and Virtual LANs
610(4)
Network Address Translation
614(4)
Private IP Addresses
616(1)
StatefulNAT
617(1)
Automatic Private IP Addressing
617(1)
Third-Party Connectivity
618(2)
Switching Technologies
620(2)
Circuit Switching
620(1)
Packet Switching
620(1)
Virtual Circuits
621(1)
WAN Technologies
622(2)
Fiber-Optic Links
624(1)
Security Control Characteristics
624(1)
Transparency
625(1)
Transmission Management Mechanisms
625(1)
Prevent or Mitigate Network Attacks
625(1)
Eavesdropping
626(1)
Modification Attacks
626(1)
Summary
626(2)
Exam Essentials
628(2)
Written Lab
630(1)
Review Questions
631(6)
Chapter 13 Managing Identity And Authentication
637(40)
Controlling Access to Assets
639(2)
Controlling Physical and Logical Access
640(1)
The CIA Triad and Access Controls
640(1)
Managing Identification and Authentication
641(18)
Comparing Subjects and Objects
642(1)
Registration, Proofing, and Establishment of Identity
643(1)
Authorization and Accountability
644(1)
Authentication Factors Overview
645(2)
Something You Know
647(3)
Something You Have
650(1)
Something You Are
651(4)
Multifactor Authentication (MFA)
655(1)
Two-Factor Authentication with Authenticator Apps
655(1)
Passwordless Authentication
656(1)
Device Authentication
657(1)
Service Authentication
658(1)
Mutual Authentication
659(1)
Implementing Identity Management
659(5)
Single Sign-On
659(1)
SSO and Federated Identities
660(2)
Credential Management Systems
662(1)
Credential Manager Apps
663(1)
Scripted Access
663(1)
Session Management
663(1)
Managing the Identity and Access Provisioning Lifecycle
664(4)
Provisioning and Onboarding
665(1)
Deprovisioning and Offboarding
666(1)
Defining New Roles
667(1)
Account Maintenance
667(1)
Account Access Review
667(1)
Summary
668(1)
Exam Essentials
669(2)
Written Lab
671(1)
Review Questions
672(5)
Chapter 14 Controlling And Monitoring Access
677(46)
Comparing Access Control Models
678(12)
Comparing Permissions, Rights, and Privileges
678(1)
Understanding Authorization Mechanisms
679(2)
Defining Requirements with a Security Policy
681(1)
Introducing Access Control Models
681(1)
Discretionary Access Control
682(1)
Nondiscretionary Access Control
683(7)
Implementing Authentication Systems
690(9)
Implementing SSO on the Internet
691(3)
Implementing SSO on Internal Networks
694(5)
Understanding Access Control Attacks
699(15)
Risk Elements
700(1)
Common Access Control Attacks
700(13)
Core Protection Methods
713(1)
Summary
714(1)
Exam Essentials
715(2)
Written Lab
717(1)
Review Questions
718(5)
Chapter 15 Security Assessment And Testing
723(40)
Building a Security Assessment and Testing Program
725(6)
Security Testing
725(1)
Security Assessments
726(1)
Security Audits
727(4)
Performing Vulnerability Assessments
731(15)
Describing Vulnerabilities
731(1)
Vulnerability Scans
732(10)
Penetration Testing
742(3)
Compliance Checks
745(1)
Testing Your Software
746(7)
Code Review and Testing
746(5)
Interface Testing
751(1)
Misuse Case Testing
751(1)
Test Coverage Analysis
752(1)
Website Monitoring
752(1)
Implementing Security Management Processes
753(3)
Log Reviews
753(1)
Account Management
754(1)
Disaster Recovery and Business Continuity
754(1)
Training and Awareness
755(1)
Key Performance and Risk Indicators
755(1)
Summary
756(1)
Exam Essentials
756(2)
Written Lab
758(1)
Review Questions
759(4)
Chapter 16 Managing Security Operations
763(38)
Apply Foundational Security Operations Concepts
765(6)
Need to Know and Least Privilege
765(2)
Separation of Duties (SoD) and Responsibilities
767(1)
Two-Person Control
768(1)
Job Rotation
768(1)
Mandatory Vacations
768(1)
Privileged Account Management
769(2)
Service Level Agreements (SLAs)
771(1)
Addressing Personnel Safety and Security
771(2)
Duress
771(1)
Travel
772(1)
Emergency Management
773(1)
Security Training and Awareness
773(1)
Provision Resources Securely
773(3)
Information and Asset Ownership
774(1)
Asset Management
774(2)
Apply Resource Protection
776(3)
Media Management
776(1)
Media Protection Techniques
776(3)
Managed Services in the Cloud
779(3)
Shared Responsibility with Cloud Service Models
780(2)
Scalability and Elasticity
782(1)
Perform Configuration Management (CM)
782(3)
Provisioning
783(1)
Baselining
783(1)
Using Images for Baselining
783(1)
Automation
784(1)
Managing Change
785(4)
Change Management
787(1)
Versioning
788(1)
Configuration Documentation
788(1)
Managing Patches and Reducing Vulnerabilities
789(4)
Systems to Manage
789(1)
Patch Management
789(2)
Vulnerability Management
791(1)
Vulnerability Scans
792(1)
Common Vulnerabilities and Exposures
792(1)
Summary
793(1)
Exam Essentials
794(2)
Written Lab
796(1)
Review Questions
797(4)
Chapter 17 Preventing And Responding To Incidents
801(60)
Conducting Incident Management
803(7)
Defining an Incident
803(1)
Incident Management Steps
804(6)
Implementing Detective and Preventive Measures
810(24)
Basic Preventive Measures
810(1)
Understanding Attacks
811(9)
Intrusion Detection and Prevention Systems
820(8)
Specific Preventive Measures
828(6)
Logging and Monitoring
834(11)
Logging Techniques
834(3)
The Role of Monitoring
837(3)
Monitoring Techniques
840(4)
Log Management
844(1)
Egress Monitoring
844(1)
Automating Incident Response
845(6)
Understanding SOAR
845(1)
Machine Learning and AI Tools
846(1)
Threat Intelligence
847(3)
The Intersection of SOAR, Machine Learning, AI, and Threat Feeds
850(1)
Summary
851(1)
Exam Essentials
852(3)
Written Lab
855(1)
Review Questions
856(5)
Chapter 18 Disaster Recovery Planning
861(48)
The Nature of Disaster
863(12)
Natural Disasters
864(5)
Human-Made Disasters
869(6)
Understand System Resilience, High Availability, and Fault Tolerance
875(5)
Protecting Hard Drives
875(2)
Protecting Servers
877(1)
Protecting Power Sources
878(1)
Trusted Recovery
879(1)
Quality of Service
880(1)
Recovery Strategy
880(10)
Business Unit and Functional Priorities
881(1)
Crisis Management
882(1)
Emergency Communications
882(1)
Workgroup Recovery
883(1)
Alternate Processing Sites
883(5)
Database Recovery
888(2)
Recovery Plan Development
890(8)
Emergency Response
891(1)
Personnel and Communications
891(1)
Assessment
892(1)
Backups and Off-site Storage
892(4)
Software Escrow Arrangements
896(1)
Utilities
897(1)
Logistics and Supplies
897(1)
Recovery vs. Restoration
897(1)
Training, Awareness, and Documentation
898(1)
Testing and Maintenance
899(3)
Read-Through Test
899(1)
Structured Walk-Through
900(1)
Simulation Test
900(1)
Parallel Test
900(1)
Full-Interruption Test
900(1)
Lessons Learned
901(1)
Maintenance
901(1)
Summary
902(1)
Exam Essentials
902(1)
Written Lab
903(1)
Review Questions
904(5)
Chapter 19 Investigations And Ethics
909(32)
Investigations
910(13)
Investigation Types
910(3)
Evidence
913(6)
Investigation Process
919(4)
Major Categories of Computer Crime
923(6)
Military and Intelligence Attacks
924(1)
Business Attacks
925(1)
Financial Attacks
926(1)
Terrorist Attacks
926(1)
Grudge Attacks
927(1)
Thrill Attacks
928(1)
Hacktivists
928(1)
Ethics
929(4)
Organizational Code of Ethics
929(1)
(ISC)2 Code of Ethics
930(1)
Ethics and the Internet
931(2)
Summary
933(1)
Exam Essentials
934(1)
Written Lab
935(1)
Review Questions
936(5)
Chapter 20 Software Development Security
941(52)
Introducing Systems Development Controls
943(30)
Software Development
943(9)
Systems Development Lifecycle
952(3)
Lifecycle Models
955(9)
Gantt Charts and PERT
964(1)
Change and Configuration Management
964(2)
The DevOps Approach
966(1)
Application Programming Interfaces
967(2)
Software Testing
969(1)
Code Repositories
970(1)
Service-Level Agreements
971(1)
Third-Party Software Acquisition
972(1)
Establishing Databases and Data Warehousing
973(10)
Database Management System Architecture
973(4)
Database Transactions
977(1)
Security for Multilevel Databases
978(4)
Open Database Connectivity
982(1)
NoSQL
982(1)
Storage Threats
983(1)
Understanding Knowledge-Based Systems
984(3)
Expert Systems
984(1)
Machine Learning
985(1)
Neural Networks
986(1)
Summary
987(1)
Exam Essentials
987(1)
Written Lab
988(1)
Review Questions
989(4)
Chapter 21 Malicious Code And Application Attacks
993(48)
Malware
994(12)
Sources of Malicious Code
995(1)
Viruses
995(4)
Logic Bombs
999(1)
Trojan Horses
1000(1)
Worms
1001(3)
Spyware and Adware
1004(1)
Ransomware
1004(1)
Malicious Scripts
1005(1)
Zero-Day Attacks
1006(1)
Malware Prevention
1006(3)
Platforms Vulnerable to Malware
1007(1)
Antimalware Software
1007(1)
Integrity Monitoring
1008(1)
Advanced Threat Protection
1008(1)
Application Attacks
1009(3)
Buffer Overflows
1009(1)
Time of Check to Time of Use
1010(1)
Backdoors
1011(1)
Privilege Escalation and Rootkits
1011(1)
Injection Vulnerabilities
1012(5)
SQL Injection Attacks
1012(4)
Code Inj ection Attacks
1016(1)
Command Injection Attacks
1016(1)
Exploiting Authorization Vulnerabilities
1017(3)
Insecure Direct Object References
1018(1)
Directory Traversal
1018(2)
File Inclusion
1020(1)
Exploiting Web Application Vulnerabilities
1020(5)
Cross-Site Scripting (XSS)
1021(2)
Request Forgery
1023(1)
Session Hijacking
1024(1)
Application Security Controls
1025(6)
Input Validation
1025(2)
Web Application Firewalls
1027(1)
Database Security
1028(1)
Code Security
1029(2)
Secure Coding Practices
1031(4)
Source Code Comments
1031(1)
Error Handling
1032(1)
Hard-Coded Credentials
1033(1)
Memory Management
1034(1)
Summary
1035(1)
Exam Essentials
1035(1)
Written Lab
1036(1)
Review Questions
1037(4)
Appendix A Answers to Review Questions
1041(58)
Chapter 1 Security Governance Through Principles And Policies
1042(3)
Chapter 2 Personnel Security And Risk Management Concepts
1045(4)
Chapter 3 Business Continuity Planning
1049(2)
Chapter 4 Laws, Regulations, And Compliance
1051(2)
Chapter 5 Protecting Security Of Assets
1053(3)
Chapter 6 Cryptography And Symmetric Key Algorithms
1056(2)
Chapter 7 Pki And Cryptographic Applications
1058(2)
Chapter 8 Principles Of Security Models, Design, And Capabilities
1060(2)
Chapter 9 Security Vulnerabilities, Threats, And Countermeasures
1062(5)
Chapter 10 Physical Security Requirements
1067(4)
Chapter 11 Secure Network Architecture And Components
1071(4)
Chapter 12 Secure Communications And Network Attacks
1075(3)
Chapter 13 Managing Identity And Authentication
1078(2)
Chapter 14 Controlling And Monitoring Access
1080(2)
Chapter 15 Security Assessment And Testing
1082(2)
Chapter 16 Managing Security Operations
1084(2)
Chapter 17 Preventing And Responding To Incidents
1086(3)
Chapter 18 Disaster Recovery Planning
1089(2)
Chapter 19 Investigations And Ethics
1091(2)
Chapter 20 Software Development Security
1093(2)
Chapter 21 Malicious Code And Application Attacks
1095(4)
Appendix B Answers to Written Labs
1099(1)
Chapter 1 Security Governance Through Principles And Policies
1100(1)
Chapter 2 Personnel Security And Risk Management Concepts
1100(1)
Chapter 3 Business Continuity Planning
1101(1)
Chapter 4 Laws, Regulations, And Compliance
1102(1)
Chapter 5 Protecting Security Of Assets
1102(1)
Chapter 6 Cryptography And Symmetric Key Algorithms
1103(1)
Chapter 7 Pki And Cryptographic Applications
1104(1)
Chapter 8 Principles Of Security Models, Design, And Capabilities
1104(1)
Chapter 9 Security Vulnerabilities, Threats, And Countermeasures
1105(1)
Chapter 10 Physical Security Requirements
1106(2)
Chapter 11 Secure Network Architecture And Components
1108(1)
Chapter 12 Secure Communications And Network Attacks
1109(1)
Chapter 13 Managing Identity And Authentication
1110(1)
Chapter 14 Controlling And Monitoring Access
1111(1)
Chapter 15 Security Assessment And Testing
1111(1)
Chapter 16 Managing Security Operations
1112(1)
Chapter 17 Preventing And Responding To Incidents
1113(1)
Chapter 18 Disaster Recovery Planning
1113(1)
Chapter 19 Investigations And Ethics
1114(1)
Chapter 20 Software Development Security
1114(1)
Chapter 21 Malicious Code And Application Attacks
1115(2)
Index 1117
(ISC)2® CISSP® Certified Information Systems Security Professional Official Practice Tests
Security and Risk Management (Domain 1) 1(24)
Asset Security (Domain 2) 25(24)
Security Architecture and Engineering (Domain 3) 49(24)
Communication and Network Security (Domain 4) 73(24)
Identity and Access Management (Domain 5) 97(24)
Security Assessment and Testing (Domain 6) 121(24)
Security Operations (Domain 7) 145(24)
Software Development Security (Domain 8) 169(26)
Practice Test 1 195(30)
Practice Test 2 225(28)
Practice Test 3 253(30)
Practice Test 4 283(28)
Answers 311(1)
Chapter 1 Security And Risk Management (Domain 1)
312(9)
Chapter 2 Asset Security (Domain 2)
321(12)
Chapter 3 Security Architecture And Engineering (Domain 3)
333(9)
Chapter 4 Communication And Network Security (Domain 4)
342(11)
Chapter 5 Identity And Access Management (Domain 5)
353(12)
Chapter 6 Security Assessment And Testing (Domain 6)
365(12)
Chapter 7 Security Operations (Domain 7)
377(12)
Chapter 8 Software Development Security (Domain 8)
389(11)
Chapter 9 Practice Test 1
400(14)
Chapter 10 Practice Test 2
414(14)
Chapter 11 Practice Test 3
428(13)
Chapter 12 Practice Test 4
441
Mike Chapple, Ph.D., CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame. Mike spent four years in the information security research group at NSA and served as an intelligence officer in the U.S. Air Force. Mike provides cybersecurity certification resources at his website, CertMike.com.

James Michael Stewart, CISSP, CEH, CHFI, and Security+ has been working with technology for nearly thirty years. His work focuses on security, certification, and various operating systems. Recently, Michael has been teaching job skill and certification courses, such as CISSP, ethical hacking/penetration testing, computer forensics, and Security+. He is the author of numerous publications, books, and courseware.

Darril Gibson, CISSP, is the CEO of YCDA, LLC and regularly writes and consults on a wide variety of technical and security topics and holds numerous other certifications including MCSE, MCDBA, MCSD, MCITP, ITIL v3, and Security+. He has authored or coauthored more than 30 books.

David Seidl, CySA+, CISSP, PenTest+, is Vice President for Information Technology and CIO at Miami University. David previously co-led Notre Dame's move to the cloud, and has written multiple cybersecurity certification books.